From f2fd0fda9a461d59a7072f356a410a55d1b25ce2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 Nov 2023 02:33:15 -0500 Subject: [PATCH 001/380] pbx/defaults/main.yml: Try Asterisk 21 and FreePBX 17 --- roles/pbx/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 2cc6eece6..f7173c2b3 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,13 +26,13 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-20-current.tar.gz +asterisk_src_file: asterisk-21-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From aba3cde8e46dc605f5f73834e3f1205f939bc586 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 31 Dec 2023 22:56:48 -0500 Subject: [PATCH 002/380] default_vars.yml: Launch 8.2 release cycle --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3654e2eee..ff422e820 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.1 +iiab_base_ver: 8.2 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From ebf35d9680a633f4ddc39962b4aedef12e5859ad Mon Sep 17 00:00:00 2001 From: root Date: Sun, 31 Dec 2023 23:37:51 -0500 Subject: [PATCH 003/380] Calibre-Web w/ experimental support for video/audio/images --- roles/calibre-web/README.rst | 6 +++--- roles/calibre-web/defaults/main.yml | 2 +- roles/calibre-web/tasks/install.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 807eba1b8..a31e0b5ff 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,9 +25,9 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! -**NEW AS OF DECEMBER 2023: If you install** `IIAB's new version of Calibre-Web `_ -**then you can also add YouTube and Vimeo videos (ETC) to your community or -family's learning library!** +**NEW AS OF JANUARY 2024: `IIAB's experimental new version of Calibre-Web `_ +**also lets you add YouTube and Vimeo videos (and local videos, e.g. from +teachers' phones) for indigenous/local/family learning libraries!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index d4b2765a4..3e99725a9 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -14,7 +14,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -calibreweb_repo_url: https://github.com/janeczku/calibre-web +calibreweb_repo_url: https://github.com/iiab/calibre-web # Or use upstream: https://github.com/janeczku/calibre-web calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9 calibreweb_venv_wipe: False # 2023-12-04: NEW default TDD (Test-Driven Dev!) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 75474a33c..51968b469 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -58,7 +58,7 @@ - name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: - repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web + repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" force: yes #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing From 7887e4f8cb9ceb575b4ef16bc7698f8dd4224e42 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 31 Dec 2023 23:57:58 -0500 Subject: [PATCH 004/380] Touch up calibre-web/README.rst --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index a31e0b5ff..42162c818 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -25,9 +25,9 @@ download e-books using a Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf" collections — to help students build the best local community library! -**NEW AS OF JANUARY 2024: `IIAB's experimental new version of Calibre-Web `_ +**NEW AS OF JANUARY 2024:** `IIAB's experimental new version of Calibre-Web `_ **also lets you add YouTube and Vimeo videos (and local videos, e.g. from -teachers' phones) for indigenous/local/family learning libraries!** +teachers' phones) to expand your indigenous/local/family learning library!** .. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg From 71220324f3b1e1947b82bac00e67f2dd6d2f2efa Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 Jan 2024 13:09:15 -0500 Subject: [PATCH 005/380] default_vars.yml: Install/enable Calibre-Web --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ff422e820..a2d202156 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -654,8 +654,8 @@ minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }} minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) From 0cbbd09db8bd2d80e5f54621fa6d432982cc56aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 1 Jan 2024 13:09:56 -0500 Subject: [PATCH 006/380] local_vars_small.yml: Install/enable Calibre-Web --- vars/local_vars_small.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88c2c2a89..c55fb4cc7 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -393,8 +393,8 @@ minetest_install: False minetest_enabled: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) From 40c2c71f521d431d395a84cfe2ada2abaf45a2c2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Jan 2024 23:23:15 -0500 Subject: [PATCH 007/380] calibre-web/tasks/install.yml: lb-wrapper.greedy gone! --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 51968b469..6a960b1b0 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -76,8 +76,8 @@ ln -sf /root/.local/bin/lb /usr/local/bin/lb ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp fi - cp {{ calibreweb_venv_path }}/scripts/lb-wrapper {{ calibreweb_venv_path }}/scripts/lb-wrapper.greedy /usr/local/bin/ - chmod a+x /usr/local/bin/lb-wrapper /usr/local/bin/lb-wrapper.greedy + cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ + chmod a+x /usr/local/bin/lb-wrapper fi - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }} From cc9d791f6caa2c6b65e35ff6673035c1acb41fd0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Jan 2024 23:30:05 -0500 Subject: [PATCH 008/380] calibre-web/tasks/install.yml: Link to wiki explanation --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6a960b1b0..4a68ae34f 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,7 +65,7 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs (CAN TAKE 3+ MINUTES, WIP) +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y From 9570f8d117139d42d9cf40be2ac3240909c0bb97 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Jan 2024 23:38:21 -0500 Subject: [PATCH 009/380] calibre-web/tasks/install.yml: Clarify wiki for PR #3696 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 4a68ae34f..5f055d3e7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -65,7 +65,7 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 when: not calibreweb_venv.stat.exists -- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- https://github.com/iiab/calibre-web/wiki +- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y From 1c432530620d35df300ea41e76017b67292dee79 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jan 2024 14:20:40 -0500 Subject: [PATCH 010/380] iiab-diagnostics: Show Calibre-Web "version" i.e. ~50 recent commits --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index adbaa73ea..dc758a42a 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -228,6 +228,7 @@ cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' +cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From fea5f9ccba3a79f00a8e2035fbfa877ac5fec77a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jan 2024 14:31:32 -0500 Subject: [PATCH 011/380] iiab-diagnostics: Add 3 more "log files" for Calibre-Web --- scripts/iiab-diagnostics | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index dc758a42a..d499f541a 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,9 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'journalctl -u calibre-web | tail -50' 'Calibre-Web systemd log' +cat_tail /var/log/calibre-web.log 100 +cat_tail /var/log/xklb.log 100 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From bed26162cf2b2531ad7c19616cd79fd4329dff42 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jan 2024 14:37:00 -0500 Subject: [PATCH 012/380] iiab-diagnostics: Also include 'systemctl status calibre-web' --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d499f541a..f1a9881f1 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,7 +229,8 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' -cat_cmd 'journalctl -u calibre-web | tail -50' 'Calibre-Web systemd log' +cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' +cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 cat_tail /var/log/xklb.log 100 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' From d932684a115671147408e0f1f6bf4c9f54f2d382 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jan 2024 18:12:15 -0500 Subject: [PATCH 013/380] iiab-diagnostics.README.md: Fix line number for PR #3697 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 7216e8feb..e2b0aef85 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-249 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-254 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 5a443993000371a9dea05479cfd91689f7f69c81 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Jan 2024 12:23:57 -0500 Subject: [PATCH 014/380] Update pbx/README.adoc w/ latest FreePBX 17 BETA tips / warning --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index a69906f01..d4f831847 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,9 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of December 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) — sadly this remains true in December 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 4ae5991cb3c36398c655469a2f4730b86d739193 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 13 Jan 2024 12:36:02 -0500 Subject: [PATCH 015/380] pbx/README.adoc: WARN re: PHP 7 danger & unsupported/old OS's --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index d4f831847..41d57eb96 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -6,7 +6,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://aste As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. -*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).* +*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From 524709f31a37574917c0c7f1139237e8b84238b9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 14 Jan 2024 23:55:38 -0500 Subject: [PATCH 016/380] iiab-diagnostics: 300 last lines of xklb.log for now --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f1a9881f1..2c11b25d2 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -232,7 +232,7 @@ cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | h cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 -cat_tail /var/log/xklb.log 100 +cat_tail /var/log/xklb.log 300 cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? From 595de4e7f235ecd1f2b22aa94d33e986b5c4077f Mon Sep 17 00:00:00 2001 From: root Date: Thu, 18 Jan 2024 22:35:58 -0500 Subject: [PATCH 017/380] Update (almost 10!) Calibre-Web app.db defaults --- roles/calibre-web/files/app.db | Bin 126976 -> 126976 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/roles/calibre-web/files/app.db b/roles/calibre-web/files/app.db index 01c0f038338a22ada9d7caaceb4b65880e84d183..3183544da1e04b9e5cb998dcbc2ea954dbfc8e9e 100644 GIT binary patch delta 659 zcmZ{g!Hd&S5QpC+scqc0uSHPA6>G)ILc+_-%WGZ{c7rF+)#IW`HeriN8*GsUS-L?y zc(a1`DtqwaDeED4T2CH5>|N=9V7ev7lpCQRm|hq%em5A6 zTfN;N3R{#C$~0nVhG-GmHF%d8x?m>ntadtGX6u{^L1_$2UFElqo5Z?r`JTosv+#Ld zpb28z8ez=mgn7cU{C|ALiqGmYu5&>m@38@8imMILvFqqkv3PuH|be5r(P6@Y#aUGV7>XiP* zH2?gp)1|by!R`?2D1lZE1WH6HqgpvjPpi_i$FuV>TmvcJh@k;8e3kQC1NaP5eUYUR z&i5wpoUGw}B-L|N&v7qH-_>b)8Jg(Qrj*{PHRTJnqM8+FC+-hMVG4v@>LiNw}RO1M^cfcyq!bi7cVWOMF0Q* delta 195 zcmZp8z~1nHeS$Qj$3z)tRu2Zfq6HgM7UXYcY50@BXoA3|4=e&e_Fw(&j0TLX1}q#5 zyc`=F|M4)jmQLr)Wt3-R+^(6+D8R_X#IW5akMSJi#>PDU?G^Qmod(;a Date: Sat, 20 Jan 2024 13:45:17 -0500 Subject: [PATCH 018/380] iiab-diagnostics: Pipe everything thru 'cat -v' so control chars visible --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 2c11b25d2..4a56837e5 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -49,11 +49,11 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail elif [ $# -eq 1 ]; then echo >> $outfile # Redact (mask) most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/*, /etc/NetworkManager/system-connections/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') - cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' "$1" | iconv -t UTF-8//IGNORE | cat -v >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile - tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE | cat -v >> $outfile fi echo >> $outfile elif [ -h "$1" ]; then From bd340aa6735af1054c6e3b47b4288a19508e29a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 20 Jan 2024 14:53:24 -0500 Subject: [PATCH 019/380] iiab-diagnostics: sudo git log for Calibre-Web version --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 4a56837e5..0b979fcd3 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -228,7 +228,7 @@ cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' -cat_cmd 'cd /usr/local/calibre-web-py3; git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorate | head -50' 'Calibre-Web version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 From 961acf9454c77165d19303819528c96494ab1364 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Sun, 21 Jan 2024 10:46:33 -0500 Subject: [PATCH 020/380] another auto install of a pet project --- vars/local_vars_none.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 871068689..6b3876fe8 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -11,3 +11,5 @@ awstats_enabled: False matomo_install: False matomo_enabled: False captiveportal_install: False +calibreweb_install: False +calibreweb_enabled: False From 6776c1d4a56da74766fdebf6332e1f9173a421d3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 29 Jan 2024 15:57:24 -0500 Subject: [PATCH 021/380] Recommend ansible-core 2.16.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0a268c480..3ef87dddd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.2] -GOOD_VER=2.16.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.3] +GOOD_VER=2.16.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From a852541ad4400322b7a984957347013a1033fa6e Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 9 Feb 2024 08:48:23 -0500 Subject: [PATCH 022/380] 1-prep/tasks/hardware.yml: Comment out "NUC6" WiFi driver --- roles/1-prep/tasks/hardware.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 89efd2453..52ef34a97 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -7,17 +7,18 @@ when: first_run and rpi_model != "none" -- name: Check if the identifier for Intel's NUC6 built-in WiFi is present - shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" - register: usb_NUC6 - ignore_errors: True - -- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 - get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages - dest: /lib/firmware - timeout: "{{ download_timeout }}" - when: usb_NUC6.stdout|int > 0 +# 2024-02-09: Code below appears stale for Shanti's #3707 hardware +#- name: Check if the identifier for Intel's NUC6 built-in WiFi is present +# shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" +# register: usb_NUC6 +# ignore_errors: True +# +#- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 +# get_url: +# url: "{{ iiab_download_url }}/Old/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages +# dest: /lib/firmware +# timeout: "{{ download_timeout }}" +# when: usb_NUC6.stdout|int > 0 - name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5" From 3455b6b848a951c82aee4b072c197aa437424db1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 20 Feb 2024 16:48:30 -0500 Subject: [PATCH 023/380] kolibri/tasks/main.yml: New pre-release option (kolibri-deb-next) --- roles/kolibri/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index d1529fb60..9d0f786af 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,8 +26,10 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL +# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 +# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next # 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release: # https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb # From efc9705b1ab10ab217cb6eebbbd36cb4cc2cfb13 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 16:19:27 -0500 Subject: [PATCH 024/380] 2 ugly hacks for FreePBX 17: ignore 'install -n' error code & bypass 'fwconsole reload' --- roles/pbx/tasks/freepbx.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 8ca2cd83f..6564a26fe 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -256,15 +256,17 @@ args: chdir: "{{ freepbx_src_dir }}" #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx + ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 of 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 - name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) command: fwconsole ma downloadinstall framework -# ERROR IF RUN BELOW: "Unable to connect to remote asterisk" -- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 - command: fwconsole reload +# 2024-02-25: UGLY / TEMPORARY WORKAROUND #2 OF 2, to bypass... 'In DialplanHooks.class.php line 163: Undefined array key "DialplanHooks"' -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 +## ERROR IF RUN BELOW: "Unable to connect to remote asterisk" +#- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +# command: fwconsole reload # DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 # YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 From 7c24fcc69536d3c475750b2f7421c5740903cb39 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 16:21:20 -0500 Subject: [PATCH 025/380] freepbx.yml: Consistent uppercase, documenting 2 hack/workarounds --- roles/pbx/tasks/freepbx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 6564a26fe..d472e9610 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -256,7 +256,7 @@ args: chdir: "{{ freepbx_src_dir }}" #creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx - ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 of 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 + ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 OF 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227 # 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 From 98d51224040af179f372f28f12e3b08b031eaf07 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 17:23:31 -0500 Subject: [PATCH 026/380] 18+1 FreePBX modules appear unchanged since May 2022 --- roles/pbx/tasks/freepbx.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index d472e9610..1bba7773c 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -270,7 +270,8 @@ # DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 # YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 -- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! +# NOTHING CHANGED (?) FEB 2024: https://github.com/iiab/iiab/pull/3675#issuecomment-1963081323 +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-17.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail From 65d6f9255e1acc0f8d2b2d95bb7d44f4d5bc6c1b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 17:26:27 -0500 Subject: [PATCH 027/380] WARNING: FreePBX 17.0 branch is still in flux! --- roles/pbx/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f7173c2b3..f0cb38124 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -32,7 +32,7 @@ asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 # freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. freepbx_git_url: https://github.com/FreePBX/framework -freepbx_git_branch: release/17.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 +freepbx_git_branch: release/17.0 # STILL IN FLUX AS OF FEB 2024: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx From b5f3f44e96d3a6bc79df95b4f69534ef5c9584f8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 18:03:58 -0500 Subject: [PATCH 028/380] pbx/README.adoc: Require PHP 8.x (desupport EOL'd PHP 7.4!) --- roles/pbx/README.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 41d57eb96..7c040d3f3 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,9 +4,11 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of January 2024, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required. +//// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* +//// //// As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"]. From e6bf0ef177214b42f4674a29e828a34121505a28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 18:05:49 -0500 Subject: [PATCH 029/380] pbx/README.adoc: Link to PR #3675 (Asterisk 21 & FreePBX 17) --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 7c040d3f3..d99f0df82 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required. +As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* From 7991d486143da462e38eb09109ebbb657ae7a5d4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:10:47 -0500 Subject: [PATCH 030/380] default_vars.yml: Update PBX tips --- vars/default_vars.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a2d202156..912a83de3 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -684,7 +684,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 731829f199a6f4455c8975b2f433f755a223257f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:11:25 -0500 Subject: [PATCH 031/380] local_vars_unittest.yml: Update PBX tips --- vars/local_vars_unittest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 5b82be988..19c47ca74 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 586364bd8921629789f4c95a4c16804deb90053b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:12:04 -0500 Subject: [PATCH 032/380] local_vars_small.yml: Update PBX tips --- vars/local_vars_small.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index c55fb4cc7..a366e2863 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 5320b4e89164288963cb838747d1a9ee12920ff8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:12:43 -0500 Subject: [PATCH 033/380] local_vars_medium.yml: Update PBX tips --- vars/local_vars_medium.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index dcf291dd1..aa142dcc9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From ddfc2b003a998a4766979aff0d62d08ef139ddad Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 25 Feb 2024 20:13:27 -0500 Subject: [PATCH 034/380] local_vars_large.yml: Update PBX tips --- vars/local_vars_large.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 9059d9ca0..3903530ed 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -417,7 +417,6 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False From 7a6ca9673879022cb962a8b949a5fbc88537c8e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Feb 2024 09:36:24 -0500 Subject: [PATCH 035/380] runrole: Clarify/correct local_vars.yml warning --- runrole | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runrole b/runrole index ad1387e2c..4e8657208 100755 --- a/runrole +++ b/runrole @@ -39,7 +39,7 @@ fi mkdir -p /etc/iiab # -p avoids errors, effectively like '|| true' if [ ! -f /etc/iiab/local_vars.yml ]; then - echo -e "\n\e[1mEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 + echo -e "\n\e[1mEXITING: /opt/iiab/iiab/runrole REQUIRES /etc/iiab/local_vars.yml\e[0m\n" >&2 echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 From c3e7b4c10402a73d3cebfc35166e24e2975421e0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Feb 2024 16:53:58 -0500 Subject: [PATCH 036/380] Recommend ansible-core 2.16.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 3ef87dddd..898d57599 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.3] -GOOD_VER=2.16.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.4] +GOOD_VER=2.16.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 918758fbe9292ab50e1e966e0cff8752f72a14df Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 00:52:48 -0600 Subject: [PATCH 037/380] U2404 python2 --- scripts/U2404_python2.sh | 45 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 scripts/U2404_python2.sh diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh new file mode 100644 index 000000000..7721ccf01 --- /dev/null +++ b/scripts/U2404_python2.sh @@ -0,0 +1,45 @@ +!/bin/bash +export DEBIAN_FRONTEND=noninteractive + +cat << EOF > /etc/apt/sources.list.d/python2.list +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy main universe +deb [trusted=yes] http://archive.ubuntu.com/ubuntu jammy-updates main universe +EOF + +apt update + +apt -y --allow-downgrades install python3.11=3.11.0~rc1-1~22.04 python3.11-minimal=3.11.0~rc1-1~22.04 libpython3.11-stdlib=3.11.0~rc1-1~22.04 libpython3.11-minimal=3.11.0~rc1-1~22.04 +apt-mark hold python3.11 python3.11-minimal libpython3.11-stdlib libpython3.11-minimal + +apt -y --allow-downgrades install python3-platformdirs=2.5.1-1 +apt-mark hold python3-platformdirs + +apt -y install python2 +apt -y install python2-pip-whl python2-setuptools-whl + +apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 +apt-mark hold python3-pip-whl + +apt -y --allow-downgrades install python3-virtualenv=20.13.0+ds-2 +apt-mark hold python3-virtualenv + +apt -y --allow-downgrades install virtualenv=20.13.0+ds-2 +apt-mark hold virtualenv + +virtualenv --always-copy --pip 20.3.4 --setuptools 44.1.1 --no-wheel -p python2.7 /usr/local/kalite/venv + +cd /usr/local/kalite/venv +source bin/activate +bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir +deactivate + +apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` +apt-mark unhold `apt-mark showhold` + +rm /etc/apt/sources.list.d/python2.list + +apt -y remove libmpdec3 python3-pip python3-wheel + +apt update +apt -y upgrade + From 3ae591a035a3877c7742c87e3de4a00a10d9fc8d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 00:55:09 -0600 Subject: [PATCH 038/380] U2404 python2 --- roles/kalite/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index bcf667d43..e2f44897b 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -48,6 +48,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" + when: ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) @@ -60,6 +61,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) + +- name: Use scripts/U2404_python2.sh to install python2 and virtualenv + command: "{{ iiab_dir }}/scripts/U2404_python2.sh" + when: (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: From 5fc495259539049c52bf61f41c0407200852ba22 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 01:28:11 -0600 Subject: [PATCH 039/380] U2404 python2 role --- scripts/U2404_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index 7721ccf01..9c6f6e4b1 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -1,4 +1,4 @@ -!/bin/bash +#!/bin/bash export DEBIAN_FRONTEND=noninteractive cat << EOF > /etc/apt/sources.list.d/python2.list From a737c8c05aad5eda76012a2ae422c732377315f3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 01:41:57 -0600 Subject: [PATCH 040/380] leave python2 packages --- scripts/U2404_python2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index 9c6f6e4b1..e9559cb85 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -33,7 +33,7 @@ source bin/activate bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate -apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` +#apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` apt-mark unhold `apt-mark showhold` rm /etc/apt/sources.list.d/python2.list From 66eb9862ee678d57fffcc69d21a02b6930396c84 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 4 Mar 2024 01:46:43 -0600 Subject: [PATCH 041/380] exec bit not set in git --- roles/kalite/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index e2f44897b..c3a48ccb0 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -64,7 +64,7 @@ when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: Use scripts/U2404_python2.sh to install python2 and virtualenv - command: "{{ iiab_dir }}/scripts/U2404_python2.sh" + command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" when: (is_ubuntu_2404 is defined and is_ubuntu_2404) - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" From f871683c2db3c1718d53bcc1b13fbc99e954bc41 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 5 Mar 2024 05:02:18 -0600 Subject: [PATCH 042/380] conditionals --- roles/kalite/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index c3a48ccb0..0954d0925 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -48,7 +48,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # long form of (is_debian_11+ or is_ubuntu_20+) @@ -65,7 +65,7 @@ - name: Use scripts/U2404_python2.sh to install python2 and virtualenv command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" - when: (is_ubuntu_2404 is defined and is_ubuntu_2404) + when: is_ubuntu_2404 is defined and is_ubuntu_2404 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: From 6819123fed4eec333613b999eb15c5ea70e33e46 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 5 Mar 2024 21:06:59 -0600 Subject: [PATCH 043/380] no compilers --- scripts/U2404_python2.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/U2404_python2.sh b/scripts/U2404_python2.sh index e9559cb85..ea26a3640 100644 --- a/scripts/U2404_python2.sh +++ b/scripts/U2404_python2.sh @@ -20,6 +20,9 @@ apt -y install python2-pip-whl python2-setuptools-whl apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 apt-mark hold python3-pip-whl +apt -y --no-install-recommends install python3-pip=22.0.2+dfsg-1 +apt-mark hold python3-pip + apt -y --allow-downgrades install python3-virtualenv=20.13.0+ds-2 apt-mark hold python3-virtualenv From 73e94abe3f93240c1f1c5a8847ba71a2f7c4fd9b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Mar 2024 13:26:47 -0500 Subject: [PATCH 044/380] Touch-ups for: scripts/install_python2_kalite-venv_u2404.sh --- roles/kalite/tasks/install.yml | 4 ++-- ...{U2404_python2.sh => install_python2_kalite-venv_u2404.sh} | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) rename scripts/{U2404_python2.sh => install_python2_kalite-venv_u2404.sh} (95%) mode change 100644 => 100755 diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 0954d0925..51350ec10 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -63,8 +63,8 @@ extra_args: "--no-cache-dir" when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) -- name: Use scripts/U2404_python2.sh to install python2 and virtualenv - command: bash "{{ iiab_dir }}/scripts/U2404_python2.sh" +- name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 + command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" when: is_ubuntu_2404 is defined and is_ubuntu_2404 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" diff --git a/scripts/U2404_python2.sh b/scripts/install_python2_kalite-venv_u2404.sh old mode 100644 new mode 100755 similarity index 95% rename from scripts/U2404_python2.sh rename to scripts/install_python2_kalite-venv_u2404.sh index ea26a3640..0841704df --- a/scripts/U2404_python2.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -33,7 +33,7 @@ virtualenv --always-copy --pip 20.3.4 --setuptools 44.1.1 --no-wheel -p python2. cd /usr/local/kalite/venv source bin/activate -bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir +bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate #apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` @@ -45,4 +45,3 @@ apt -y remove libmpdec3 python3-pip python3-wheel apt update apt -y upgrade - From f8fe9f0af9833d89fcf871634f716609b1e59aaa Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Mar 2024 19:57:05 -0500 Subject: [PATCH 045/380] Refine scripts/install_python2_kalite-venv_u2404.sh --- scripts/install_python2_kalite-venv_u2404.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/install_python2_kalite-venv_u2404.sh b/scripts/install_python2_kalite-venv_u2404.sh index 0841704df..1371b4b05 100755 --- a/scripts/install_python2_kalite-venv_u2404.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -14,8 +14,7 @@ apt-mark hold python3.11 python3.11-minimal libpython3.11-stdlib libpython3.11-m apt -y --allow-downgrades install python3-platformdirs=2.5.1-1 apt-mark hold python3-platformdirs -apt -y install python2 -apt -y install python2-pip-whl python2-setuptools-whl +apt -y install python2 python2-pip-whl python2-setuptools-whl apt -y --allow-downgrades install python3-pip-whl=22.0.2+dfsg-1 apt-mark hold python3-pip-whl @@ -37,11 +36,11 @@ bin/pip install ka-lite-static --no-python-version-warning --no-cache-dir deactivate #apt -y remove `apt list *python2* | grep installed | awk -F / '{ print $1 }'` -apt-mark unhold `apt-mark showhold` +apt-mark unhold $(apt-mark showhold) || true rm /etc/apt/sources.list.d/python2.list apt -y remove libmpdec3 python3-pip python3-wheel apt update -apt -y upgrade +apt -y upgrade # Why 'apt upgrade' here? From f67660d30b58760352d5cfba5312b039e075547b Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Mar 2024 00:44:42 -0500 Subject: [PATCH 046/380] Tighten kalite/tasks/install.yml; Introduce is_linuxmint_22 --- roles/kalite/tasks/install.yml | 15 +++++---------- scripts/local_facts.fact | 1 + vars/debian-12.yml | 15 --------------- vars/default_vars.yml | 1 + vars/linuxmint-22.yml | 7 +++++++ vars/raspbian-12.yml | 15 --------------- 6 files changed, 14 insertions(+), 40 deletions(-) create mode 100644 vars/linuxmint-22.yml diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 51350ec10..0ebf1b38b 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -22,9 +22,7 @@ - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: (is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204) # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than... - #when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310) - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. + when: is_ubuntu_2204 is defined and is_ubuntu_2204 # Also covers is_linuxmint_21 #- name: Install Ubuntu keyrings on Debian # get_url: @@ -37,8 +35,7 @@ # use key retrieval from mongodb - name: Use scripts/install_python2.sh to install python2 and virtualenv command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not ((is_debian_11 is defined and is_debian_11) or (is_ubuntu_2204 is defined and is_ubuntu_2204)) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than... - #when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310 + when: not (is_ubuntu_2204 is defined and is_ubuntu_2204) and not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_21 and is_linuxmint_22 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 pip: @@ -48,9 +45,7 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) - # long form of (is_debian_11+ or is_ubuntu_20+) + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 - name: Use pip to install ka-lite-static to {{ kalite_venv }} pip: @@ -61,11 +56,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) + when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 - name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" - when: is_ubuntu_2404 is defined and is_ubuntu_2404 + when: is_ubuntu_2404 is defined and is_ubuntu_2404 # Also covers is_linuxmint_22 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 24a3f044e..b1e53b885 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -89,6 +89,7 @@ case $OS_VER in "ubuntu-2310" | \ "ubuntu-2404" | \ "linuxmint-21" | \ + "linuxmint-22" | \ "raspbian-12") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install diff --git a/vars/debian-12.yml b/vars/debian-12.yml index 3b51e4478..d06a61285 100644 --- a/vars/debian-12.yml +++ b/vars/debian-12.yml @@ -3,18 +3,3 @@ is_debuntu: True is_debian: True # Opposite of is_ubuntu for now is_debian_12: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: openssh-server -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 912a83de3..55af7c382 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -788,6 +788,7 @@ is_ubuntu_2204: False #is_ubuntu_16: False is_linuxmint: False # Subset of is_ubuntu +is_linuxmint_22: False is_linuxmint_21: False #is_linuxmint_20: False diff --git a/vars/linuxmint-22.yml b/vars/linuxmint-22.yml new file mode 100644 index 000000000..53af5a21c --- /dev/null +++ b/vars/linuxmint-22.yml @@ -0,0 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2404: True +is_linuxmint: True +is_linuxmint_22: True diff --git a/vars/raspbian-12.yml b/vars/raspbian-12.yml index 9fa4b1e75..53858b6af 100644 --- a/vars/raspbian-12.yml +++ b/vars/raspbian-12.yml @@ -5,18 +5,3 @@ is_debian: True # Opposite of is_ubuntu for now is_debian_12: True is_raspbian: True is_raspbian_12: True - -# proxy: squid -# proxy_user: proxy -# apache_service: apache2 -# apache_user: www-data -# smb_service: smbd -# nmb_service: nmbd -# systemctl_program: /bin/systemctl -# mysql_service: mariadb -# sshd_package: ssh -# sshd_service: ssh -# systemd_location: /lib/systemd/system -# php_version: "8.2" -# postgresql_version: 15 -# python_version: "3.11" From a98d02248e7efa52ad64f7e6f7a98529e22ba4d6 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Mar 2024 02:03:29 -0500 Subject: [PATCH 047/380] kalite/tasks/install.yml: Cleaner OS conditions --- roles/kalite/tasks/install.yml | 48 +++++++--------------------------- 1 file changed, 10 insertions(+), 38 deletions(-) diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 0ebf1b38b..d2c2da478 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -15,29 +15,20 @@ # ignore_errors: yes # when: is_raspbian -- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2)' +- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2) -- if Ubuntu 22.04 / Mint 21' package: name: - python2 - python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2) - virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole} state: present - when: is_ubuntu_2204 is defined and is_ubuntu_2204 # Also covers is_linuxmint_21 + when: is_ubuntu_2204 # Also covers is_linuxmint_21 -#- name: Install Ubuntu keyrings on Debian -# get_url: -# url: -# dest: /etc/apt/keyrings/ -# mode: 0644 -# timeout: "{{ download_timeout }}" -# when: is_debian_12 - -# use key retrieval from mongodb -- name: Use scripts/install_python2.sh to install python2 and virtualenv +- name: Run scripts/install_python2.sh to install python2 and virtualenv -- if Debian 12 or RasPiOS 12 command: "{{ iiab_dir }}/scripts/install_python2.sh" - when: not (is_ubuntu_2204 is defined and is_ubuntu_2204) and not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_21 and is_linuxmint_22 + when: is_debian_12 # Also covers is_raspbian_12 -- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 +- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12 pip: name: setuptools==44 virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv @@ -45,9 +36,9 @@ virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv virtualenv_python: python2.7 extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 + when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 -- name: Use pip to install ka-lite-static to {{ kalite_venv }} +- name: Use pip to install ka-lite-static to {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12 pip: name: ka-lite-static version: "{{ kalite_version }}" @@ -56,11 +47,11 @@ virtualenv_command: virtualenv virtualenv_python: python2.7 extra_args: "--no-cache-dir" - when: not (is_ubuntu_2404 is defined and is_ubuntu_2404) # Also avoids is_linuxmint_22 + when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 -- name: Run scripts/install_python2_kalite-venv_u2404.sh if Ubuntu 24.04 +- name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" - when: is_ubuntu_2404 is defined and is_ubuntu_2404 # Also covers is_linuxmint_22 + when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22 - name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service" template: @@ -71,30 +62,11 @@ - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755' } - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644' } -# Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work -# (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache -# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)" -# template: -# src: kalite.conf -# dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu -# when: apache_installed is defined - - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # WAS: if Raspbian/Debian > 10 or Ubuntu > 19 replace: path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv regexp: 'a-zA-Z0-9' replace: 'a-zA-Z0-9\-' - #when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) - # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? - -# - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 -# replace: -# path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" -# regexp: 'a-zA-Z0-9' -# replace: 'a-zA-Z0-9\-' -# when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19 -# # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - name: Create dir {{ kalite_root }} file: From 1070a3e7299ac1ce70c2488a460751301786e021 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Mar 2024 03:09:21 -0500 Subject: [PATCH 048/380] install_python2_kalite-venv_u2404.sh: 'apt install python3-venv' (again) --- scripts/install_python2_kalite-venv_u2404.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/install_python2_kalite-venv_u2404.sh b/scripts/install_python2_kalite-venv_u2404.sh index 1371b4b05..cc40edcc2 100755 --- a/scripts/install_python2_kalite-venv_u2404.sh +++ b/scripts/install_python2_kalite-venv_u2404.sh @@ -44,3 +44,8 @@ apt -y remove libmpdec3 python3-pip python3-wheel apt update apt -y upgrade # Why 'apt upgrade' here? + +# python3-venv is needed for other venv's like roles/jupyterhub, e.g. #3716. +# So we restore python3-venv originally installed by scripts/ansible -- this +# is nec b/c python3-pip-whl downgrade to 22.0.2 (line ~19 above) removes it: +apt -y install python3-venv From 4fb55f87c6570c302adb513830748eb54dcd389b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Mar 2024 04:04:05 -0500 Subject: [PATCH 049/380] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.14 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 7b8738c4d..c0dbdd854 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.13 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.14 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From b5e60c9875e3d6c7c031dac2a362bdd496d274ca Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Mar 2024 13:24:08 -0400 Subject: [PATCH 050/380] Interim stub to force Kolibri 0.16.0 for now, awaiting upstream #11892 --- roles/kolibri/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 9d0f786af..844d0b4ae 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,9 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL +# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting #11892 below... +kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb +# 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next From ea47f27b9dd01827051c62fb7dac57b75a5ded3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 17 Mar 2024 13:31:28 -0400 Subject: [PATCH 051/380] kolibri/defaults/main.yml: Clarify 0.16.0 install hack/stub --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 844d0b4ae..fbb5b8409 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting #11892 below... +# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting upstream redirects etc, e.g. #11892 below... kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb # 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest From 9ce709e6e3b2d00431f4fbe35d93ed8e4ae24aad Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Mar 2024 15:47:52 -0400 Subject: [PATCH 052/380] Recommend ansible-core 2.16.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 898d57599..76af1ae59 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.4] -GOOD_VER=2.16.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5] +GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 133cc0682b1150dc536b8a062a8901c78272fc1a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Mar 2024 15:49:14 -0400 Subject: [PATCH 053/380] iiab-install: Mandate MIN_ANSIBLE_VER=2.14.15 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index c0dbdd854..dfca60227 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.14 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.15 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 837b4ccaff4282542b4b31f75a8e2e2a65e0a5a8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 28 Mar 2024 19:07:51 -0400 Subject: [PATCH 054/380] MediaWiki 1.41.1 (security and maintenance release) --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 77a233ac1..077d1a967 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 812b549d3348a3d2b221197e61a4a99e87a60626 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Apr 2024 11:48:53 -0400 Subject: [PATCH 055/380] Restore apt install of Kolibri 0.16.1+, thx to upstream changes --- roles/kolibri/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index fbb5b8409..02086f33a 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,9 +26,9 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-03-17: Temporary stub to force February's Kolibri 0.16.0 for now, awaiting upstream redirects etc, e.g. #11892 below... -kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.16.0/kolibri_0.16.0-0ubuntu1_all.deb -# 2022-07-30: OR UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL +# 2024-04-08: Kolibri 0.16.1 restores install via apt +# https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998 +# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2024-02-17: https://github.com/learningequality/kolibri/issues/11892 # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next From 824469e2805b02f0bfee4230deaf35eb6e83f762 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 8 Apr 2024 11:54:59 -0400 Subject: [PATCH 056/380] kolibri/defaults/main.yml: Clarify apt for Kolibri 0.16.1+ --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 02086f33a..80eb0c352 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -26,7 +26,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -# 2024-04-08: Kolibri 0.16.1 restores install via apt +# 2024-04-08: Kolibri 0.16.1+ restores install via apt # https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998 # 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL # kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest From d6c48123437949d0fed48e7d1bafde8e760e45b4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Apr 2024 16:04:04 -0400 Subject: [PATCH 057/380] Sugarizer 1.8.0 (upgrade from 1.7.0!) --- roles/sugarizer/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 925e087b6..ad5e48843 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.7.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0 -sugarizer_git_version: v1.7.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0 +sugarizer_dir_version: sugarizer-1.8.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0, sugarizer-1.7.0 +sugarizer_git_version: v1.8.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0, v1.7.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0 From 8079ca9a4b7cb26387c7e7c7f0384778ea97f793 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Apr 2024 22:13:32 -0400 Subject: [PATCH 058/380] Recommend ansible-core 2.16.6 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 76af1ae59..0df85beb5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5] -GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.6] +GOOD_VER=2.16.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From e279be79dff1a3d293e5ba38a7d3ab30c40196b8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Apr 2024 22:17:51 -0400 Subject: [PATCH 059/380] iiab-install: MIN_ANSIBLE_VER=2.14.16 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index dfca60227..ebf301117 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.15 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.14.16 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 81be4dda9aff533c5413797bdd9c5a074ccf72b9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 24 Apr 2024 10:34:32 -0400 Subject: [PATCH 060/380] New Moodle 4.4 instead of 4.3 --- roles/moodle/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 4597665b1..b6c607027 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -11,8 +11,8 @@ # 2023-04-25: Currently testing Moodle's master branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_403_STABLE # Moodle 4.3 -#moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2 +moodle_version: MOODLE_404_STABLE # Moodle 4.4 +#moodle_version: master # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From e6d5b6aa0732af27e04263880f850a0ed0950100 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 30 Apr 2024 18:22:34 -0400 Subject: [PATCH 061/380] Safer /usr/local/bin/yt-dlp symlink creation --- roles/calibre-web/tasks/install.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5f055d3e7..9ecf1c0ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -74,7 +74,13 @@ else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb - ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if [ -f /root/.local/share/pipx/venvs/xklb/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/xklb/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + else + echo "ERROR: yt-dlp NOT FOUND" + fi fi cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper From a771260ce94f8691bd5c3cb6e711d8aa05f1d890 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 30 Apr 2024 21:02:25 -0400 Subject: [PATCH 062/380] Bypass KA Lite install during initial install of IIAB, on recent OS's --- roles/7-edu-apps/tasks/main.yml | 2 +- roles/kalite/tasks/install.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index c5f15e117..570c4b3d1 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -6,7 +6,7 @@ - name: KALITE include_role: name: kalite - when: kalite_install + when: kalite_install and (is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12) # Also covers is_linuxmint_21 and is_raspbian_12 - name: KOLIBRI include_role: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index d2c2da478..5738c7301 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -49,6 +49,9 @@ extra_args: "--no-cache-dir" when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12 +# 2024-04-30: Sadly no longer works with Ubuntu 24.04 LTS final release (#3731). +# So roles/kalite is OS-restricted during initial install, SEE: roles/7-edu-apps/tasks/main.yml +# CLARIF: If install_python2_kalite-venv_u2404.sh proves no longer useful, it will deprecated in coming months. - name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22 command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh" when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22 From 4ea8690dd38a8184701592ce8d1a1ec8f36b4a77 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 1 May 2024 10:31:09 -0400 Subject: [PATCH 063/380] Welcome Ubuntu 24.10 (Oracular Oriole) pre-releases --- scripts/local_facts.fact | 1 + vars/default_vars.yml | 1 + vars/ubuntu-2410.yml | 5 +++++ 3 files changed, 7 insertions(+) create mode 100644 vars/ubuntu-2410.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index b1e53b885..e6c6ca0f5 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -88,6 +88,7 @@ case $OS_VER in "ubuntu-2204" | \ "ubuntu-2310" | \ "ubuntu-2404" | \ + "ubuntu-2410" | \ "linuxmint-21" | \ "linuxmint-22" | \ "raspbian-12") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 55af7c382..754cba561 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -774,6 +774,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2410: False is_ubuntu_2404: False is_ubuntu_2310: False #is_ubuntu_2304: False diff --git a/vars/ubuntu-2410.yml b/vars/ubuntu-2410.yml new file mode 100644 index 000000000..6120c89a9 --- /dev/null +++ b/vars/ubuntu-2410.yml @@ -0,0 +1,5 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2410: True From ebb0e079af196a1a52d700393ae72e713569fcc1 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 1 May 2024 15:52:06 -0400 Subject: [PATCH 064/380] 'echo Admin:changeme | chpasswd' for CUPS w/ ansible-core 2.17+ --- roles/cups/tasks/install.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index e4e2e04ed..5663528f0 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -58,15 +58,30 @@ AuthType Default Require user @SYSTEM -- name: "CUPS web administration: Create Linux username 'Admin' with password 'changeme' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)" +- name: "CUPS web administration: Create Linux username 'Admin' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)" user: name: Admin append: yes # Don't clobber other groups, that other IIAB Apps might need. groups: lpadmin - password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords + #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords create_home: no shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false +# 2024-05-01: Above password-setting approach no longer works w/ Ansible 2.17 RC1 (#3727). +# Ansible STOPS with this error... +# +# "[DEPRECATION WARNING]: Encryption using the Python crypt module is deprecated. The Python crypt module is +# deprecated and will be removed from Python 3.13. Install the passlib library for continued encryption +# functionality. This feature will be removed in version 2.17. Deprecation warnings can be disabled by +# setting deprecation_warnings=False in ansible.cfg." +# +# ...so we instead use Linux's "chpasswd" command (below!) + +- name: Use chpasswd to set Linux username 'Admin' password to 'changeme' + command: chpasswd + args: + stdin: Admin:changeme + # - name: Add user '{{ iiab_admin_user }}' to Linux group 'lpadmin' -- for CUPS web administration (or modify default 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 -> ~15 '@SYSTEM' lines in /etc/cups/cupsd.conf) # #command: "gpasswd -a {{ iiab_admin_user | quote }} lpadmin" # #command: "gpasswd -d {{ iiab_admin_user | quote }} lpadmin" From ff696899f3d1802f3ff8d458c881ad9092638886 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 1 May 2024 22:52:44 -0400 Subject: [PATCH 065/380] CUPS: Update Ansible password hashing link (#3735) --- roles/cups/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 5663528f0..55209a50b 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -63,7 +63,7 @@ name: Admin append: yes # Don't clobber other groups, that other IIAB Apps might need. groups: lpadmin - #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords + #password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords create_home: no shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false From 673fff90e2e2eb92fadc1f97009eeb8795124f69 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 1 May 2024 23:29:00 -0400 Subject: [PATCH 066/380] Nextcloud 29: Update disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index d82f040bb..c43da3943 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~655 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~199 MB) to {{ nextcloud_root_dir }} (~689 MB initially, sometimes ~726 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From d4c97f45b093470385cecc25a4b96917152ebf08 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 3 May 2024 08:50:27 -0400 Subject: [PATCH 067/380] Node.js 22.x --- roles/internetarchive/tasks/install.yml | 6 +++--- vars/default_vars.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index b6df58f01..2821a9ffd 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,10 @@ include_role: name: nodejs -- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 20.x +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 22.x assert: - that: nodejs_version is version('10.x', '>=') and nodejs_version is version('20.x', '<=') - fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 20.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('22.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 22.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 754cba561..3b233ca6c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -444,7 +444,7 @@ mosquitto_port: 1883 # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -nodejs_version: 20.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20 +nodejs_version: 22.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20, 20.x til 2024-05-03 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 9129644dff136f0aaddf71e831e1cee60eb02275 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 May 2024 17:23:47 -0400 Subject: [PATCH 068/380] Avoid initial install of Kolibri on Ubuntu 24.04+ (for now!) --- roles/7-edu-apps/tasks/main.yml | 2 +- scripts/ansible | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 570c4b3d1..56d21fd28 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install + when: kolibri_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also covers is_linuxmint_22. This is TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases. - name: KIWIX include_role: diff --git a/scripts/ansible b/scripts/ansible index 0df85beb5..1b8983975 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -305,7 +305,6 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" -echo -e " pip3 show ansible-core" echo -e ' apt -a list "ansible*"' echo -e " ansible-galaxy collection list\n" echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" From 2788f1062413f836e58e268826c09d72de236997 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 16 May 2024 18:01:17 -0400 Subject: [PATCH 069/380] Safer avoidance of Kolibri, if Python 3.12+ (for now!) --- roles/7-edu-apps/tasks/main.yml | 2 +- test.yml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 56d21fd28..e4ac330bc 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also covers is_linuxmint_22. This is TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases. + when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases at the moment. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: diff --git a/test.yml b/test.yml index 8eb2e9be0..7afdab202 100644 --- a/test.yml +++ b/test.yml @@ -19,12 +19,17 @@ #- include_role: # name: 0-init - - debug: - msg: "{{ 'changeme' | password_hash('sha512') }}" + # 2024-05-16: ansible-core 2.17 RC2 still hasn't fixed this, as they migrate from Python's crypt library to passlib: + # https://github.com/iiab/iiab/blob/485a619bfa082716ec848b5b34893dd3046175a8/roles/cups/tasks/install.yml#L70-L78 + #- debug: + # msg: "{{ 'changeme' | password_hash('sha512') }}" # msg: "{{ 'changeme' | password_hash('yescrypt') }}" # crypt.crypt STILL doesn't support 'yescrypt' algorithm ? #- pause: + - debug: + var: "'3.12.3' is version('3.12', '<')" + - name: DOUBLE UP to escape single quotes... '"''"' e.g. iiab.ini descriptions for azuracast, captiveportal, mosquitto, munin, nodejs, osm-vector-maps, sshd debug: msg: '"''"' # OR: '''' FAILS: '"\'"' From 583fa9a898b5f3bb0a7b29fdd64ecb64c1430aff Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2024 18:19:42 -0400 Subject: [PATCH 070/380] Clarify Kolibri avoidance w/ Python 3.12+ during initial iiab-install --- roles/7-edu-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index e4ac330bc..dc1f7e49b 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases at the moment. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). + when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: From daafd615217997bcee90e56c37234c68ac49710d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 May 2024 14:51:21 -0400 Subject: [PATCH 071/380] Recommend ansible-core 2.17.0 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1b8983975..02fc9e23f 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.6] -GOOD_VER=2.16.6 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.0] +GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 6b80af6832561007e6df3888a283dbf6d12b2a81 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 May 2024 14:53:10 -0400 Subject: [PATCH 072/380] 2.14 EOL, MIN_ANSIBLE_VER=2.15.12 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index ebf301117..59c22129f 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.14.16 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.15.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From ec4a884c4c10e20190ff0580eaef86d5c42ee3ef Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 20 May 2024 15:17:55 -0400 Subject: [PATCH 073/380] ansible-core 2.17 docs for PR #3743 --- scripts/ansible | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/ansible b/scripts/ansible index 02fc9e23f..1cf6953a5 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -34,6 +34,8 @@ GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.17 +# https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 # https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst # https://github.com/ansible/ansible/commits/stable-2.15 From ed9c8929464e081b5a8dc4a61ac88457c68987d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 27 May 2024 10:19:50 -0400 Subject: [PATCH 074/380] gitea/defaults/main.yml: gitea_version: "1.22" --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index c318acfd7..0032f1d3d 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: "1.21" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. +gitea_version: "1.22" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero. iset_suffixes: i386: 386 x86_64: amd64 From 9dc634f7de00cb7ec393e622fe1e5f19028a4ac3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 May 2024 00:27:54 -0400 Subject: [PATCH 075/380] calibre-web/tasks/install.yml: Refine venv tips --- roles/calibre-web/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 9ecf1c0ed..c3cbf6e94 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -99,8 +99,9 @@ # https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments # VIRTUALENV EXAMPLE COMMANDS: +# python3 -m venv /usr/local/calibre-web-py3 (create venv) # cd /usr/local/calibre-web-py3 -# source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH) +# . bin/activate (or 'source bin/activate' -- this prepends '/usr/local/calibre-web-py3/bin' to yr PATH) # python3 -m pip list ('pip list' sufficient *IF* path set above!) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt From ddca185401acf3dd29e483dfb53dbb14141afb04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Jun 2024 10:20:02 -0400 Subject: [PATCH 076/380] iiab-diagnostics: try dpaste.com instead of sprunge.us --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 0b979fcd3..f0d47a52b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -272,12 +272,12 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023) + pastebinit -b dpaste.com < $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. + #pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins - #pastebinit -b dpaste.com < $outfile # Claims 1,000,000 character maximum pastebin size, but not reliable else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b sprunge.us < $outfile" + echo -e " pastebinit -b dpaste.com < $outfile" fi echo -e "\e[0m" From 17463eb8107baa37562f91e5111487d88e22d988 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 4 Jun 2024 10:21:20 -0400 Subject: [PATCH 077/380] iiab-diagnostics.README.md: sprunge.us -> dpaste.com --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index e2b0aef85..a2295b830 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -55,7 +55,7 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: Or, you can later/manually upload it using the ``pastebinit`` command: ``` - pastebinit -b sprunge.us < /etc/iiab/diag/NEW-FILE-NAME + pastebinit -b dpaste.com /etc/iiab/diag/NEW-FILE-NAME ``` Either way, this will generate an actual web link (URL). From b6ab7bf733a305a64c698330fda7de45bdef82f9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 5 Jun 2024 09:18:32 -0400 Subject: [PATCH 078/380] iiab-summary: Strip RPi model null char for dpaste.com --- scripts/iiab-summary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 75102048d..7551aad08 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -67,7 +67,7 @@ echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $ uname -nrvm echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) if [ -f /proc/device-tree/model ]; then - cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo + cat /proc/device-tree/model | tr -d '\000' ; echo # dpaste.com pastebin doesn't allow null chars! MORE RPi DETAIL: tail -4 /proc/cpuinfo fi if [ -f /sys/class/thermal/thermal_zone0/temp ]; then echo "Temperature(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp From 14d605c643a44592b258e4ffffc3ffd75a9bb9cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 5 Jun 2024 09:24:29 -0400 Subject: [PATCH 079/380] iiab-diagnostics: Make all odd chars visible (pastebins can be picky!) --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f0d47a52b..c8bb1f302 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -132,7 +132,7 @@ echo "This is: $outfile" >> $outfile echo >> $outfile echo -e "\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile -/opt/iiab/iiab/scripts/iiab-summary >> $outfile +/opt/iiab/iiab/scripts/iiab-summary | iconv -t UTF-8//IGNORE | cat -v >> $outfile # Make odd chars visible, just in case (e.g. dpaste.com pastebin disallows null chars) if [ -f /etc/rpi-issue ]; then echo "stage2 = Raspberry Pi OS Lite" >> $outfile echo "stage4 = Raspberry Pi OS with desktop" >> $outfile From 27be239d9d0e5dc22c2e3de632a21fb6472ab0e0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 5 Jun 2024 12:09:57 -0400 Subject: [PATCH 080/380] iiab-diagnostics: Tweak pastebinit syntax for PR #3749 --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index c8bb1f302..a94b04f0c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -272,9 +272,9 @@ echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b dpaste.com < $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. - #pastebinit -b sprunge.us < $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) - #pastebinit -b paste2.org < $outfile # Spammy/dangerous pastebins + pastebinit -b dpaste.com $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. + #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) + #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins else echo -e "If you later decide to publish it, run:" echo From ddd09567e21e0ef820553f545d7caff2bfd88b6c Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Jun 2024 14:27:22 -0400 Subject: [PATCH 081/380] Kolibri on Python 3.12 OS's, during initial IIAB install --- roles/7-edu-apps/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index dc1f7e49b..69d1b0788 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,8 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). + when: kolibri_install + #when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon). - name: KIWIX include_role: From 7020423b6e479197a598ea5c88b3ea94a2091a2b Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Jun 2024 09:14:23 -0400 Subject: [PATCH 082/380] calibre-web/README.rst: Document xklb-metadata.db (for videos) --- roles/calibre-web/README.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 42162c818..9e5d3dee8 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -108,6 +108,10 @@ Whereas your e-book metadata is stored in a Calibre-style database:: /library/calibre-web/metadata.db +Videos' metadata is stored in database:: + + /library/calibre-web/xklb-metadata.db + See also:: /library/calibre-web/metadata_db_prefs_backup.json From cc130d7e0fe27a2ae5b5fe4a55b6b541bbc796fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Jun 2024 07:45:54 -0400 Subject: [PATCH 083/380] iiab-diagnostics: xklb & yt-dlp version visibility --- scripts/iiab-diagnostics | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a94b04f0c..6fe38407d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,6 +229,8 @@ cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorate | head -50' 'Calibre-Web version' +cat_cmd 'sudo lb --version' 'xklb version' +cat_cmd 'sudo yt-dlp --version' 'yt-dlp version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 From 2f83e7f266eb893fbc0efc217f90cbd85255b053 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Jun 2024 07:47:43 -0400 Subject: [PATCH 084/380] iiab-diagnostics.README.md: Fix line number --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index a2295b830..fa6c560e5 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-254 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-256 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From da3a69a885b4b1b8ecd977e37e3d3d0db29278b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 17 Jun 2024 14:48:43 -0400 Subject: [PATCH 085/380] Recommend ansible-core 2.17.1 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1cf6953a5..46ef74659 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.0] -GOOD_VER=2.17.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.1] +GOOD_VER=2.17.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 2f4151ec2eac33950402e82841fdcebe7ffce0e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 11:55:31 -0400 Subject: [PATCH 086/380] Temp hard-coding of Kolibri 0.17 Alpha 0, if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f0a06d292..0da1d724a 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -121,6 +121,12 @@ # codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) # when: is_debian or is_linuxmint_20 + +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' + set_fact: + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and Debian 13 (which still uses Python 3.11 for now!?) PLEASE SEE: learningequality/kolibri#11316 + - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: name: kolibri From 641b31d80007c7a64bd8d05bf8aebcb9375e8502 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 12:56:33 -0400 Subject: [PATCH 087/380] Nextcloud 29.0.3: Update disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index c43da3943..529988437 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~199 MB) to {{ nextcloud_root_dir }} (~689 MB initially, sometimes ~726 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~197 MB) to {{ nextcloud_root_dir }} (~692 MB initially, sometimes ~730 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From f274f36050870a3d6db2ce45fbb631d7dafd026d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 13:10:01 -0400 Subject: [PATCH 088/380] Clarify doc explanation of PR #3751 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 0da1d724a..5f242b475 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,7 +125,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and Debian 13 (which still uses Python 3.11 for now!?) PLEASE SEE: learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From 2a5046cd84b82b734724e324cf001c2844cc4874 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 14:30:49 -0400 Subject: [PATCH 089/380] Update IIAB Calibre-Web disk footprint estimates --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index c3cbf6e94..6af37dcc7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -56,7 +56,7 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~114 MB initially, ~210+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From 199424d4705be1c50c614850f1d63389e4953310 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 25 Jun 2024 14:34:33 -0400 Subject: [PATCH 090/380] Support experimental install on RasPiOS 13 --- scripts/local_facts.fact | 3 ++- vars/default_vars.yml | 1 + vars/raspbian-13.yml | 7 +++++++ 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 vars/raspbian-13.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index e6c6ca0f5..a24a1a2da 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -91,7 +91,8 @@ case $OS_VER in "ubuntu-2410" | \ "linuxmint-21" | \ "linuxmint-22" | \ - "raspbian-12") + "raspbian-12" | \ + "raspbian-13") ;; *) echo -e "\n\e[41;1mOS '$OS_VER' IS NOT SUPPORTED. Please read:\e[0m\n\n\e[1mhttps://github.com/iiab/iiab/wiki/IIAB-Platforms\e[0m\n" ; exit 1 # Used by /opt/iiab/iiab/iiab-install ;; diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3b233ca6c..c0e6e9f13 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -802,6 +802,7 @@ is_debian_12: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_13: False is_raspbian_12: False #is_raspbian_11: False #is_raspbian_10: False diff --git a/vars/raspbian-13.yml b/vars/raspbian-13.yml new file mode 100644 index 000000000..74c906488 --- /dev/null +++ b/vars/raspbian-13.yml @@ -0,0 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_13: True +is_raspbian: True +is_raspbian_13: True From 355ebbc65e6a4378c4ec29de608159e8fafcdad9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 18:25:23 -0400 Subject: [PATCH 091/380] Tighten up adding of Kolibri PPA --- roles/kolibri/tasks/install.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 5f242b475..7798e81f0 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -76,17 +76,20 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 -- name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12) +# 2024-06-24: Strongly consider PPA "kolibri-proposed" in future... +# https://github.com/learningequality/kolibri/issues/11892 +# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html +- name: Add signed Kolibri PPA 'jammy' apt_repository: repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main" - when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 - #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 +# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12 +# #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204 -- name: Add signed Kolibri PPA 'focal' (if other/older OS's) - apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" - when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) - #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) +# - name: Add signed Kolibri PPA 'focal' (if other/older OS's) +# apt_repository: +# repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main" +# when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12) +# #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12) # - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) # apt_repository: From d75d6a0cb28aa857e65ed2d6df4ca6f6f8051605 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 Jun 2024 18:47:28 -0400 Subject: [PATCH 092/380] Fix date in comment re: kolibri-proposed --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 7798e81f0..0eb9f6e84 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -76,7 +76,7 @@ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81 -# 2024-06-24: Strongly consider PPA "kolibri-proposed" in future... +# 2024-06-25: Strongly consider PPA "kolibri-proposed" in future... # https://github.com/learningequality/kolibri/issues/11892 # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html - name: Add signed Kolibri PPA 'jammy' From a4a68604e1791830ed6b649722b264712c71ca78 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 Jun 2024 12:01:11 -0400 Subject: [PATCH 093/380] New MediaWiki 1.42.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 077d1a967..1787b2807 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.41" # "1.40" quotes nec if trailing zero +mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" From 9d31afdc9f1f3785b4cfba69472fc4bcfe482fc7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 3 Jul 2024 23:18:07 -0400 Subject: [PATCH 094/380] Install Kolibri 0.17b0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 0eb9f6e84..129756d9b 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-alpha0/kolibri_0.17.0a0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta0/kolibri_0.17.0b0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From c6b0164cbe97934a1b333bea5b605f084e7bf6fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 9 Jul 2024 18:43:30 -0400 Subject: [PATCH 095/380] transmission/README.rst: Ubuntu timeout / crashing issue #3756 --- roles/transmission/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 727197b56..a851fe591 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -86,6 +86,8 @@ Known Issues * Random Ports: Currently it is not possible to use random ports in the range 49152-65535, as it's difficult to open multiple ports in IIAB's `iptables-based firewall `_. +* transmission-daemon (4.0.6 or 4.1-dev) install onto Ubuntu 24.04 or 24.10, but (1) its systemd service times out (fails to start) (2) rebooting kinda helps, but service then crashes on 1st visit to http://box:9091 `#3756 `_ + Troubleshooting --------------- From c1eea9d1a16b50df04c8eb8cdc69c88f35d31760 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 10 Jul 2024 09:38:03 -0400 Subject: [PATCH 096/380] callbre-web/README.rst: Update issues reporting URL --- roles/calibre-web/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index 9e5d3dee8..da7045ee1 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -228,5 +228,5 @@ Known Issues * |ss| Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 `_ |se| |nbsp| Fixed by `361a124 `_ on 2019-02-27. -* *Please assist us in reporting serious issues here:* - https://github.com/janeczku/calibre-web/issues +* *Please report serious issues here:* + https://github.com/iiab/calibre-web/issues From 924f5802778ff3309e86637affbe5540bbd0713c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jul 2024 12:54:38 -0400 Subject: [PATCH 097/380] Clarify current Moodle is 4.4 (or 4.5dev !) --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 7a33421ae..a313ae75c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -101,7 +101,7 @@ repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - version: "{{ moodle_version }}" # e.g. MOODLE_403_STABLE (Moodle 4.3) + version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') - name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" @@ -109,7 +109,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023) + version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From afb7ed18fde6c3f6df3d57d1acde75856f69f016 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jul 2024 13:12:49 -0400 Subject: [PATCH 098/380] Update Moodle 4.5dev disk footprint estimates --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index a313ae75c..44ba40349 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -104,7 +104,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From 2250f507fd306f7372a09c14adbb2a84d5cad44c Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 11 Jul 2024 19:18:26 -0400 Subject: [PATCH 099/380] Kolibri 0.17.0 Beta 1 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 129756d9b..ba7d16651 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta0/kolibri_0.17.0b0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta1/kolibri_0.17.0b1-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 7c7f145b1716db6a950b6ff9105a90549103aa58 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 12 Jul 2024 19:44:36 -0400 Subject: [PATCH 100/380] Kolibri 0.17.0 Beta 2 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ba7d16651..209fb3586 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta1/kolibri_0.17.0b1-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta2/kolibri_0.17.0b2-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 3b41fbca62d8605886435c7aa8c3786cd34a7f03 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Jul 2024 16:12:49 -0400 Subject: [PATCH 101/380] Recommend ansible-core 2.17.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 46ef74659..93755a5f6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.1] -GOOD_VER=2.17.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.2] +GOOD_VER=2.17.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 89c3d7873934f534aafdc30d50dc9a45963daf8a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 16 Jul 2024 00:33:24 -0400 Subject: [PATCH 102/380] Kolibri 0.17.0 Beta 3 (if Python >= 3.12) --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 209fb3586..f02dfde2e 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta2/kolibri_0.17.0b2-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta3/kolibri_0.17.0b3-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From fadee4caea0bcc009a47d060f34b66a66ad1f6fa Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 17 Jul 2024 08:57:54 -0400 Subject: [PATCH 103/380] remote.it free/personal/non-commercial plan reconfirmed for 2024 --- roles/remoteit/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index 051d3b7f5..910f55409 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -2,7 +2,7 @@ Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB). -As of [2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. +As of [2024](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month. For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?" From e3d9a9a36e492107a9ebcc25138da2d4dc97dfe8 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 17 Jul 2024 22:26:11 -0400 Subject: [PATCH 104/380] Basic iiab-update command; also upgrades IIAB Calibre-Web --- roles/0-init/tasks/main.yml | 10 +++- scripts/ansible | 8 +-- scripts/iiab-update | 111 ++++++++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+), 5 deletions(-) create mode 100755 scripts/iiab-update diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 4c02c6ca5..8d423b8c6 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,15 +34,23 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' with_items: + - iiab-update - iiab-summary - iiab-diagnostics +- name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update + file: + src: /usr/bin/iiab-update + path: /usr/bin/iiab-upgrade + state: link + force: yes + - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: state: directory diff --git a/scripts/ansible b/scripts/ansible index 93755a5f6..51cb3b689 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -99,8 +99,8 @@ echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'" #echo -e "(3) Remove all lines containing 'ansible' from..." #echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" -echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" -echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" +#echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" +#echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ") @@ -308,5 +308,5 @@ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" echo -e ' apt -a list "ansible*"' -echo -e " ansible-galaxy collection list\n" -echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" +echo -e " ansible-galaxy collection list\n\n" +#echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" diff --git a/scripts/iiab-update b/scripts/iiab-update new file mode 100755 index 000000000..8c498ff1e --- /dev/null +++ b/scripts/iiab-update @@ -0,0 +1,111 @@ +#!/bin/bash + +# Basic updating/upgrading of IIAB's core software (2 main repos) from GitHub. + +# With a focus on upgrading IIAB Calibre-Web, if that's installed: +# https://github.com/iiab/calibre-web/wiki + +if [[ $(id -un) != "root" ]]; then + echo -e "\nPlease run: sudo iiab-update\n" + exit 1 +fi + +if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" +else + echo -e "\n\n\e[44;1mBasic upgrade of IIAB core software (2 main repos) & Calibre-Web:\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y +fi + +cd /opt/iiab/iiab +if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 +fi +echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" +git pull https://github.com/iiab/iiab --no-rebase --no-edit +if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise Ansible (roles/0-init) does it below! + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin +fi + +if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" +else + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible +fi + +if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + echo + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + systemctl restart calibre-web + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + ./runrole --reinstall calibre-web + fi +fi + +# 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the +# time over 20 tests for me -- leading to 3+ different kinds of errors right +# after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the +# most common error -- once the error was "command not found" -- and another +# time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! +# +# Any chance this get_oer2go_catalog error ~15 lines up...might be related ? +# +# ... +# Finished writing to /etc/iiab/kiwix_catalog.json +# SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' +# php_parser = re.compile('\<\?php echo .+? \?>') +# Skipping module not needed by Internet in a Box 12 en-PhET +# ... +# [ ~15 lines ] +# ... +# (Restarting CMDSRV +# ... +# [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + +if [ -d /opt/admin ]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi +fi + +echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" From 4f98de9331eaa9c058cde34cfb628fb2f97163a9 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 17 Jul 2024 23:17:37 -0400 Subject: [PATCH 105/380] Untracked files in venv /usr/local/calibre-web-py3 should NOT block upgrade --- roles/0-init/tasks/main.yml | 2 +- scripts/iiab-update | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8d423b8c6..d6859c120 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -49,7 +49,7 @@ src: /usr/bin/iiab-update path: /usr/bin/iiab-upgrade state: link - force: yes + #force: yes - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: diff --git a/scripts/iiab-update b/scripts/iiab-update index 8c498ff1e..0c75dcc34 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -56,7 +56,7 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then yt-dlp --version echo cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi From 869ff84453c77e029c271fc2af8b6057c7feab09 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 00:25:50 -0400 Subject: [PATCH 106/380] iiab-update: Tiny code cleanup (Calibre-Web section) --- scripts/iiab-update | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 0c75dcc34..78b3cf859 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -54,13 +54,12 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then pipx install xklb echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo cd /usr/local/calibre-web-py3 if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi - echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/calibre-web --no-rebase --no-edit cd /opt/iiab/iiab if [[ $1 == "-f" || $1 == "--fast" ]]; then From 7d004495d3b79dc53be64e22874a8dea2bbeb9e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 01:15:10 -0400 Subject: [PATCH 107/380] iiab-update: Document yt-dlp "nightly" option --- scripts/iiab-update | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/iiab-update b/scripts/iiab-update index 78b3cf859..eafe6897e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -52,6 +52,8 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then pipx uninstall xklb echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version cd /usr/local/calibre-web-py3 From af4715df6aa8717eac3f1e61c6bf413ee75de673 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 01:32:16 -0400 Subject: [PATCH 108/380] Explain 'cp iiab-update iiab-summary iiab-diagnostics /usr/bin' --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index eafe6897e..4c785c702 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -31,7 +31,7 @@ if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != " fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit -if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise Ansible (roles/0-init) does it below! +if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole and ./install do it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" cp iiab-update iiab-summary iiab-diagnostics /usr/bin From 49f59830c8d575a2dcc466dac208c69022ac002e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 02:09:33 -0400 Subject: [PATCH 109/380] Strengthen yt-dlp upgrading + document "nightly" version --- roles/calibre-web/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6af37dcc7..2fc8d4f74 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -70,7 +70,7 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx upgrade --include-injected xklb + pipx reinstall xklb else pipx install xklb ln -sf /root/.local/bin/lb /usr/local/bin/lb @@ -82,6 +82,8 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper fi From c6815a55f757785400da1f4483bb52a2f24e5046 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 02:19:52 -0400 Subject: [PATCH 110/380] calibre-web/tasks/install.yml: Links to NEW iiab-update approach --- roles/calibre-web/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 2fc8d4f74..369bc09c1 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,3 +1,8 @@ +# To upgrade IIAB Calibre-Web: +# https://github.com/iiab/calibre-web/wiki#upgrading +# https://github.com/iiab/iiab/blob/master/scripts/iiab-update + + - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 register: df1 From 4150ce342efff605c641981b0f54db5d3eac5711 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 03:09:13 -0400 Subject: [PATCH 111/380] calibre-web/README.rst: Revise "Upgrading" section --- roles/calibre-web/README.rst | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index da7045ee1..ef9423d1d 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -157,26 +157,31 @@ as it contains your Calibre-Web content **and** configuration settings! Upgrading --------- -"Reinstalling" Calibre-Web automatically installs the latest version — if your -Internet-in-a-Box (IIAB) is online. +Please see our `new/automated upgrade technique (iiab-update) `_ +introduced in July 2024. -But first: back up your content **and** configuration settings, as explained above. +But first: back up your content **and** configuration settings, as outlined +above! -**Also move your /library/calibre-web/config/app.db AND/OR -/library/calibre-web/metadata.db out of the way — if you're sure you want to -fully reset your Calibre-Web settings (to install defaults) AND/OR remove all -e-book metadata! Then run, as root**:: +**Conversely if you're sure you want to fully reset your Calibre-Web settings, +and remove all existing e-book/video/media metadata — then move your +/library/calibre-web/config/app.db, /library/calibre-web/metadata.db and +/library/calibre-web/xklb-metadata.db out of the way.** + +RECAP: In general, "reinstalling" Calibre-Web automatically installs the latest +version — if your Internet-in-a-Box (IIAB) is online. Strongly consider the +new ``iiab-update`` technique described above. But if you must use the +older/manual technique, you would need to run, as root:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web -Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding -manually:: +Or, if you want to try upgrading Calibre-Web code alone:: cd /usr/local/calibre-web-py3 git pull -This older way is *no longer recommended*:: +Finally, this much older way is *no longer recommended*:: cd /opt/iiab/iiab ./iiab-install --reinstall # OR: ./iiab-configure From 514f0ea71457e4921f007771d6e7756648decdcd Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 03:21:01 -0400 Subject: [PATCH 112/380] calibre-web/README.rst: Refine "Upgrading" grammar --- roles/calibre-web/README.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/README.rst b/roles/calibre-web/README.rst index ef9423d1d..a29896573 100644 --- a/roles/calibre-web/README.rst +++ b/roles/calibre-web/README.rst @@ -168,15 +168,15 @@ and remove all existing e-book/video/media metadata — then move your /library/calibre-web/config/app.db, /library/calibre-web/metadata.db and /library/calibre-web/xklb-metadata.db out of the way.** -RECAP: In general, "reinstalling" Calibre-Web automatically installs the latest -version — if your Internet-in-a-Box (IIAB) is online. Strongly consider the -new ``iiab-update`` technique described above. But if you must use the -older/manual technique, you would need to run, as root:: +RECAP: Either way, "reinstalling" Calibre-Web automatically installs the latest +version — so long as your Internet-in-a-Box (IIAB) is online. Most people +should stick with the new ``iiab-update`` technique above. However if you must +use the older/manual approach, you would need to run, as root:: cd /opt/iiab/iiab ./runrole --reinstall calibre-web -Or, if you want to try upgrading Calibre-Web code alone:: +Or, if there's a need to try updating Calibre-Web's code alone:: cd /usr/local/calibre-web-py3 git pull From 3d6a11635278543680636e767f078e0acb61c7d2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 05:19:38 -0400 Subject: [PATCH 113/380] scripts/iiab-update: Clarify summary/purpose for PR #3768 --- scripts/iiab-update | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4c785c702..b5813075e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -1,8 +1,8 @@ #!/bin/bash -# Basic updating/upgrading of IIAB's core software (2 main repos) from GitHub. +# Upgrade IIAB core software (apt updates, Ansible, Admin Console, etc). -# With a focus on upgrading IIAB Calibre-Web, if that's installed: +# Also with a focus on upgrading IIAB Calibre-Web, if that's installed: # https://github.com/iiab/calibre-web/wiki if [[ $(id -un) != "root" ]]; then @@ -14,7 +14,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mBasic upgrade of IIAB core software (2 main repos) & Calibre-Web:\e[0m\n" + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" echo -e "\e[4mNow running: apt update\e[0m\n" apt update From 1e1998cb14568b60e3f2deceeebefafb06527a11 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 18 Jul 2024 13:37:24 -0400 Subject: [PATCH 114/380] Preload all of iiab-update (bash script) into RAM for safety --- scripts/iiab-update | 192 +++++++++++++++++++++++--------------------- 1 file changed, 101 insertions(+), 91 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index b5813075e..36190e270 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -5,108 +5,118 @@ # Also with a focus on upgrading IIAB Calibre-Web, if that's installed: # https://github.com/iiab/calibre-web/wiki -if [[ $(id -un) != "root" ]]; then - echo -e "\nPlease run: sudo iiab-update\n" - exit 1 -fi +# 2024-07-18 fixes underway, thanks to: +# https://stackoverflow.com/questions/21096478/overwrite-executing-bash-script-files +# https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run +# https://stackoverflow.com/questions/2336977/can-a-shell-script-indicate-that-its-lines-be-loaded-into-memory-initially -if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" - echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" -else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" - echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" - echo -e "\e[4mNow running: apt update\e[0m\n" - apt update - echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" - apt dist-upgrade -y - echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" - apt autoremove -y -fi - -cd /opt/iiab/iiab -if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 -fi -echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" -git pull https://github.com/iiab/iiab --no-rebase --no-edit -if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole and ./install do it below! (as Ansible runs roles/0-init) - cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin -fi - -if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" -else - echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" - scripts/ansible -fi - -if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" +{ + if [[ $(id -un) != "root" ]]; then + echo -e "\nPlease run: sudo iiab-update\n" exit 1 fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" - systemctl restart calibre-web + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" - ./runrole --reinstall calibre-web + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y fi -fi -# 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the -# time over 20 tests for me -- leading to 3+ different kinds of errors right -# after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the -# most common error -- once the error was "command not found" -- and another -# time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! -# -# Any chance this get_oer2go_catalog error ~15 lines up...might be related ? -# -# ... -# Finished writing to /etc/iiab/kiwix_catalog.json -# SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' -# php_parser = re.compile('\<\?php echo .+? \?>') -# Skipping module not needed by Internet in a Box 12 en-PhET -# ... -# [ ~15 lines ] -# ... -# (Restarting CMDSRV -# ... -# [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + cd /opt/iiab/iiab + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab --no-rebase --no-edit + if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin + fi -if [ -d /opt/admin ]; then if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" else - cd /opt/iiab/iiab-admin-console - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible + fi + + if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install + systemctl stop calibre-web + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + systemctl restart calibre-web + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + ./runrole --reinstall calibre-web + fi fi -fi -echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + # 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the + # time over 20 tests for me -- leading to 3+ different kinds of errors right + # after "(Restarting CMDSRV" e.g. "syntax error near unexpected token" was the + # most common error -- once the error was "command not found" -- and another + # time Admin Console's ./install VERY MYSTERIOUSLY RAN TWICE! + # + # Any chance this get_oer2go_catalog error ~15 lines up...might be related ? + # + # ... + # Finished writing to /etc/iiab/kiwix_catalog.json + # SUCCESS/opt/admin/cmdsrv/scripts/get_oer2go_catalog:52: SyntaxWarning: invalid escape sequence '\<' + # php_parser = re.compile('\<\?php echo .+? \?>') + # Skipping module not needed by Internet in a Box 12 en-PhET + # ... + # [ ~15 lines ] + # ... + # (Restarting CMDSRV + # ... + # [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] + + if [ -d /opt/admin ]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi + fi + + echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + + exit # https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run +} From 280cea8b9d53a6825d7076a36c3664c1f29b7836 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 18 Jul 2024 14:16:39 -0400 Subject: [PATCH 115/380] untabify iiab-update + 'systemctl stop calibre-web' output --- scripts/iiab-update | 115 ++++++++++++++++++++++---------------------- 1 file changed, 58 insertions(+), 57 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 36190e270..8f8ba2f94 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -12,72 +12,73 @@ { if [[ $(id -un) != "root" ]]; then - echo -e "\nPlease run: sudo iiab-update\n" - exit 1 + echo -e "\nPlease run: sudo iiab-update\n" + exit 1 fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" - echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" + echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" - echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" - echo -e "\e[4mNow running: apt update\e[0m\n" - apt update - echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" - apt dist-upgrade -y - echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" - apt autoremove -y + echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" + echo -e "\e[4mNow running: apt update\e[0m\n" + apt update + echo -e "\n\e[4mNow running: apt dist-upgrade -y\e[0m\n" + apt dist-upgrade -y + echo -e "\n\e[4mNow running: apt autoremove -y\e[0m\n" + apt autoremove -y fi cd /opt/iiab/iiab if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) - cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin + cd scripts + echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + cp iiab-update iiab-summary iiab-diagnostics /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" else - echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" - scripts/ansible + echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" + scripts/ansible fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then + if [[ $1 == "-f" || $1 == "--fast" ]]; then echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - systemctl stop calibre-web - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + fi + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: systemctl stop calibre-web\e[0m\n" + systemctl stop calibre-web + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit + cd /opt/iiab/iiab + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" systemctl restart calibre-web - else - echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" + else + echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" ./runrole --reinstall calibre-web - fi + fi fi # 2024-07-17: Run Admin Console stanza last for safety -- it failed ~50% of the @@ -101,19 +102,19 @@ # [ VARIOUS ERRORS SOMETIMES HAPPEN HERE ] if [ -d /opt/admin ]; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" - else - cd /opt/iiab/iiab-admin-console - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then - echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install - fi + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Admin Console.\e[0m" + else + cd /opt/iiab/iiab-admin-console + if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + fi fi echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" From 291c049919185852724ef4584bdf2c059152e18e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 15:24:22 -0400 Subject: [PATCH 116/380] iiab-update: Try "bash -e" (exit on error) and "cp -u" (--update) --- scripts/iiab-update | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 8f8ba2f94..48a4f90ac 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -1,4 +1,5 @@ -#!/bin/bash +#!/bin/bash -e +# "-e" tries to exit right away on error. # Upgrade IIAB core software (apt updates, Ansible, Admin Console, etc). @@ -40,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then From 732ddf80111ed6f47883fcc9a7798f8b55c14088 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 15:28:07 -0400 Subject: [PATCH 117/380] iiab-update: Clarify "cp -u" in live output too --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 48a4f90ac..eca416d60 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -40,7 +40,7 @@ git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin fi From cdd94f84d9f24224a70facd2c2bbad952a9e2604 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 18 Jul 2024 16:28:14 -0400 Subject: [PATCH 118/380] iiab-update: Permit /opt/iiab/iiab untracked files like adm-run-roles-tmp.yml --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index eca416d60..f51532503 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -32,7 +32,7 @@ fi cd /opt/iiab/iiab - if [[ $(git branch --show-current) != "master" || $(git status --porcelain) != "" ]]; then + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit detritus, e.g. untracked files like adm-run-roles-tmp.yml echo -e "\n\n\e[41;1mIn /opt/iiab/iiab, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi From af3660045ffc581bcac4f3bbfb5bfa70790e94a1 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 Jul 2024 01:19:00 -0400 Subject: [PATCH 119/380] iiab-update: Skip Admin Console ./install if already up-to-date --- scripts/iiab-update | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index f51532503..49cfdc939 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -111,10 +111,16 @@ echo -e "\n\n\e[41;1mIn /opt/iiab/iiab-admin-console, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" exit 1 fi + GITHASH1=$(git rev-parse HEAD) echo -e "\n\e[4mNow running: git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab-admin-console --no-rebase --no-edit - echo -e "\n\e[4mNow running: ./install\e[0m\n" - ./install + GITHASH2=$(git rev-parse HEAD) + if [[ $GITHASH1 != $GITHASH2 ]]; then + echo -e "\n\e[4mNow running: ./install\e[0m\n" + ./install + else + echo -e "\n\e[33mSkipping Admin Console './install' — as it appears up-to-date!\e[0m" + fi fi fi From b1b9d49327d6429de7760e1559b9579c2456ddc3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 19 Jul 2024 04:34:16 -0400 Subject: [PATCH 120/380] Clean up RasPiOS Python/apt/pip doc links --- roles/calibre-web/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 369bc09c1..8b526d03e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -102,8 +102,9 @@ extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) -# https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi -# https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments +# https://www.raspberrypi.com/documentation/computers/os.html#use-python-on-a-raspberry-pi +# https://www.raspberrypi.com/documentation/computers/os.html#install-python-packages-using-apt +# https://www.raspberrypi.com/documentation/computers/os.html#install-python-libraries-using-pip # VIRTUALENV EXAMPLE COMMANDS: # python3 -m venv /usr/local/calibre-web-py3 (create venv) From 33ed99c030847daf4e32fce88aa3c4b82f3c6891 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 Jul 2024 06:26:19 -0400 Subject: [PATCH 121/380] iiab-update -f: Install CWeb requirements.txt + sharpen warning --- scripts/iiab-update | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 49cfdc939..91e0af9e1 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -21,7 +21,7 @@ echo -e "\n\n\e[44;1mAttempting a FAST upgrade of IIAB Calibre-Web...\e[0m\n" echo -e "\n\e[33m'iiab-update -f' DOES NOT apply apt updates.\e[0m" else - echo -e "\n\n\e[44;1mUpgrade IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" + echo -e "\n\n\e[44;1mUpgrading IIAB core software: (apt updates, Ansible, Admin Console, etc)\e[0m\n" echo -e "\n\e[44;1mOr try 'iiab-update -f' for a FAST upgrade of IIAB Calibre-Web!\e[0m\n\n" echo -e "\e[4mNow running: apt update\e[0m\n" apt update @@ -45,16 +45,13 @@ fi if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n" + echo -e "\n\e[33m'iiab-update -f' DOES NOT upgrade Ansible.\e[0m\n\n" else echo -e "\n\n\e[4mNow running: scripts/ansible\e[0m" scripts/ansible fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[1mIf you want a COMPLETE reinstall of Calibre-Web, then also run:\n\n\e[0m\e[7mcd /opt/iiab/iiab ; ./runrole --reinstall calibre-web\e[0m\n" - fi echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" pipx uninstall xklb echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" @@ -72,11 +69,13 @@ systemctl stop calibre-web echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/calibre-web --no-rebase --no-edit - cd /opt/iiab/iiab if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\n\e[4mNow running: systemctl restart calibre-web\e[0m\n" + echo -e "\n\e[4mNow running: bin/pip install -r requirements.txt --prefer-binary\e[0m\n" + bin/pip install -r requirements.txt --prefer-binary > /dev/null + echo -e "\e[4mNow running: systemctl restart calibre-web\e[0m\n" systemctl restart calibre-web else + cd /opt/iiab/iiab echo -e "\n\e[4mNow running: ./runrole --reinstall calibre-web\e[0m\n" ./runrole --reinstall calibre-web fi @@ -124,7 +123,12 @@ fi fi - echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\n\n\e[44;1m'iiab-update -f' COMPLETE!\e[0m\n" + echo -e "\e[44;1mIf Calibre-Web fails, please try 'iiab-update' WITHOUT '-f'\e[0m\n\n" # \e[7m == reverse video (e.g. black on white) + else + echo -e "\n\n\e[44;1miiab-update COMPLETE!\e[0m\n\n" + fi exit # https://stackoverflow.com/questions/2285403/how-to-make-shell-scripts-robust-to-source-being-changed-as-they-run } From 06a36706eb27dd4888464e4127a882ec35f14774 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 20 Jul 2024 11:52:53 -0400 Subject: [PATCH 122/380] iiab-update: Tighten up Calibre-Web upgrader (WIP: Ansible equiv soon) --- scripts/iiab-update | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 91e0af9e1..ec7a5d31e 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -52,24 +52,25 @@ fi if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] - echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" - yt-dlp --version - cd /usr/local/calibre-web-py3 - if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 - fi - echo -e "\n\e[4mNow running: systemctl stop calibre-web\e[0m\n" - systemctl stop calibre-web - echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" - git pull https://github.com/iiab/calibre-web --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall xklb + echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install xklb + echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" + yt-dlp --version + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + cd /usr/local/calibre-web-py3 + if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg + echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 + fi + echo -e "\e[4mNow running: systemctl stop calibre-web\e[0m\n" + systemctl stop calibre-web + echo -e "\e[4mNow running: git pull https://github.com/iiab/calibre-web --no-rebase --no-edit\e[0m\n" + git pull https://github.com/iiab/calibre-web --no-rebase --no-edit echo -e "\n\e[4mNow running: bin/pip install -r requirements.txt --prefer-binary\e[0m\n" bin/pip install -r requirements.txt --prefer-binary > /dev/null echo -e "\e[4mNow running: systemctl restart calibre-web\e[0m\n" From 37c6a7ef2950a659dbebcee2f7a09f895548631f Mon Sep 17 00:00:00 2001 From: root Date: Sat, 20 Jul 2024 13:43:35 -0400 Subject: [PATCH 123/380] Clarify yt-dlp "nightly" for better/experimental YouTube scraping --- scripts/iiab-update | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index ec7a5d31e..76095753f 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -59,13 +59,16 @@ pipx install xklb echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # + # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases + # https://pypi.org/project/yt-dlp/#history cd /usr/local/calibre-web-py3 if [[ $(git branch --show-current) != "master" || $(git status --porcelain --untracked-files=no) != "" ]]; then # Permit venv detritus, e.g. untracked files like these 5: bin/ include/ lib/ lib64 pyvenv.cfg - echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" - exit 1 + echo -e "\n\e[41;1mIn /usr/local/calibre-web-py3, (1) 'git branch' MUST show current branch 'master' and (2) 'git status' must show NO MODIFIED FILES.\e[0m\n\n" + exit 1 fi echo -e "\e[4mNow running: systemctl stop calibre-web\e[0m\n" systemctl stop calibre-web From 06dbdb178a6f2a171f609a23f9ecc159f7db525c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 21 Jul 2024 01:51:06 -0400 Subject: [PATCH 124/380] Allow Calibre-Web upgrades via Ansible too, much like 'iiab-update -f' --- roles/calibre-web/tasks/install.yml | 33 +++++++++++++++++++---------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 8b526d03e..bdcca21f5 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -1,6 +1,9 @@ -# To upgrade IIAB Calibre-Web: +# Or try 'iiab-update -f' for a more rapid upgrade of IIAB Calibre-Web: +# +# https://wiki.iiab.io/go/FAQ#Can_I_upgrade_IIAB_software%3F # https://github.com/iiab/calibre-web/wiki#upgrading # https://github.com/iiab/iiab/blob/master/scripts/iiab-update +# https://github.com/iiab/iiab/tree/master/roles/calibre-web#upgrading - name: Record (initial) disk space used @@ -8,6 +11,13 @@ register: df1 +- name: Stop 'calibre-web' systemd service for safety (RED ERROR CAN BE IGNORED!) + systemd: + name: calibre-web + state: stopped + ignore_errors: True # Shows red errors, and continue... + #failed_when: False # Hides red errors, and continue... + - name: "Install packages: imagemagick, python3-netifaces" package: name: @@ -38,10 +48,10 @@ state: absent when: calibreweb_venv_wipe -- name: Does {{ calibreweb_venv_path }} exist? - stat: - path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 - register: calibreweb_venv +# - name: Does {{ calibreweb_venv_path }} exist? +# stat: +# path: "{{ calibreweb_venv_path }}" +# register: calibreweb_venv - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: @@ -52,7 +62,7 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" + - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -61,14 +71,15 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" +#- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" +- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ MB later)" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" - force: yes - #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing - version: "{{ calibreweb_version }}" # e.g. master, 0.6.21 - when: not calibreweb_venv.stat.exists + force: yes # "any modified files in the working repository will be discarded" + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing + version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 + #when: not calibreweb_venv.stat.exists - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | From 663a35f5ced6b8bcbe0a416c53015b4b22418d63 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 21 Jul 2024 02:31:21 -0400 Subject: [PATCH 125/380] Sharpen /usr/local/calibre-web-py3 disk usage estimates --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index bdcca21f5..d6320fb76 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -72,7 +72,7 @@ # https://github.com/janeczku/calibre-web/pull/1459 #- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" -- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ MB later)" +- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later)" git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" From ddfbbe7bf0e42eb5c2eda9c9cb68bf6190f26f85 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 21 Jul 2024 02:46:48 -0400 Subject: [PATCH 126/380] calibre-web/tasks/install.yml: Clarify yt-dlp "nightly" option --- roles/calibre-web/tasks/install.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index d6320fb76..816fa5ac7 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -98,8 +98,11 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi - # IF YOU WANT THE "nightly" RELEASE OF yt-dlp, UNCOMMENT THE NEXT LINE: + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # + # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases + # https://pypi.org/project/yt-dlp/#history cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/ chmod a+x /usr/local/bin/lb-wrapper fi From 220bea18dcd597fb33501cdabe4d09bb8799bbe2 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 21 Jul 2024 03:24:26 -0400 Subject: [PATCH 127/380] Explain yt-dlp 'nightly' releases, in Ansible output --- roles/calibre-web/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 816fa5ac7..34a89f211 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -81,6 +81,11 @@ version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 #when: not calibreweb_venv.stat.exists +- debug: + msg: + - "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:" + - sudo pipx inject --pip-args='--upgrade --pre' -f xklb yt-dlp[default] + - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then @@ -98,7 +103,7 @@ echo "ERROR: yt-dlp NOT FOUND" fi fi - # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:: + # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases From 46c1003f2c2c10a9487cc8974fe1ab402d701b87 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 21 Jul 2024 21:36:39 -0400 Subject: [PATCH 128/380] KA Lite dying: Time for Kolibri to become mainline --- vars/default_vars.yml | 8 ++++---- vars/local_vars_medical.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_none.yml | 4 ++-- vars/local_vars_small.yml | 8 ++++---- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c0e6e9f13..13291b20d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -476,14 +476,14 @@ wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False kalite_server_port: 8008 kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri kolibri_user: kolibri # WARNING: https://github.com/learningequality/kolibri-installer-debian/issues/115 diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index f97113d63..66798cb05 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -1,7 +1,7 @@ # Default overrides kiwix_incl_apk: True -kalite_install: False -kalite_enabled: False +kolibri_install: False +kolibri_enabled: False captiveportal_install: True captiveportal_enabled: True mediawiki_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index aa142dcc9..40b960608 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -284,8 +284,8 @@ wordpress_enabled: True # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index 6b3876fe8..a13c825ac 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -1,8 +1,8 @@ # turn off defaults remoteit_install: False openvpn_install: False -kalite_install: False -kalite_enabled: False +kolibri_install: False +kolibri_enabled: False kiwix_install: False kiwix_enabled: False osm_vector_maps_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index a366e2863..288395d69 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -284,12 +284,12 @@ wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS -kalite_install: True -kalite_enabled: True +kalite_install: False +kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org -kolibri_install: False -kolibri_enabled: False +kolibri_install: True +kolibri_enabled: True kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From 4cb61cf8b8c3f985d22cbeab8452f342a5f66596 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 22 Jul 2024 22:18:55 -0400 Subject: [PATCH 129/380] 'git pull' if upgrading Calibre-Web, bypassing Ansible --- roles/calibre-web/tasks/install.yml | 38 ++++++++++++++++------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 34a89f211..a6e8d4f56 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -42,17 +42,6 @@ line: ' ' state: present -- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" - file: - path: "{{ calibreweb_venv_path }}" - state: absent - when: calibreweb_venv_wipe - -# - name: Does {{ calibreweb_venv_path }} exist? -# stat: -# path: "{{ calibreweb_venv_path }}" -# register: calibreweb_venv - - name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" file: state: directory @@ -62,7 +51,6 @@ with_items: - "{{ calibreweb_home }}" # /library/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config - - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 # FYI since May 2021, Calibre-Web (major releases) can be installed with pip: # https://pypi.org/project/calibreweb/ @@ -71,15 +59,31 @@ # https://github.com/janeczku/calibre-web/pull/927 # https://github.com/janeczku/calibre-web/pull/1459 -#- name: "Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~120 MB initially, ~203+ MB later) -- if {{ calibreweb_venv_path }} created just above" -- name: "Clone (or 'git pull' to update, forcibly!) Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later)" +- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'" + file: + path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 + state: absent + when: calibreweb_venv_wipe + +- name: Does {{ calibreweb_venv_path }} exist? + stat: + path: "{{ calibreweb_venv_path }}" + register: calibreweb_venv + +- name: git clone Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later) -- if {{ calibreweb_venv_path }} doesns't exist git: repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web dest: "{{ calibreweb_venv_path }}" - force: yes # "any modified files in the working repository will be discarded" - #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing + #force: True # CLAIM: "If true, any modified files in the working repository will be discarded" -- REALITY: even if `force: no`, Ansible destructively reclones (also removing all test branch commits etc!) -- unless a git credential is provided to Ansible? + #depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing version: "{{ calibreweb_version }}" # e.g. master, 0.6.22 - #when: not calibreweb_venv.stat.exists + when: not calibreweb_venv.stat.exists + +- name: cd {{ calibreweb_venv_path }} ; git pull {{ calibreweb_repo_url }} {{ calibreweb_version }} --no-rebase --no-edit -- if {{ calibreweb_venv_path }} exists + command: git pull "{{ calibreweb_repo_url }}" "{{ calibreweb_version }}" --no-rebase --no-edit + args: + chdir: "{{ calibreweb_venv_path }}" + when: calibreweb_venv.stat.exists - debug: msg: From 078d896ef7cd5278ca730e4a28c400f18161f9ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 28 Jul 2024 14:34:51 -0400 Subject: [PATCH 130/380] pbx/README.adoc: Link to official FreePBX 17 install script --- roles/pbx/README.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index d99f0df82..9553cb8db 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -357,4 +357,8 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c * Ron Raikes' routine to install FreePBX from GitHub: https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 +In 2024, see also the official: + +* FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install + Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 1116cbfb362a953358099f413160e2e3d73691d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 28 Jul 2024 14:48:01 -0400 Subject: [PATCH 131/380] pbx/README.adoc: 2 more official FreePBX 17 install links --- roles/pbx/README.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 9553cb8db..2bbd70671 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -360,5 +360,7 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c In 2024, see also the official: * FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install +* FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation +* Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! From 8f1a72e049cade6ffb55c7280af8170b823316dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 28 Jul 2024 15:03:00 -0400 Subject: [PATCH 132/380] pbx/README.adoc: Update FreePBX 17 pre-release news + link --- roles/pbx/README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 2bbd70671..5d48feddf 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of February 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 Beta]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of July 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 pre-releases]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* @@ -359,7 +359,7 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c In 2024, see also the official: -* FreePBX 17 Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install +* https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install * FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation * Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation From 1ddbf01dfff87ce39973705aa1cee41d79f2ea93 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 30 Jul 2024 19:42:47 -0400 Subject: [PATCH 133/380] Kolibri 0.17 RC0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index f02dfde2e..b0ea215bb 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-beta3/kolibri_0.17.0b3-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc0/kolibri_0.17.0rc0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From f20493cdc4dc8bad2edc1a218e827c3400b9a9f7 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 1 Aug 2024 11:10:37 -0400 Subject: [PATCH 134/380] Bypass initial install of Transmission on 24.04 & 24.10 & Mint 22 --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 8771b66a0..4d83e4422 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,7 +6,7 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install + when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) - name: AWSTATS include_role: From cd7baf4b4f3e9a71f7737cc7bb2fc3dd0b593ea4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Aug 2024 14:19:53 -0400 Subject: [PATCH 135/380] Kolibri 0.17 RC2 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index b0ea215bb..ede1a64b6 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc0/kolibri_0.17.0rc0-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc2/kolibri_0.17.0rc2-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From a0e789a11126b33b34066081dfdb83c248208e28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 4 Aug 2024 09:20:47 -0400 Subject: [PATCH 136/380] pbx/README.adoc: FreePBX 17 links --- roles/pbx/README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 5d48feddf..f19260023 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of July 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 pre-releases]. A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of August 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* From 01f87f5e38196a863bb431d5ce6045cb26011736 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Aug 2024 18:44:18 -0400 Subject: [PATCH 137/380] Kolibri 0.17 RC3 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ede1a64b6..405beb896 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -127,7 +127,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc2/kolibri_0.17.0rc2-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 0ab99a456ebef69c971d10154770365165704230 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Aug 2024 18:51:04 -0400 Subject: [PATCH 138/380] kolibri/tasks/install.yml: Clarify 4 OS's now using Python 3.12 --- roles/kolibri/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 405beb896..86281875a 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -128,7 +128,7 @@ - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, and pre-releases of 24.10, and soon Debian 13 (which still uses Python 3.11 for now, but will likely start using Python 3.13 in coming months). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From fd3ff958b16407deb6ae507be0dcc48a91206d88 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Aug 2024 19:29:48 -0400 Subject: [PATCH 139/380] Kolibri 0.17.0 if Python >= 3.12 --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 86281875a..e09616739 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,9 +125,9 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 pre-release, if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0-rc3/kolibri_0.17.0rc3-0ubuntu1_all.deb + kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) From 6e51ecbdd6a29415fe9b5b3a601a87e8a9799899 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Aug 2024 19:37:56 -0400 Subject: [PATCH 140/380] Kolibri 0.17.x: Clean/Clarify Python 3.12+ OS's / context --- roles/kolibri/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index e09616739..217d68d73 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,10 +125,10 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to a Kolibri 0.17 (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' set_fact: kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if it changes from Python 3.12 to 3.13). Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11892 learningequality/kolibri#11316 + when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From cac1c873f40ce9d89e1a344c980646ac6c577311 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Aug 2024 01:03:29 -0400 Subject: [PATCH 141/380] scripts/iiab-root-login: Set + Enable sftp password, for FileZilla uploads --- roles/0-init/tasks/main.yml | 3 +- scripts/iiab-item-size.py | 0 scripts/iiab-network | 0 scripts/iiab-root-login | 60 +++++++++++++++++++++++++++++++++++++ scripts/iiab-size.py | 0 scripts/iiab-update | 2 +- 6 files changed, 63 insertions(+), 2 deletions(-) mode change 100644 => 100755 scripts/iiab-item-size.py mode change 100644 => 100755 scripts/iiab-network create mode 100755 scripts/iiab-root-login mode change 100644 => 100755 scripts/iiab-size.py diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d6859c120..8eb1668eb 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -34,7 +34,7 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy iiab-update & iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ +- name: Copy iiab-update & iiab-summary & iiab-diagnostics & iiab-root-login from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ @@ -43,6 +43,7 @@ - iiab-update - iiab-summary - iiab-diagnostics + - iiab-root-login - name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update file: diff --git a/scripts/iiab-item-size.py b/scripts/iiab-item-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-network b/scripts/iiab-network old mode 100644 new mode 100755 diff --git a/scripts/iiab-root-login b/scripts/iiab-root-login new file mode 100755 index 000000000..2d968e857 --- /dev/null +++ b/scripts/iiab-root-login @@ -0,0 +1,60 @@ +#!/bin/bash -e +# "-e" tries to exit right away on error. + +# Enable (and set!) root login password for ssh and sftp. +# To help everyday IIAB implementers upload content with FileZilla: +# https://wiki.iiab.io/go/FAQ#How_do_I_add_my_own_content%3F + +# AT YOUR OWN RISK. If this absolutely must be run non-interactively, use: +# sudo iiab-root-login + +if [ ! -f /etc/ssh/sshd_config ]; then + echo -e '\n\e[41;1mERROR: /etc/ssh/sshd_config is missing (is openssh-server installed?)\e[0m\n' + exit 1 +fi + +if ! systemctl is-active ssh > /dev/null; then + echo -e "\n\e[41;1mERROR: ssh service is not active (run 'systemctl status ssh' ?)\e[0m\n" + exit 1 +fi + +if [ $# -eq 0 ]; then + echo -e '\n\e[1;33mPICK A STRONG PASSWORD TO PROTECT YOUR IIAB!\e[0m' + echo -en '\nWhat ssh and sftp password do you want for user "root" ? ' + read ans < /dev/tty +else + ans=$1 + echo +fi + +if [[ $ans == "" ]]; then + echo -e '\n\e[41;1mEXITING: User "root" cannot have an empty password.\e[0m\n' + exit 1 +else + echo root:"$ans" | chpasswd + echo -e 'Password changed, for user "root".\n' +fi + +# Comment out problematic line(s) in file(s) like... +# /etc/ssh/sshd_config.d/60-cloudimg-settings.conf +# ...that appear in Multipass VMs, etc: +sed -i 's/^PermitRootLogin[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true +sed -i 's/^PasswordAuthentication[[:blank:]].*/# &/' /etc/ssh/sshd_config.d/* || true + +if grep -q '^PermitRootLogin[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PermitRootLogin[[:blank:]].*/PermitRootLogin yes/' /etc/ssh/sshd_config +else + echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config +fi + +if grep -q '^PasswordAuthentication[[:blank:]]' /etc/ssh/sshd_config; then + sed -i 's/^PasswordAuthentication[[:blank:]].*/PasswordAuthentication yes/' /etc/ssh/sshd_config +else + echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config +fi + +if systemctl reload ssh; then + echo -e '\e[44;1mUser "root" can now upload to IIAB using FileZilla!\e[0m\n' +else + echo -e '\e[41;1mERROR: Unable to reload ssh service.\e[0m\n' +fi diff --git a/scripts/iiab-size.py b/scripts/iiab-size.py old mode 100644 new mode 100755 diff --git a/scripts/iiab-update b/scripts/iiab-update index 76095753f..689f715e0 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -41,7 +41,7 @@ if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" - cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin + cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi if [[ $1 == "-f" || $1 == "--fast" ]]; then From 24def618bc41bcbff0acd55a112f4a034ce3f0b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 7 Aug 2024 03:34:02 -0400 Subject: [PATCH 142/380] roles/iiab-admin/README.rst: Update 2 links --- roles/iiab-admin/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index 5017e4186..c7c4ec5fc 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -58,14 +58,14 @@ Remote Support Tools The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN `_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. -Similarly, `access.yml `_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: +Similarly, `tasks/main.yml `_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: * `lynx `_ * `screen `_ *More great tools to help you jumpstart community action at a distance:* -* http://FAQ.IIAB.IO > "How can I remotely manage my Internet-in-a-Box?" +* `FAQ.IIAB.IO `_ > "How can I remotely manage my Internet-in-a-Box?" Admin Console ------------- From 49b574409a052a77c7629ca12fe928f54db58e4d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 7 Aug 2024 04:04:43 -0400 Subject: [PATCH 143/380] scripts/iiab-update: Touch up for PR #3784 --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 689f715e0..4e2fe7aff 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -40,7 +40,7 @@ git pull https://github.com/iiab/iiab --no-rebase --no-edit if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics /usr/bin\e[0m\n" + echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi From 0d0772aac9eef7f8f990d5528fc9269a87f8a47c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 7 Aug 2024 23:34:30 -0400 Subject: [PATCH 144/380] Revert to installing Kolibri (i.e. 0.17.0+) via PPA, by default --- roles/kolibri/tasks/install.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 217d68d73..d95f36044 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -125,10 +125,13 @@ # when: is_debian or is_linuxmint_20 -- name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' - set_fact: - kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb - when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 +# 2024-08-07: Hack no longer needed! As Kolibri 0.17.0 now installs via "kolibri" PPA (https://launchpad.net/~learningequality/+archive/ubuntu/kolibri). +# Hopefully "kolibri-proposed" PPA will install 0.18 pre-releases soon, on Python 3.13 too! https://github.com/learningequality/kolibri/issues/11892 + +# - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!' +# set_fact: +# kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb +# when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892 - name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined) apt: From ee3781d38a66e353f45ff36ebda5f5815705f297 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 8 Aug 2024 20:53:13 -0400 Subject: [PATCH 145/380] README.md: Fix link to FAQ app list / descriptions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2fcb5085c..b3416aca2 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ You can build your own tiny, affordable server (an offline digital library) for Internet-in-a-Box gives you the DIY tools to: 1. Download then drag-and-drop to arrange the [very best of the World’s Free Knowledge](https://internet-in-a-box.org/#quality-content). -2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). +2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_%28IIAB_apps%29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system). 3. Exchange local/indigenous knowledge with nearby communities, using our [Manage Content](https://github.com/iiab/iiab-admin-console/blob/master/roles/console/files/help/InstContent.rst#manage-content) interface and possible mesh networking. FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!* From 608d05e24082463c7a27c671bea7ba7846d76d30 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 10 Aug 2024 21:41:15 -0400 Subject: [PATCH 146/380] iiab-diagnostics: Try paste.centos.org instead of dpaste.com --- scripts/iiab-diagnostics | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 6fe38407d..a872b88bb 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -273,13 +273,15 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs - pastebinit -b dpaste.com $outfile # Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size, but that claim is not 100% accurate. - #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) - #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? + #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days! + #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) + #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) + #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins else echo -e "If you later decide to publish it, run:" echo - echo -e " pastebinit -b dpaste.com < $outfile" + echo -e " pastebinit -b paste.centos.org $outfile" fi echo -e "\e[0m" From 2c5398dfb29333e72563ee37234fa3b2e34c0b3f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 10 Aug 2024 21:48:10 -0400 Subject: [PATCH 147/380] iiab-diagnostics: Clarify termbin.com rudimentary/reliable option --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index a872b88bb..198ad864e 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -275,7 +275,7 @@ echo -e "\e[1m" if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? - #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days! + #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days (rudimentary but reliable option if nec in future?!) #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) #pastebinit -b sprunge.us $outfile # Stopped working for many weeks (mid-2023, and again in mid-2024) #pastebinit -b paste2.org $outfile # Spammy/dangerous pastebins From e1eb26ba687503f1655e4665d21c20e4250b2d1c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Aug 2024 00:15:30 -0400 Subject: [PATCH 148/380] Recommend ansible-core 2.17.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 51cb3b689..975acda62 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.2] -GOOD_VER=2.17.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.3] +GOOD_VER=2.17.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 86fa7bd49c9594f36b407eb5501ef0213326fd79 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 15 Aug 2024 10:00:56 -0400 Subject: [PATCH 149/380] test.yml: Tips to try ad hoc Ansible commands --- test.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/test.yml b/test.yml index 7afdab202..067b7cddd 100644 --- a/test.yml +++ b/test.yml @@ -1,6 +1,13 @@ # TEST ANSIBLE COMMANDS/MODULES IN SECONDS -- BY RUNNING: # ansible-playbook -i ansible_hosts test.yml --connection=local +# TEST A SINGLE ANSIBLE COMMAND/MODULE: +# ansible localhost -m ansible.builtin.setup | grep -e "ansible_machine\b" -e ansible_architecture +# ansible localhost -m ansible.builtin.shell -a 'echo $TERM' +# ansible localhost -m ansible.builtin.copy -a "src=/etc/hosts dest=/tmp/hosts" +# ansible localhost -m ansible.builtin.systemd -a "name=nginx state=restarted" +# https://docs.ansible.com/ansible/latest/command_guide/intro_adhoc.html + - hosts: all become: yes # Optional privilege escalation @@ -19,7 +26,9 @@ #- include_role: # name: 0-init - # 2024-05-16: ansible-core 2.17 RC2 still hasn't fixed this, as they migrate from Python's crypt library to passlib: + # 2024-08-15: Still not working with ansible-core 2.17.3 -- instead of + # migrating from Python's crypt library to passlib, Ansible is deprecating: + # https://github.com/ansible/ansible/issues/81949 # https://github.com/iiab/iiab/blob/485a619bfa082716ec848b5b34893dd3046175a8/roles/cups/tasks/install.yml#L70-L78 #- debug: # msg: "{{ 'changeme' | password_hash('sha512') }}" From 3bb74ec09a6048b0551c666c4232abbd5ae7982c Mon Sep 17 00:00:00 2001 From: root Date: Thu, 22 Aug 2024 21:32:24 -0400 Subject: [PATCH 150/380] Moodle dev branch renamed from 'master' to 'main' --- roles/moodle/defaults/main.yml | 4 ++-- roles/moodle/tasks/install.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index b6c607027..1e05a1a76 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# 2023-04-25: Currently testing Moodle's master branch is mandatory if your +# April 2024: Currently testing Moodle's main branch is mandatory if your # OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.3, then {{ moodle_version }} will be attempted: moodle_version: MOODLE_404_STABLE # Moodle 4.4 -#moodle_version: master # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 +#moodle_version: main # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 44ba40349..840eeb4d9 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -104,12 +104,12 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.3', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) when: php_version is version('8.3', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From bea4aea7a0994e3fb97e84972aa9027f399f8b12 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 Sep 2024 15:45:33 -0400 Subject: [PATCH 151/380] Recommend ansible-core 2.17.4 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 975acda62..701b46107 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.3] -GOOD_VER=2.17.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.4] +GOOD_VER=2.17.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From c7000f330be9c736b9c84dda489e4da899877d2c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 15 Sep 2024 02:05:42 -0400 Subject: [PATCH 152/380] Introduce roles/tailscale w/ /usr/bin/iiab-vpn etc --- .../openvpn/defaults/main.yml | 0 .../openvpn/tasks/enable-or-disable.yml | 0 .../openvpn/tasks/install.yml | 0 .../openvpn/tasks/main.yml | 0 .../openvpn/templates/15-openvpn.unused | 0 .../openvpn/templates/announce | 0 .../openvpn/templates/announcer | 0 .../openvpn/templates/ca.crt | 0 .../openvpn/templates/client1.crt | 0 .../openvpn/templates/client1.key | 0 .../openvpn/templates/iiab-remote-off | 0 .../openvpn/templates/iiab-remote-on.j2 | 0 .../openvpn/templates/iiab-support | 0 .../openvpn/templates/iiab-support.older | 0 .../templates/openvpn_handle.j2.unused | 0 .../openvpn/templates/silence | 0 .../openvpn/templates/xscenet.conf.j2 | 0 roles/0-init/tasks/validate_vars.yml | 3 +- roles/1-prep/tasks/main.yml | 10 +- roles/4-server-options/tasks/main.yml | 5 - roles/iiab-admin/README.rst | 4 +- roles/iiab-admin/tasks/sudo-prereqs.yml | 2 +- roles/sshd/defaults/main.yml | 2 +- roles/tailscale/tasks/install.yml | 113 ++++++++++++++++++ roles/tailscale/tasks/main.yml | 47 ++++++++ roles/tailscale/templates/iiab-vpn | 54 +++++++++ roles/tailscale/templates/iiab-vpn-off | 7 ++ scripts/iiab-summary | 9 +- vars/default_vars.yml | 20 +--- vars/local_vars_large.yml | 13 +- vars/local_vars_medical.yml | 1 - vars/local_vars_medium.yml | 13 +- vars/local_vars_none.yml | 2 +- vars/local_vars_small.yml | 13 +- vars/local_vars_unittest.yml | 13 +- 35 files changed, 265 insertions(+), 66 deletions(-) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/defaults/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/enable-or-disable.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/install.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/tasks/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/15-openvpn.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/announce (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/announcer (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/ca.crt (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/client1.crt (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/client1.key (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-remote-off (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-remote-on.j2 (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-support (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/iiab-support.older (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/openvpn_handle.j2.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/silence (100%) rename roles/{ => 0-DEPRECATED-ROLES}/openvpn/templates/xscenet.conf.j2 (100%) create mode 100644 roles/tailscale/tasks/install.yml create mode 100644 roles/tailscale/tasks/main.yml create mode 100755 roles/tailscale/templates/iiab-vpn create mode 100755 roles/tailscale/templates/iiab-vpn-off diff --git a/roles/openvpn/defaults/main.yml b/roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml similarity index 100% rename from roles/openvpn/defaults/main.yml rename to roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml diff --git a/roles/openvpn/tasks/enable-or-disable.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml similarity index 100% rename from roles/openvpn/tasks/enable-or-disable.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml diff --git a/roles/openvpn/tasks/install.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml similarity index 100% rename from roles/openvpn/tasks/install.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml diff --git a/roles/openvpn/tasks/main.yml b/roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml similarity index 100% rename from roles/openvpn/tasks/main.yml rename to roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml diff --git a/roles/openvpn/templates/15-openvpn.unused b/roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused similarity index 100% rename from roles/openvpn/templates/15-openvpn.unused rename to roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused diff --git a/roles/openvpn/templates/announce b/roles/0-DEPRECATED-ROLES/openvpn/templates/announce similarity index 100% rename from roles/openvpn/templates/announce rename to roles/0-DEPRECATED-ROLES/openvpn/templates/announce diff --git a/roles/openvpn/templates/announcer b/roles/0-DEPRECATED-ROLES/openvpn/templates/announcer similarity index 100% rename from roles/openvpn/templates/announcer rename to roles/0-DEPRECATED-ROLES/openvpn/templates/announcer diff --git a/roles/openvpn/templates/ca.crt b/roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt similarity index 100% rename from roles/openvpn/templates/ca.crt rename to roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt diff --git a/roles/openvpn/templates/client1.crt b/roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt similarity index 100% rename from roles/openvpn/templates/client1.crt rename to roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt diff --git a/roles/openvpn/templates/client1.key b/roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key similarity index 100% rename from roles/openvpn/templates/client1.key rename to roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off similarity index 100% rename from roles/openvpn/templates/iiab-remote-off rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 similarity index 100% rename from roles/openvpn/templates/iiab-remote-on.j2 rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 diff --git a/roles/openvpn/templates/iiab-support b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support similarity index 100% rename from roles/openvpn/templates/iiab-support rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support diff --git a/roles/openvpn/templates/iiab-support.older b/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older similarity index 100% rename from roles/openvpn/templates/iiab-support.older rename to roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older diff --git a/roles/openvpn/templates/openvpn_handle.j2.unused b/roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused similarity index 100% rename from roles/openvpn/templates/openvpn_handle.j2.unused rename to roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused diff --git a/roles/openvpn/templates/silence b/roles/0-DEPRECATED-ROLES/openvpn/templates/silence similarity index 100% rename from roles/openvpn/templates/silence rename to roles/0-DEPRECATED-ROLES/openvpn/templates/silence diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 similarity index 100% rename from roles/openvpn/templates/xscenet.conf.j2 rename to roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 383f911a3..dee75addd 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -71,7 +71,8 @@ - dnsmasq - bluetooth - sshd - - openvpn + #- openvpn # Deprecated + - tailscale - remoteit - admin_console #- nginx # MANDATORY diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 929dd04da..16cf5976e 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,22 +3,22 @@ - name: ...IS BEGINNING ============================================ meta: noop -- name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml +- name: SSHD include_role: name: sshd when: sshd_install -- name: OPENVPN +- name: TAILSCALE (VPN) include_role: - name: openvpn - when: openvpn_install + name: tailscale + when: tailscale_install - name: REMOTE.IT include_role: name: remoteit when: remoteit_install -- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml +- name: IIAB-ADMIN -- includes {lynx, screen, sudo-prereqs.yml, admin-user.yml, pwd-warnings.yml} include_role: name: iiab-admin #when: iiab_admin_install # Flag might be created in future? diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 9bed4e5e8..583cb763d 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -19,11 +19,6 @@ #when: pylibs_installed is undefined #when: pylibs_install # Flag might be created in future? -- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN - include_role: - name: sshd - when: sshd_install - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index c7c4ec5fc..2dbadaa62 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -36,7 +36,7 @@ Security #. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml `_) #. ``sudo`` * Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md -* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security +* If your IIAB includes Tailscale (VPN), ``/root/.ssh/authorized_keys`` should be installed by `roles/tailscale/tasks/install.yml <../tailscale/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security * Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d `_ (and `/etc/xdg/lxsession/LXDE-pi `_ when it exists, i.e. on Raspberry Pi OS with desktop). Example @@ -56,7 +56,7 @@ Historical Notes Remote Support Tools -------------------- -The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN `_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. +The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `Tailscale (VPN) `_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you. Similarly, `tasks/main.yml `_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections: diff --git a/roles/iiab-admin/tasks/sudo-prereqs.yml b/roles/iiab-admin/tasks/sudo-prereqs.yml index 1b608fef1..9370666b2 100644 --- a/roles/iiab-admin/tasks/sudo-prereqs.yml +++ b/roles/iiab-admin/tasks/sudo-prereqs.yml @@ -1,6 +1,6 @@ - name: 'Install package: sudo' package: - name: sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) + name: sudo # (1) Should be installed prior to installing IIAB, (2) Can be installed by 1-prep's roles/tailscale/tasks/install.yml, (3) Can be installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) - name: Temporarily make file /etc/sudoers editable (0640) file: diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml index 5c9c5dc17..83a3cf36a 100644 --- a/roles/sshd/defaults/main.yml +++ b/roles/sshd/defaults/main.yml @@ -1,4 +1,4 @@ -# sshd_install: True # Required by OpenVPN +# sshd_install: True # sshd_enabled: True # sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml diff --git a/roles/tailscale/tasks/install.yml b/roles/tailscale/tasks/install.yml new file mode 100644 index 000000000..0e3bee8c1 --- /dev/null +++ b/roles/tailscale/tasks/install.yml @@ -0,0 +1,113 @@ +- name: Record (initial) disk space used + shell: df -B1 --output=used / | tail -1 + register: df1 + + +- name: "Set up apt source (jammy) in /etc/apt/sources.list.d/tailscale.list and its key /usr/share/keyrings/tailscale-archive-keyring.gpg, to install Tailscale" + shell: | + curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg > /usr/share/keyrings/tailscale-archive-keyring.gpg + curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list > /etc/apt/sources.list.d/tailscale.list + +- name: "Install packages: jq, sudo, tailscale" + package: + name: + #- ncat # Newer versions of NMap do not include NCat, WAS needed to announce openvpn_handle (if Debian > 9 or Ubuntu > 18) + #- nmap + - jq # JSON parser used by /usr/bin/iiab-support == /usr/bin/iiab-vpn + - sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by 1-prep here, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) + - tailscale + update_cache: yes + +- name: Set up tab completion for 'tailscale' at the command-line + shell: tailscale completion bash > /etc/bash_completion.d/tailscale + +- name: "Install ssh public keys for remote support (only runs if 'tailscale_install: True')" + lineinfile: + line: "{{ item.pubkey }}" + regexp: "{{ item.regexp }}" + path: /root/.ssh/authorized_keys + with_items: + - regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=" + - regexp: "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxAmjU7VojyK+0Pjp2p8CCGTNBtE565A/L8IVbAT8MIucRE9LN1g5LjGnOHUShFJpwuTR1JLX2r9EDRMsf9MmyTgUAnuyP005giWVHXLPtjyjTzbsJ1DEtXRytulmF+GlCOaqPWNde6EOmReqPHbmjIQpRZ/Sc8hziS4jVSQuBA9EhaBmZ62CPqK33mPJvnpwMtdd6nHXAcXsZhStd3NhVDm27+B3sHI6mr2w7ExdBXE5DKiZL2po8n2y4hJYZreJopbjcQmv4oWdDWvPu5I92xDgYCsqcE7zSrv1um+tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal" + - regexp: "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" + pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApHPly+EA1M4bispl3AulTLjyYCjcJzh6s779K3epDkqh600a+fHsdIiddWCAfIonRq+9MJyOiaNQ+WYLOuajI1IiFZWFt45xDAiyCUnyuT+ytAX+IA3TgTwgTZPfzDOzI8rDRV9Sgl+LZLfPno7T3qxcGx2l51bRk+koRK+Txpph//M3jGvsFmTKhjvfxgEIUmMH9SkASxEdyqASr0+/+uLR92MnT+8CT1pOYYoJyZp9Lta5eGqJvbEmd3Dn7MXqD3vXE57o4rBJ0bR3q5LK59WVNxNQbulJ9z5V7aTJ4AbBFQWxm0fH0gBx+heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank" + +# CLARIF: plus signs (+) in public keys cause duplicate key additions (above) +# and failure during removal (below) as "+" has a special meaning as +# interpreted in a Python regexp, as implemented by Ansible's lineinfile module: +# https://docs.python.org/2/library/re.html + +# WORKAROUND: the tail end of each public key (after the last plus sign) is +# being used (instead of the full key) as an abbreviated regexp for now. +# A backslash in front of each plus sign (+) would also work. + +# - name: Remove those ssh public keys, if not tailscale_enabled +# lineinfile: +# regexp: "{{ item }}" +# path: /root/.ssh/authorized_keys +# state: absent +# with_items: +# - "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" +# - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" +# - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" +# when: not tailscale_enabled + +- name: Install /usr/bin/iiab-vpn & /usr/bin/iiab-vpn-off (BACKS UP FILES IF CHANGED) + template: + src: "{{ item }}" + dest: /usr/bin/ + mode: '0755' + backup: yes + with_items: + - iiab-vpn + - iiab-vpn-off + +- name: Symlink /usr/bin/iiab-vpn-on -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-vpn-on + state: link + +- name: Symlink /usr/bin/iiab-support -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-support + state: link + +- name: Symlink /usr/bin/iiab-support-on -> /usr/bin/iiab-vpn + file: + src: /usr/bin/iiab-vpn + path: /usr/bin/iiab-support-on + state: link + +- name: Symlink /usr/bin/iiab-support-off -> /usr/bin/iiab-vpn-off + file: + src: /usr/bin/iiab-vpn-off + path: /usr/bin/iiab-support-off + state: link + + +# RECORD Tailscale AS INSTALLED + +- name: Record (final) disk space used + shell: df -B1 --output=used / | tail -1 + register: df2 + +- name: Add 'tailscale_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: tailscale + option: tailscale_disk_usage + value: "{{ df2.stdout|int - df1.stdout|int }}" + +- name: "Set 'tailscale_installed: True'" + set_fact: + tailscale_installed: True + +- name: "Add 'tailscale_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^tailscale_installed' + line: 'tailscale_installed: True' diff --git a/roles/tailscale/tasks/main.yml b/roles/tailscale/tasks/main.yml new file mode 100644 index 000000000..fc8af13e5 --- /dev/null +++ b/roles/tailscale/tasks/main.yml @@ -0,0 +1,47 @@ +# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" + + +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "tailscale_install is sameas true" (boolean not string etc) + assert: + that: tailscale_install is sameas true + fail_msg: "PLEASE SET 'tailscale_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "tailscale_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: tailscale_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'tailscale_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Tailscale if 'tailscale_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: tailscale_installed is undefined + + +#- include_tasks: enable-or-disable.yml + + +- name: Add 'tailscale' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: tailscale + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Tailscale (VPN) + - option: description + value: '"Tailscale enables live/remote support by connecting machines anywhere on the Internet, using a software-defined mesh virtual private network (VPN), and optional web-based management service."' + - option: tailscale_install + value: "{{ tailscale_install }}" + - option: tailscale_enabled + value: "{{ tailscale_enabled }}" diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn new file mode 100755 index 000000000..05ae623f3 --- /dev/null +++ b/roles/tailscale/templates/iiab-vpn @@ -0,0 +1,54 @@ +#!/bin/bash + +# USEFUL DOC: https://tailscale.com/kb/1080/cli#status + +VPN_URL=https://iiab.net +VPN_KEY="$1" + +# if tailscale status > /dev/null; then # MANY IMPERFECT TESTS OF TAILNET CONNECTIVITY: tailscale0 CAN lose its IP address, as shown by 'ip a' and 'hostname -I' (testing 'systemctl is-active tailscaled' is likely no better!) Unclear if 'tailscale status --json | jq -r .Self.Online' is much better? Maybe explore 'tailscale debug --help' and 'tailscale debug prefs' for a cleaner/authoritative verdict? Or use + display string output of 'systemctl show tailscaled --property=StatusText' e.g. 'StatusText=Connected; iiab; 100.64.0.4' ? (OR JUST DON'T WORRY ABOUT IT, AS THE ~3 'tailscale up' COMMANDS BELOW ARE MORE PROACTIVE... AND APPEAR FAST + SAFE!) +# echo -e "\n\e[1;33mAlready connected to VPN!?\e[0m" +# else +# [NEST ~20 LINES OF IF STATEMENTS FURTHER BELOW?] + +# Check that current profile key still exists in /var/lib/tailscale/tailscaled.state ? (As 'tailscale logout' wipes it!) In the end, these are 3 lousy tests... +# if [ -f /var/lib/tailscale/tailscaled.state ] && [[ $(grep -c $(jq -r '."_current-profile"' /var/lib/tailscale/tailscaled.state) /var/lib/tailscale/tailscaled.state) > 1 ]]; then +# if ! [[ $(tailscale status | tr '[:upper:]' '[:lower:]') =~ "logged out" ]]; then +# if [[ $(tailscale status --json | jq -r .CurrentTailnet.Name) = "iiab.community" ]]; then + +# UX Optimization: {iiab-vpn, iiab-support} can be run WITHOUT key *IF* .BackendState is "Stopped" or "Running" *AND* .ControlURL is $VPN_URL (avoid their default, https://controlplane.tailscale.com !) +if [[ $(tailscale status --json | jq -r .BackendState) != "NeedsLogin" && $(tailscale debug prefs | jq -r .ControlURL) = $VPN_URL ]]; then + if ! tailscale up --login-server "$VPN_URL" --timeout 8s; then # (Re-)passing $VPN_URL is overkill on this line, but can't hurt! + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN\e[0m\n" + exit 1 + fi +elif [ -z $VPN_KEY ]; then + echo -e "\n\e[1;33mVPN key required!\e[0m\n\nEmail holt@unleashkids.org to explain your need?\n" + exit 1 +else + if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" + # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... + # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) + # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) + if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then + echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" + exit 1 + fi + fi +fi + +# jq 1.7 (2023-09-05) on new OS's also allows new syntax... jq -r .Node.Tags.[] +# Can also work: tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[]) +echo -e "\n\e[44;1mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\e[0m\n" +echo -e " hostname -I" +echo -e " tailscale ip" +echo -e " tailscale status" +echo -e " tailscale whois $(tailscale ip -1)" +echo -e " tailscale whois --json $(tailscale ip -1) | jq" +echo -e " tailscale ping [IP or HOSTNAME]" +echo -e " tailscale status --json | jq" +echo -e " systemctl status tailscaled\n" +echo -e "\e[4mTo disconnect from VPN:\e[0m\n" +echo -e " tailscale down\n" +echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" +echo -e " tailscale logout\n" diff --git a/roles/tailscale/templates/iiab-vpn-off b/roles/tailscale/templates/iiab-vpn-off new file mode 100755 index 000000000..75ea5c0f3 --- /dev/null +++ b/roles/tailscale/templates/iiab-vpn-off @@ -0,0 +1,7 @@ +#!/bin/bash + +tailscale down + +echo -e "\n\e[44;1mDisconnecting from VPN...\e[0m\n" +echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" # Expires machine node key, from /var/lib/tailscale/tailscaled.state +echo -e " tailscale logout\n" # ...as seen by 'tailscale status --json' (related: 'tailscale debug prefs') diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 7551aad08..80b6e521f 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -79,8 +79,13 @@ echo /opt/iiab/iiab/scripts/iiab-apps-to-be-installed > /dev/null echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(cat /tmp/iiab-apps-to-be-installed | wc -l)" echo +#grep "^openvpn_handle:" /etc/iiab/local_vars.yml +#grep "^tailscale_installed:" /etc/iiab/iiab_state.yml +if [[ $(command -v /usr/bin/tailscale) ]]; then + #echo "VPN: $(tailscale ip) $(tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[])" + echo "VPN: $(tailscale ip) $(tailscale status --json | jq -r .Self.Tags[])" +fi echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net -grep "^openvpn_enabled:" /etc/iiab/local_vars.yml -grep "^openvpn_handle:" /etc/iiab/local_vars.yml +echo $(echo $(hostname -A) $(hostname -a) | xargs -n1 | sort | uniq) hostname -I echo diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 13291b20d..68a520970 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -219,8 +219,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml @@ -232,17 +232,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -openvpn_handle: "" # Empty string on purpose since ~2016, for /etc/iiab/uuid -# SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20 -# cron seemed necessary on CentOS: -openvpn_cron_enabled: False -# General OpenVPN settings -openvpn_server: xscenet.net -openvpn_server_real_ip: 3.89.148.185 -openvpn_server_virtual_ip: 10.8.0.1 -openvpn_server_port: 1194 +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo, @@ -289,8 +281,6 @@ nginx_log_dir: /var/log/nginx # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 3903530ed..7f0d398fe 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: LARGE - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 66798cb05..5df26eb52 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -12,7 +12,6 @@ munin_install: True munin_enabled: True vnstat_install: True vnstat_enabled: True -openvpn_handle: "MEDICAL - Put Your Name Here" usb_lib_umask0000_for_kolibri: False apache_allow_sudo: True # By default diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 40b960608..08afaab93 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: MEDIUM-sized - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml index a13c825ac..1e5c03ead 100644 --- a/vars/local_vars_none.yml +++ b/vars/local_vars_none.yml @@ -1,6 +1,6 @@ # turn off defaults remoteit_install: False -openvpn_install: False +tailscale_install: False kolibri_install: False kolibri_enabled: False kiwix_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 288395d69..70206e9ec 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: False -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: SMALL - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 19c47ca74..026187075 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -132,8 +132,8 @@ dns_jail_enabled: False # 1-PREP -# SSHD runs here & also below in 4-SERVER-OPTIONS -sshd_install: True # Required by OpenVPN +# OPENSSH-SERVER +sshd_install: True sshd_enabled: True # https://remote.it can help you remotely maintain an IIAB. @@ -144,10 +144,9 @@ remoteit_enabled: False # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security -openvpn_install: True -openvpn_enabled: True -# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle -openvpn_handle: UNITTEST - Put Your Name Here +# New VPN replaced OpenVPN in Sept 2024: +tailscale_install: True +tailscale_enabled: False # Stub var, doesn't yet do anything! # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo @@ -178,8 +177,6 @@ pi_swap_file_size: 1024 # 4-SERVER-OPTIONS -# SSHD runs here & also above in 1-PREP - # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) From f07832105d8a9af85086eeee0117256cc292950a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 15 Sep 2024 05:17:38 -0400 Subject: [PATCH 153/380] Add openvpn to unmaintained-roles.txt, per PR #3798 --- unmaintained-roles.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/unmaintained-roles.txt b/unmaintained-roles.txt index c30178fbc..3573e6f75 100644 --- a/unmaintained-roles.txt +++ b/unmaintained-roles.txt @@ -13,6 +13,7 @@ httpd-enable idmgr moodle-1.9 nodogsplash +openvpn osm owncloud pathagar From c88f1418adfb4540e526751c93e4d5445aa75ea5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 15 Sep 2024 05:48:08 -0400 Subject: [PATCH 154/380] nextcloud/README.md: Mention NEW Nextcloud 30 --- roles/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index e74518b32..c0eb0f9b3 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -42,7 +42,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre - https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html - https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/30/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It From 35bdd1181b5b16414f792d9658a3257d4fd24446 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Sep 2024 08:22:46 -0400 Subject: [PATCH 155/380] iiab-vpn doc for #3798: tailscale ping --verbose [IP or HOSTNAME] --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 05ae623f3..2bdc964af 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -45,7 +45,7 @@ echo -e " tailscale ip" echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" echo -e " tailscale whois --json $(tailscale ip -1) | jq" -echo -e " tailscale ping [IP or HOSTNAME]" +echo -e " tailscale ping --verbose [IP or HOSTNAME]" echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" From d3d0b9767c29fc3108dc6510993a20532bd9be0e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Sep 2024 09:39:44 -0400 Subject: [PATCH 156/380] iiab-vpn: Tailscale tips for Android, Mac/iOS, Windows --- roles/tailscale/templates/iiab-vpn | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 2bdc964af..2b02a7119 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -1,6 +1,10 @@ #!/bin/bash -# USEFUL DOC: https://tailscale.com/kb/1080/cli#status +# USEFUL DOCS: +# https://tailscale.com/kb/1080/cli#status +# https://headscale.net/android-client/ +# https://headscale.net/apple-client/ +# https://headscale.net/windows-client/ VPN_URL=https://iiab.net VPN_KEY="$1" From 5414eb3c384553728767e6b1b417ae2b2fc74ed3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Sep 2024 11:34:32 -0400 Subject: [PATCH 157/380] iiab-vpn tip: Show IPs tagged with usernames --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 2b02a7119..ad15f57c8 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -50,7 +50,7 @@ echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" echo -e " tailscale whois --json $(tailscale ip -1) | jq" echo -e " tailscale ping --verbose [IP or HOSTNAME]" -echo -e " tailscale status --json | jq" +echo -e " tailscale status --json | grep -B3 tag:" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" echo -e " tailscale down\n" From 71f6d0371b05edba0a0a72d2bed0576947e3e01e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Sep 2024 15:08:55 -0400 Subject: [PATCH 158/380] iiab-vpn shows status of each IP (+ better tips!) --- roles/tailscale/templates/iiab-vpn | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index ad15f57c8..41596b959 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -32,8 +32,8 @@ else if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... - # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) - # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) + # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) + # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" exit 1 @@ -48,11 +48,15 @@ echo -e " hostname -I" echo -e " tailscale ip" echo -e " tailscale status" echo -e " tailscale whois $(tailscale ip -1)" -echo -e " tailscale whois --json $(tailscale ip -1) | jq" +echo -e " tailscale whois --json $(tailscale ip -1) | jq .Node.Endpoints,.Node.Hostinfo" echo -e " tailscale ping --verbose [IP or HOSTNAME]" -echo -e " tailscale status --json | grep -B3 tag:" +echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" echo -e "\e[4mTo disconnect from VPN:\e[0m\n" echo -e " tailscale down\n" echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" + +# More useful output than 'tailscale status' +echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t From e98cd76ec00c1983aaabde49d5cc35fc4a07177e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Sep 2024 15:17:59 -0400 Subject: [PATCH 159/380] iiab-vpn: Trailing newline forgotten in PR #3800 --- roles/tailscale/templates/iiab-vpn | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 41596b959..a7ea67298 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -60,3 +60,4 @@ echo -e " tailscale logout\n" # More useful output than 'tailscale status' echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +echo From 086087b65bf1b28b3f0443b468b1a70416057893 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Sep 2024 19:51:15 -0400 Subject: [PATCH 160/380] iiab-vpn PR #3800 doc: Table of IPs/usernames/etc --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index a7ea67298..81cbe332c 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -57,7 +57,7 @@ echo -e " tailscale down\n" echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" -# More useful output than 'tailscale status' +# More useful table of IPs/usernames/etc than 'tailscale status' echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t echo From d72e60c87d62c1807732b9b88e0a22e956f3d8b3 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Sep 2024 19:19:35 -0400 Subject: [PATCH 161/380] Doc fixes for Tailscale PRs #3798 & #3800 --- roles/1-prep/README.adoc | 2 +- roles/2-common/tasks/packages.yml | 1 - roles/firmware/templates/iiab-check-firmware | 2 +- roles/network/templates/gateway/iiab-gen-iptables | 2 +- roles/nginx/README.md | 2 +- 5 files changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/1-prep/README.adoc b/roles/1-prep/README.adoc index 9d0154d73..997ec812b 100644 --- a/roles/1-prep/README.adoc +++ b/roles/1-prep/README.adoc @@ -6,7 +6,7 @@ https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible[stage] hardware, low-level OS quirks, and basic security: * SSHD -* OpenVPN if/as needed later for remote support +* Tailscale if/as needed later for remote support * https://github.com/iiab/iiab/tree/master/roles/iiab-admin#iiab-admin-readme[iiab-admin] username and group, to log into Admin Console * dnsmasq (install now, configure later!) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 95b227d95..681d8b83f 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -29,7 +29,6 @@ - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download - #- sudo # 991kB download: RasPiOS installs this regardless -- (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml - tar # 799kB download: RasPiOS installs this regardless - unzip # 151kB download: RasPiOS installs this regardless #- usbmount # 18kB download: Moved to roles/usb_lib/tasks/install.yml diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index a7a36a626..b2f7a1cce 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -19,7 +19,7 @@ # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 -# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN +# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN iiab_var_value() { v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 0a8b6a80e..77717a748 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -39,7 +39,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39 -# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN +# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN # "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and # (2) Chops up Ansible vars containing multiple words w/o surrounding quotes. diff --git a/roles/nginx/README.md b/roles/nginx/README.md index dd2311a15..2c5f65590 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -52,11 +52,11 @@ * kalite (menu goes directly to ports 8006-8008) * minetest * mosquitto - * openvpn * pbx [FreePBX is usable with _both_ NGINX and Apache as of 2021-08-18, thanks to PR [#2954](https://github.com/iiab/iiab/pull/2954)] * phpmyadmin [*, requires Apache for now, as in Section iii.] * samba [*, [PR #2923](https://github.com/iiab/iiab/pull/2923)] * sshd + * tailscale * transmission * vnstat From 95986ae681c8324f8ea3f8f436311aa726dd9620 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Sep 2024 23:20:07 -0400 Subject: [PATCH 162/380] Refine iiab-vpn status table of Tailscale IPs/usernames/etc --- roles/tailscale/templates/iiab-vpn | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 81cbe332c..0157b02c4 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -58,6 +58,11 @@ echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' -echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +#echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +#tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t +echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " " + (.Online|tostring) + " " + .OS' | sort -V | column -t | \ + while read line; do + echo "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); + done echo From 13fcd0f9c57517df1964d8bfbb28b6bb94ca131a Mon Sep 17 00:00:00 2001 From: root Date: Mon, 23 Sep 2024 03:52:37 -0400 Subject: [PATCH 163/380] Tighten & brighten iiab-vpn status table --- roles/tailscale/templates/iiab-vpn | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 0157b02c4..4df98d273 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -60,9 +60,11 @@ echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' #echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t -echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " " + (.Online|tostring) + " " + .OS' | sort -V | column -t | \ - while read line; do - echo "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); +#echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' +echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' +tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ + while read l; do + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From c81e3629ff213350b3dae4a41a16b6def80e55b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 28 Sep 2024 11:11:22 -0400 Subject: [PATCH 164/380] `nodocs: True` in local_vars_unittest.yml --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 026187075..cbcf0d958 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -222,7 +222,7 @@ nginx_high_php_limits: False apache_allow_sudo: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) -nodocs: False +nodocs: True # 5-XO-SERVICES From 278ec39f2c718236da05526289d106ecc1a665e1 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 29 Sep 2024 11:33:05 -0400 Subject: [PATCH 165/380] Internet access test..more relevant..for IIAB docs --- roles/www_options/tasks/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 1d5b642e0..b26256239 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -94,10 +94,12 @@ # 2022-06-30: internet_available var removed -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' +- name: 'Test for Internet access, using: https://wiki.iiab.io' get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt + #url: "{{ iiab_download_url }}/heart-beat.txt" + url: https://wiki.iiab.io + #dest: /tmp/heart-beat.txt + dest: /tmp/internet_access_test.html #timeout: "{{ download_timeout }}" # @jvonau recommends: 100sec is too much (keep 10sec default) ignore_errors: True @@ -105,9 +107,9 @@ #poll: 2 register: internet_access_test -- name: Remove downloaded Internet test file /tmp/heart-beat.txt +- name: Remove downloaded Internet test file /tmp/internet_access_test.html file: - path: /tmp/heart-beat.txt + path: /tmp/internet_access_test.html state: absent - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml) From 90d6af32a782532c62aa15d07309d9d9596b27be Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 30 Sep 2024 09:45:55 -0400 Subject: [PATCH 166/380] Mention Calibre-Web's official upstream install instructions --- roles/calibre-web/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a6e8d4f56..1d738a8df 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -18,6 +18,9 @@ ignore_errors: True # Shows red errors, and continue... #failed_when: False # Hides red errors, and continue... +# Official upstream instructions: +# apt install python3-pip python3-venv +# https://github.com/janeczku/calibre-web/wiki/Manual-installation - name: "Install packages: imagemagick, python3-netifaces" package: name: From 08f2f2191ccb6675f564a1679bbdb45d5b5aaa88 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 30 Sep 2024 16:39:47 -0400 Subject: [PATCH 167/380] Cleaner columns in iiab-vpn output, when tag &/or relay missing --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 4df98d273..c79b1dccb 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -62,7 +62,7 @@ echo -e " tailscale logout\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t #echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .Relay + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ +tailscale status --json | jq -r '.Self,.Peer[] | (if .Tags[] == "" then "-" else .Tags[] end) + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); From d941a8ffbec9f44d6fa897f72ccfe72287afc39b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 30 Sep 2024 21:52:11 -0400 Subject: [PATCH 168/380] MediaWiki 1.42.3 (security & maintenance release) --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 1787b2807..4a7abf5de 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 1 +mediawiki_minor_version: 3 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 526dc22fb86a5678469adc7e83d13d3b0da2618f Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Tue, 1 Oct 2024 16:39:22 -0400 Subject: [PATCH 169/380] Make calibre-web role install cryptography --- roles/calibre-web/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 1d738a8df..dae058820 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -24,6 +24,7 @@ - name: "Install packages: imagemagick, python3-netifaces" package: name: + - python3-cryptography - imagemagick - python3-netifaces state: present From 1f75537309cce53f5eeeef0801431c5c56685843 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Oct 2024 17:59:46 -0400 Subject: [PATCH 170/380] calibre-web/tasks/install.yml: Explain python3-cryptography --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index dae058820..3ed72cc9b 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,11 +21,11 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install packages: imagemagick, python3-cryptography, python3-netifaces" package: name: - - python3-cryptography - imagemagick + - python3-cryptography # Required on Raspberry Pi OS - python3-netifaces state: present From 23e92b585322c67696a5fef67179212c096f5b04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Oct 2024 18:52:20 -0400 Subject: [PATCH 171/380] calibre-web/tasks/install.yml: Mention iiab/calibre-web#260 --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 3ed72cc9b..5e1f66933 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -25,7 +25,7 @@ package: name: - imagemagick - - python3-cryptography # Required on Raspberry Pi OS + - python3-cryptography # Required on Raspberry Pi OS (see iiab/calibre-web#260) - python3-netifaces state: present From c7b566418bc4d541ccabd16f99317ed17a6fbf3a Mon Sep 17 00:00:00 2001 From: root Date: Tue, 1 Oct 2024 19:58:33 -0400 Subject: [PATCH 172/380] scripts/iiab-update: Also update /usr/bin/iiab-vpn --- scripts/iiab-update | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4e2fe7aff..63f4a8a68 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -38,9 +38,14 @@ fi echo -e "\n\n\e[4mNow running: git pull https://github.com/iiab/iiab --no-rebase --no-edit\e[0m\n" git pull https://github.com/iiab/iiab --no-rebase --no-edit + echo + if grep -q 'tailscale_installed: True' /etc/iiab/iiab_state.yml; then + echo -e "\e[4mNow running: cp -u roles/tailscale/templates/iiab-vpn /usr/bin\e[0m\n" + cp -u roles/tailscale/templates/iiab-vpn /usr/bin + fi if [[ $1 == "-f" || $1 == "--fast" ]]; then # Otherwise ./runrole does it below! (as Ansible runs roles/0-init) cd scripts - echo -e "\n\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" + echo -e "\e[4mNow running: cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin\e[0m\n" cp -u iiab-update iiab-summary iiab-diagnostics iiab-root-login /usr/bin fi From e7eb246a1d50369c02432099431767166de15b25 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Oct 2024 13:24:45 -0400 Subject: [PATCH 173/380] local_vars_unittest.yml: SKIP roles/network, for FASTER UNIT TESTING --- vars/local_vars_unittest.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index cbcf0d958..fe44a58ab 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -12,6 +12,12 @@ # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. +# We SKIP roles/network, for FASTER UNIT TESTING! (so IF an internal hotspot +# is later desired, change these two lines to 'True', then run 'iiab-network') +network_install: False +network_enabled: False + + # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 100 From 297afc3b728eb35b016b3415e2ee1b805e2d977a Mon Sep 17 00:00:00 2001 From: root Date: Wed, 2 Oct 2024 16:49:25 -0400 Subject: [PATCH 174/380] RIP apt package 'wireless-tools' (or Debian 13+ might keep it?) --- roles/network/tasks/install.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 680b95233..f7c1a5b9a 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -18,7 +18,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 12 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -32,10 +32,18 @@ - netmask # 25kB download: Handy utility -- helps determine network masks - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP state: present +# 2024-10-02: Legacy apt package 'wireless-tools' no longer offered by Ubuntu +# 24.10+ (#3805) but FYI: https://en.wikipedia.org/wiki/Wireless_tools_for_Linux +- name: "Install legacy apt package wireless-tools, if OS still supports it -- or intentionally show (HARMLESS!) red error -- helping to monitor Linux's evolution" + package: + name: wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions + state: present + ignore_errors: True # Intentionally show red error, and continue. + #failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') + # 2021-08-17: Debian ignores this, according to 2013 post: # https://serverfault.com/questions/511099/debian-ignores-etc-network-if-pre-up-d-iptables # - name: Install /etc/network/if-pre-up.d/iptables from template (0755) From ccf87c8b90e79b82d40cabe2d91406a229806d64 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Oct 2024 21:07:50 -0400 Subject: [PATCH 175/380] iiab-diagnostics: Note https://temp.sh for pastebin-like large file xfer --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 198ad864e..47a1ae015 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -273,7 +273,7 @@ echo echo -e "\e[1m" #if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then if ! [[ $ans =~ ^[nNqQ]$ ]]; then - echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs + echo -ne "PUBLISHING TO URL... " # Run 'pastebinit -l' to list other possible pastebin site URLs. ASIDE: Quirky pastebin-like https://temp.sh can sometimes work (like a file transfer service) for larger files. pastebinit -b paste.centos.org $outfile # 2024-08-10: Basic line numbers & "4 weeks" good enough? #nc termbin.com 9999 < $outfile # 2024-08-10: No line numbers & limited to 7 days (rudimentary but reliable option if nec in future?!) #pastebinit -b dpaste.com $outfile # 2024-08-10: Unfortunately limited to 30 days by default. Claims 1,000,000 character maximum pastebin size (or usage quota within N days?) But newly restricted to LESS THAN 500 LINES (e.g. after IP address blocks & email appeals kinda work, but take almost 24h each time!) From 8e09f02bed723179ea67c6ac3f5d3aa39ec09ee8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 7 Oct 2024 15:47:00 -0400 Subject: [PATCH 176/380] Recommend ansible-core 2.17.5 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 701b46107..b7c13abc7 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.4] -GOOD_VER=2.17.4 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.5] +GOOD_VER=2.17.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From ab8c071374cb104e1afb6a7f2cea486964d037c9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2024 00:25:05 -0400 Subject: [PATCH 177/380] moodle/tasks/install.yml: Install 4.6dev if PHP >= 8.4 --- roles/moodle/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 840eeb4d9..9fd5aee8b 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -96,21 +96,21 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.3 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.4 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) - when: php_version is version('8.3', '<') + when: php_version is version('8.4', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.3" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.4" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024) - when: php_version is version('8.3', '>=') + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 4.6dev in Oct 2024) + when: php_version is version('8.4', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: From 49d7160116b1b95cfdcabdeeb357c84559041ccc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2024 00:27:55 -0400 Subject: [PATCH 178/380] moodle/defaults/main.yml: Install 4.5 LTS by default, or... --- roles/moodle/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 1e05a1a76..7f668865d 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,11 +8,11 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# April 2024: Currently testing Moodle's main branch is mandatory if your -# OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your -# OS PHP < 8.3, then {{ moodle_version }} will be attempted: -moodle_version: MOODLE_404_STABLE # Moodle 4.4 -#moodle_version: main # e.g. to try Moodle's "weekly" 4.5dev pre-release *EVEN IF* OS PHP < 8.4 +# October 2024: Currently testing Moodle's main branch is mandatory if your +# OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your +# OS PHP < 8.4, then {{ moodle_version }} will be attempted: +moodle_version: MOODLE_405_STABLE # Moodle 4.5 +#moodle_version: main # e.g. to try Moodle's "weekly" 4.6dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From 4be68d3ac1a6e0ed73a9b887f5cfcd3e4b38ee04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2024 00:51:57 -0400 Subject: [PATCH 179/380] moodle/tasks/install.yml: Revise disk footprint estimates --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9fd5aee8b..5f42508bc 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -96,7 +96,7 @@ moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64") -- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~403 MB initially, ~431 MB later) if OS PHP {{ php_version }} < 8.4 +- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} < 8.4 git: repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle dest: "{{ moodle_base }}" # /opt/iiab/moodle @@ -104,7 +104,7 @@ version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4) when: php_version is version('8.4', '<') -- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~458 MB initially, ~485 MB later) if OS PHP {{ php_version }} >= 8.4" +- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} >= 8.4" git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From d07ae98898c08068311d37c2709308d89fdf6f6e Mon Sep 17 00:00:00 2001 From: root Date: Fri, 11 Oct 2024 01:29:45 -0400 Subject: [PATCH 180/380] Ubuntu 25.04 pre-release testing; Discourage 3 old OS's --- scripts/local_facts.fact | 7 ++++--- vars/default_vars.yml | 3 ++- vars/{linuxmint-21.yml => linuxmint-21.yml.unused} | 0 vars/{ubuntu-2310.yml => ubuntu-2310.yml.unused} | 0 vars/ubuntu-2504.yml | 5 +++++ 5 files changed, 11 insertions(+), 4 deletions(-) rename vars/{linuxmint-21.yml => linuxmint-21.yml.unused} (100%) rename vars/{ubuntu-2310.yml => ubuntu-2310.yml.unused} (100%) create mode 100644 vars/ubuntu-2504.yml diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a24a1a2da..e9f1fdb19 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -72,8 +72,11 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-2104" | \ #"ubuntu-2110" | \ #"ubuntu-2210" | \ + #"ubuntu-2204" | \ #"ubuntu-2304" | \ + #"ubuntu-2310" | \ #"linuxmint-20" | \ + #"linuxmint-21" | \ #"raspbian-8" | \ #"raspbian-9" | \ #"raspbian-10" | \ @@ -85,11 +88,9 @@ OS_VER="$OS-$VERSION_ID" case $OS_VER in "debian-12" | \ "debian-13" | \ - "ubuntu-2204" | \ - "ubuntu-2310" | \ "ubuntu-2404" | \ "ubuntu-2410" | \ - "linuxmint-21" | \ + "ubuntu-2504" | \ "linuxmint-22" | \ "raspbian-12" | \ "raspbian-13") diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 68a520970..caa6fd774 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -764,6 +764,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2504: False is_ubuntu_2410: False is_ubuntu_2404: False is_ubuntu_2310: False @@ -780,7 +781,7 @@ is_ubuntu_2204: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_22: False -is_linuxmint_21: False +#is_linuxmint_21: False #is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml.unused similarity index 100% rename from vars/linuxmint-21.yml rename to vars/linuxmint-21.yml.unused diff --git a/vars/ubuntu-2310.yml b/vars/ubuntu-2310.yml.unused similarity index 100% rename from vars/ubuntu-2310.yml rename to vars/ubuntu-2310.yml.unused diff --git a/vars/ubuntu-2504.yml b/vars/ubuntu-2504.yml new file mode 100644 index 000000000..a548ba9a1 --- /dev/null +++ b/vars/ubuntu-2504.yml @@ -0,0 +1,5 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2504: True From aedc893bd1a5af349b9ac44f7dfdcd497915fbee Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 11 Oct 2024 14:49:58 -0400 Subject: [PATCH 181/380] iiab-summary: Clean output, when tailscale has no IP --- scripts/iiab-summary | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-summary b/scripts/iiab-summary index 80b6e521f..73bcc9693 100755 --- a/scripts/iiab-summary +++ b/scripts/iiab-summary @@ -81,7 +81,8 @@ echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /l echo #grep "^openvpn_handle:" /etc/iiab/local_vars.yml #grep "^tailscale_installed:" /etc/iiab/iiab_state.yml -if [[ $(command -v /usr/bin/tailscale) ]]; then +#if [[ $(command -v /usr/bin/tailscale) ]]; then +if tailscale ip &> /dev/null; then #echo "VPN: $(tailscale ip) $(tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[])" echo "VPN: $(tailscale ip) $(tailscale status --json | jq -r .Self.Tags[])" fi From 194ac9b469c49fd234dcf1778862196f9bf4b61f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 12 Oct 2024 21:48:14 -0400 Subject: [PATCH 182/380] README.md: Mention 50+ FAQ.IIAB.IO questions + answers --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b3416aca2..2cabf030c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/) -Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: +Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 50+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). - [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. From 75f9f613583a1b9d63181b06f1762471310d2179 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Oct 2024 21:35:47 -0400 Subject: [PATCH 183/380] moodle/defaults/main.yml: 4.6dev -> 5.0dev for #3826 --- roles/moodle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 7f668865d..a687dc4b4 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -12,7 +12,7 @@ # OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your # OS PHP < 8.4, then {{ moodle_version }} will be attempted: moodle_version: MOODLE_405_STABLE # Moodle 4.5 -#moodle_version: main # e.g. to try Moodle's "weekly" 4.6dev pre-release *EVEN IF* OS PHP < 8.4 +#moodle_version: main # e.g. to try Moodle's "weekly" 5.0dev pre-release *EVEN IF* OS PHP < 8.4 moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! From ec348fcc022934baa8010e08c3f6209616300eff Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 15 Oct 2024 21:36:33 -0400 Subject: [PATCH 184/380] moodle/defaults/install.yml: 4.6dev -> 5.0dev for #3826 --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 5f42508bc..00cf13066 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -109,7 +109,7 @@ repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" depth: 1 - version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 4.6dev in Oct 2024) + version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 5.0dev in Oct 2024) when: php_version is version('8.4', '>=') - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) From f00f225e280f17cf8719654bf5aa21ef1016e2c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 17 Oct 2024 15:22:57 -0400 Subject: [PATCH 185/380] iiab-vpn: Fix PR #3813 output, when Tailscale tag is missing --- roles/tailscale/templates/iiab-vpn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index c79b1dccb..bb9a32dc0 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -62,7 +62,8 @@ echo -e " tailscale logout\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t #echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' -tailscale status --json | jq -r '.Self,.Peer[] | (if .Tags[] == "" then "-" else .Tags[] end) + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ +# (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null +tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); From 018b0d21b8d6d18744d7ab231f255cb18f9c0b20 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 18 Oct 2024 00:07:22 -0400 Subject: [PATCH 186/380] PR #3834: Tighten iiab-vpn output of online/offline --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index bb9a32dc0..438f627c1 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -65,7 +65,7 @@ echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + line=$(echo "$l" | sed 's/ XXXtrueXXX / ✅/ ; s/ XXXfalseXXX / ❌ /') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 759ebb48dd516a0c87415f22974bb0d7aec6a1d7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 18 Oct 2024 08:24:47 -0400 Subject: [PATCH 187/380] iiab-vpn: Revert 018b0d2, as online/offline colors failed on some terminals --- roles/tailscale/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 438f627c1..bb9a32dc0 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -65,7 +65,7 @@ echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX / ✅/ ; s/ XXXfalseXXX / ❌ /') + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 965d4944124501bfb74622f0f2ce5dd5272a0084 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Wed, 23 Oct 2024 09:25:13 -0400 Subject: [PATCH 188/380] only support versioned zims if have YYYY-MM ending --- roles/pylibs/templates/iiab_lib.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/roles/pylibs/templates/iiab_lib.py b/roles/pylibs/templates/iiab_lib.py index ef9da7e82..13044c0c2 100644 --- a/roles/pylibs/templates/iiab_lib.py +++ b/roles/pylibs/templates/iiab_lib.py @@ -6,6 +6,7 @@ import os import json import subprocess import shlex +import re import xml.etree.ElementTree as ET import iiab.iiab_const as CONST @@ -46,11 +47,17 @@ def get_zim_list(path): if filename in CONST.old_zim_map: # handle old names that don't parse perma_ref = CONST.old_zim_map[filename] else: - ulpos = filename.rfind("_") - # but old gutenberg and some other names are not canonical - if filename.rfind("-") < 0: # non-canonical name - ulpos = filename[:ulpos].rfind("_") - perma_ref = filename[:ulpos] + # handle various zim name patterns: + # 1. canonical zim ending in _YYYY-MM + # as of 10/16/2024 it looks like all Kiwix zims fit this pattern + # 2. otherwise assume no versioning and perma_ref = filename + + match = re.search("_[0-5][0-9][0-5][0-9]-[0-5][0-9]$", filename) + if match: + perma_ref = filename[: match.span()[0]] + else: + perma_ref = filename + zim_info['file_name'] = filename zim_versions[perma_ref] = zim_info # if there are multiples, last should win return files_processed, zim_versions From ef868120a1ead3fb1276e6869b4db2f11004b7c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Oct 2024 10:19:18 -0600 Subject: [PATCH 189/380] Revert PR #3815: python3-cryptography no longer needed --- roles/calibre-web/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 5e1f66933..a863f541e 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,11 +21,11 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-cryptography, python3-netifaces" +- name: "Install packages: imagemagick, python3-netifaces" package: name: - imagemagick - - python3-cryptography # Required on Raspberry Pi OS (see iiab/calibre-web#260) + #- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183) - python3-netifaces state: present From 0616e1c097f4c40abc40e36e6336500a60886366 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Oct 2024 14:33:41 -0400 Subject: [PATCH 190/380] Fix tailscale tab completion (mkdir -p /etc/bash_completion.d) --- roles/tailscale/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tailscale/tasks/install.yml b/roles/tailscale/tasks/install.yml index 0e3bee8c1..97e939a84 100644 --- a/roles/tailscale/tasks/install.yml +++ b/roles/tailscale/tasks/install.yml @@ -19,7 +19,7 @@ update_cache: yes - name: Set up tab completion for 'tailscale' at the command-line - shell: tailscale completion bash > /etc/bash_completion.d/tailscale + shell: mkdir -p /etc/bash_completion.d && tailscale completion bash > /etc/bash_completion.d/tailscale - name: "Install ssh public keys for remote support (only runs if 'tailscale_install: True')" lineinfile: From 129f2842868c9c608b131a5d10d5a60e049b98e8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Nov 2024 15:42:08 -0500 Subject: [PATCH 191/380] 2.15 EOL November 2024, MIN_ANSIBLE_VER=2.16.13 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 59c22129f..17de8d2cb 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.15.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.16.13 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 8ff3c7c221fd62162248198f18527855e86fa83c Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Nov 2024 19:27:32 -0500 Subject: [PATCH 192/380] 10min-iiab-test-install.yml: Tmp GHA hack using ubuntu-24.04 --- .github/workflows/10min-iiab-test-install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 2e567f984..24dfc6c79 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." @@ -27,7 +27,7 @@ jobs: # GITHUB_CONTEXT: ${{ toJSON(github) }} # run: echo "$GITHUB_CONTEXT" - name: Check out repository code - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v4 - run: echo "🍏 This job's status is ${{ job.status }}." - name: GitHub Actions "runner" environment run: | From abe18950243e4db4d613855828e11b62650a6dcb Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 8 Nov 2024 19:31:06 -0500 Subject: [PATCH 193/380] Recommend ansible-core 2.18.0 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b7c13abc7..c110e9a12 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.17.5] -GOOD_VER=2.17.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] +GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 6f7855f3d94b1b829f66283ea973b413d155f7cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:42:09 -0500 Subject: [PATCH 194/380] default_vars.yml: Mention that Lokole in UNMAINTAINED --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index caa6fd774..bcb038a53 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -412,7 +412,7 @@ jupyterhub_enabled: False jupyterhub_venv: /opt/iiab/jupyterhub jupyterhub_port: 8000 -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' From 1234d1163072e198c1754bb8bd276eb9b364ec25 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:42:28 -0500 Subject: [PATCH 195/380] local_vars_unittest.yml: Mention that Lokole in UNMAINTAINED --- vars/local_vars_unittest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index fe44a58ab..bd59f5bce 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -247,7 +247,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From 7b63f0b30e9f5b8c194a1b16af42314813acc3fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:42:49 -0500 Subject: [PATCH 196/380] local_vars_small.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_small.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 70206e9ec..55c50ee23 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -241,7 +241,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From aae672963201a3712e054fd157361e1c999342db Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:43:08 -0500 Subject: [PATCH 197/380] local_vars_medium.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 08afaab93..7707afba2 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -241,7 +241,7 @@ gitea_enabled: False jupyterhub_install: False jupyterhub_enabled: False -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 From a646a45aea81c2656093d20d6283a9c53814b1d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 Nov 2024 10:43:23 -0500 Subject: [PATCH 198/380] local_vars_large.yml: Mention that Lokole is UNMAINTAINED --- vars/local_vars_large.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 7f0d398fe..617ca9d93 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -241,7 +241,7 @@ gitea_enabled: True jupyterhub_install: True jupyterhub_enabled: True -# Lokole (email for rural communities) from https://ascoderu.ca +# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2023-09-06: wheel for mkwvconf still lokole_enabled: False # missing from Ubuntu 23.10 (#3572) From 13557b11729bf34bdd987f4ee607341e3a0fd1b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 16 Nov 2024 18:17:35 -0500 Subject: [PATCH 199/380] Defer install of Transmission on Ubuntu 25.04 too --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 4d83e4422..c6d497f15 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,7 +6,7 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) + when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410 or is_ubuntu_2504) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!) - name: AWSTATS include_role: From 750c15ade10f2e61f07a8617b49b9fad384b310c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Nov 2024 11:38:15 -0500 Subject: [PATCH 200/380] Update CONTRIBUTING.md link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8b4a07b84..36a45b7aa 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW
[github.com/iiab/iiab/wiki/Technical-Contributors-Guide](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) +# SEE THE NEW
[github.com/iiab/iiab/wiki/Contributors-Guide](https://github.com/iiab/iiab/wiki/Contributors-Guide) # THANKS! From 123a0cc5f130add3a9907118d279eddfc460f7ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Nov 2024 11:39:41 -0500 Subject: [PATCH 201/380] Update README.md link to RENAMED Contributors Guide --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2cabf030c..dd92224ff 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From defa139a34de2f46f2a29489b6e7cb3840dddedf Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Nov 2024 17:00:50 -0500 Subject: [PATCH 202/380] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 36a45b7aa..4ddde9b53 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ -# SEE THE NEW
[github.com/iiab/iiab/wiki/Contributors-Guide](https://github.com/iiab/iiab/wiki/Contributors-Guide) +# SEE THE NEW
[github.com/iiab/iiab/wiki/Contributors-Guide-(EN)](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) # THANKS! From 537c6a84c26a7cf797418cfccea790627061a968 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 19 Nov 2024 17:04:54 -0500 Subject: [PATCH 203/380] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dd92224ff..fbfd30d35 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide) of all kinds!_ +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) ([versión en español](https://github.com/iiab/iiab/wiki/Gu%C3%ADa-para-Contribuidores-(ES))) of all kinds!_ If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) From 676f3eebeff5d690d27067501f4869c274744659 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 2 Dec 2024 12:58:02 -0500 Subject: [PATCH 204/380] Recommend ansible-core 2.18.1 --- scripts/ansible | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index c110e9a12..968819464 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] -GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.1] +GOOD_VER=2.18.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.18 +# https://github.com/ansible/ansible/blob/stable-2.18/changelogs/CHANGELOG-v2.18.rst # https://github.com/ansible/ansible/commits/stable-2.17 # https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 From c16d76ac2907d78c414263b474442e94b57723c5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 2 Dec 2024 12:59:26 -0500 Subject: [PATCH 205/380] MIN_ANSIBLE_VER=2.16.14 --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 17de8d2cb..45e637c2a 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.16.13 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.16.14 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. REINSTALL=false DEBUG=false From 0e6836181465c09b9af8362209b380bc24ff2d21 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 8 Dec 2024 12:08:42 -0600 Subject: [PATCH 206/380] drop netifaces workaround - replaced with netifaces-plus --- roles/calibre-web/tasks/install.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a863f541e..70d85a666 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -26,7 +26,7 @@ name: - imagemagick #- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183) - - python3-netifaces + #- python3-netifaces state: present # https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542 @@ -125,7 +125,8 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 #virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + #virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) From 01304ab1331c1da7eb68d57f2315685cba8fa903 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 Dec 2024 13:14:53 -0500 Subject: [PATCH 207/380] Nextcloud 30.0.4 disk footprint estimates --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 529988437..d0588aac9 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~197 MB) to {{ nextcloud_root_dir }} (~692 MB initially, sometimes ~730 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~180 MB) to {{ nextcloud_root_dir }} (~687 MB initially, sometimes ~721 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From adfc1cc6962e2d91ab8ecc943fadb6d3dd72b394 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 9 Dec 2024 13:44:56 -0500 Subject: [PATCH 208/380] RasPiOS compositor change (wayfire to labwc) so Chrome browser autostart needs work --- roles/www_options/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b26256239..ca1d7af16 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,6 +31,7 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network +# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so check for dir /home/{{ iiab_admin_user }}/.config/labwc/ instead? - name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? stat: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini @@ -46,6 +47,7 @@ # path: /usr/bin/chromium # register: chromium_present +# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so try putting the line in NON-ini file /home/{{ iiab_admin_user }}/.config/labwc/autostart -- according to: https://forums.raspberrypi.com/viewtopic.php?t=379321 - name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini ini_file: path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin From 7544b79285d48df48b48318afb98d778ff4c1c8a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 12 Dec 2024 22:19:27 +0100 Subject: [PATCH 209/380] Enact Chrome browser autostart w/ compositor labwc (no longer wayfire) for RasPiOS --- roles/www_options/tasks/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index ca1d7af16..f55d43cb1 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -31,11 +31,11 @@ # 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords # AND roles/network/tasks/netwarn.yml FOR iiab-network -# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so check for dir /home/{{ iiab_admin_user }}/.config/labwc/ instead? -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +# 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir - name: Does /usr/bin/chromium-browser exist? stat: @@ -47,14 +47,14 @@ # path: /usr/bin/chromium # register: chromium_present -# 2024-12-09: RasPiOS changed compositor from wayfire to labwc, so try putting the line in NON-ini file /home/{{ iiab_admin_user }}/.config/labwc/autostart -- according to: https://forums.raspberrypi.com/viewtopic.php?t=379321 +# 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 - name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: chromium-browser - value: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: wayfire_ini.stat.exists and chromium_browser.stat.exists + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + regexp: '^/usr/bin/chromium' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: labwc_dir.stat.exists and labwc_dir.stat.isdir and chromium_browser.stat.exists # - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart # lineinfile: From ae40f78d23396f63cdb0e59b1439a23a621077e1 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 12 Dec 2024 22:54:44 +0100 Subject: [PATCH 210/380] Put iiab-netwarn & iiab-pwdwarn-labwc in ~/.config/labwc/autostart --- roles/iiab-admin/tasks/pwd-warnings.yml | 27 +++++++++---------- ...dwarn-wayfire.j2 => iiab-pwdwarn-labwc.j2} | 0 roles/network/tasks/netwarn.yml | 21 +++++++-------- roles/network/templates/netwarn/iiab-netwarn | 5 +++- 4 files changed, 27 insertions(+), 26 deletions(-) rename roles/iiab-admin/templates/{iiab-pwdwarn-wayfire.j2 => iiab-pwdwarn-labwc.j2} (100%) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index 46d091bec..200ff30ab 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -8,17 +8,17 @@ dest: /etc/profile.d/iiab-pwdwarn-profile.sh mode: '0644' -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir -- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-wayfire" +- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-labwc" template: - src: iiab-pwdwarn-wayfire.j2 - dest: /usr/local/sbin/iiab-pwdwarn-wayfire + src: iiab-pwdwarn-labwc.j2 + dest: /usr/local/sbin/iiab-pwdwarn-labwc mode: '0755' - when: wayfire_ini.stat.exists + when: labwc_dir.stat.exists and labwc_dir.stat.isdir # 2019-03-07: This pop-up (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) did # not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop @@ -28,10 +28,9 @@ # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 -- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/wayfire.ini to trigger iiab-pwdwarn-wayfire (& pop-up as nec) - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: iiab-pwdwarn-wayfire - value: /usr/local/sbin/iiab-pwdwarn-wayfire - when: wayfire_ini.stat.exists +- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/labwc/autostart to trigger iiab-pwdwarn-labwc (& pop-up as nec) + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + line: /usr/local/sbin/iiab-pwdwarn-labwc + when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 b/roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 similarity index 100% rename from roles/iiab-admin/templates/iiab-pwdwarn-wayfire.j2 rename to roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 2ce6aaac0..67b717358 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -5,18 +5,17 @@ # shell / ssh logins (across all OS's/distros/window managers) might also make sense? -- name: Does /home/{{ iiab_admin_user }}/.config/wayfire.ini exist? +- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist? stat: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini - register: wayfire_ini + path: /home/{{ iiab_admin_user }}/.config/labwc/ + register: labwc_dir -- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/wayfire.ini - ini_file: - path: /home/{{ iiab_admin_user }}/.config/wayfire.ini # iiab-admin - section: autostart - option: iiab-netwarn - value: /usr/local/sbin/iiab-netwarn - when: wayfire_ini.stat.exists +- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/labwc/autostart + lineinfile: + path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin + create: yes + line: /usr/local/sbin/iiab-netwarn + when: labwc_dir.stat.exists and labwc_dir.stat.isdir # mate desktop detection based on 'register: nd_dir' in enable_services @@ -45,4 +44,4 @@ src: roles/network/templates/netwarn/iiab-netwarn # Invoked by 1-prep (so full path needed) dest: /usr/local/sbin/ mode: 0755 - when: wayfire_ini.stat.exists or (mate_dir.stat.exists and mate_dir.stat.isdir) + when: (labwc_dir.stat.exists and labwc_dir.stat.isdir) or (mate_dir.stat.exists and mate_dir.stat.isdir) diff --git a/roles/network/templates/netwarn/iiab-netwarn b/roles/network/templates/netwarn/iiab-netwarn index b20d18fc6..87865e0f1 100755 --- a/roles/network/templates/netwarn/iiab-netwarn +++ b/roles/network/templates/netwarn/iiab-netwarn @@ -3,7 +3,10 @@ # CONFUSING BUT FYI: Steps below run *strictly sequentially* when this script # (/usr/local/sbin/iiab-netwarn) is run on boot, triggered by either autostart: # https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html -# ...or by Wayland compositor Wayfire's ~/.config/wayfire.ini for RasPiOS 12+: +# ...or by Wayland compositor's ~/.config/labwc/autostart in new RasPiOS 12+: +# https://forums.raspberrypi.com/viewtopic.php?t=379321 +# (Prior to Dec 2024, RasPiOS compositor Wayfire did the same...) +# https://github.com/iiab/iiab/pull/3685 # https://github.com/WayfireWM/wayfire/wiki/Configuration#autostart # # This allows return codes ($rc) to be meaningful, at each successive step. From 36a5cd458f9863d68f190e9c5fde014447963859 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 12 Dec 2024 23:51:09 +0100 Subject: [PATCH 211/380] Parallelize 3 autostart cmds in ~/.config/labwc/autostart --- roles/iiab-admin/tasks/pwd-warnings.yml | 2 +- roles/network/tasks/netwarn.yml | 4 ++-- roles/www_options/tasks/main.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index 200ff30ab..600a935bb 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -32,5 +32,5 @@ lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes - line: /usr/local/sbin/iiab-pwdwarn-labwc + line: '/usr/local/sbin/iiab-pwdwarn-labwc &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml index 67b717358..78aae19be 100644 --- a/roles/network/tasks/netwarn.yml +++ b/roles/network/tasks/netwarn.yml @@ -10,11 +10,11 @@ path: /home/{{ iiab_admin_user }}/.config/labwc/ register: labwc_dir -- name: If so, add /usr/local/sbin/iiab-netwarn to /home/{{ iiab_admin_user }}/.config/labwc/autostart +- name: If so, add '/usr/local/sbin/iiab-netwarn &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes - line: /usr/local/sbin/iiab-netwarn + line: '/usr/local/sbin/iiab-netwarn &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index f55d43cb1..8b2907823 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -48,12 +48,12 @@ # register: chromium_present # 2024-12-12: RasPiOS changed compositor from wayfire to labwc: https://forums.raspberrypi.com/viewtopic.php?t=379321 -- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' to /home/{{ iiab_admin_user }}/.config/wayfire.ini +- name: If both above exist, add '/usr/bin/chromium-browser --disable-restore-session-state http://box/home &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart lineinfile: path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin create: yes regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home &' when: labwc_dir.stat.exists and labwc_dir.stat.isdir and chromium_browser.stat.exists # - name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart From e2d646ee182a604a1f083bfabfe065d83144afe4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 13 Dec 2024 18:48:37 -0500 Subject: [PATCH 212/380] calibre-web/tasks/install.yml: Rename xklb to library for pipx --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index a863f541e..62cae7c56 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -92,27 +92,27 @@ - debug: msg: - "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:" - - sudo pipx inject --pip-args='--upgrade --pre' -f xklb yt-dlp[default] + - sudo pipx inject --pip-args='--upgrade --pre' -f library yt-dlp[default] - name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki shell: | if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx reinstall xklb + pipx reinstall library else - pipx install xklb + pipx install library ln -sf /root/.local/bin/lb /usr/local/bin/lb - if [ -f /root/.local/share/pipx/venvs/xklb/bin/yt-dlp ]; then - ln -sf /root/.local/share/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp - elif [ -f /root/.local/pipx/venvs/xklb/bin/yt-dlp ]; then - ln -sf /root/.local/pipx/venvs/xklb/bin/yt-dlp /usr/local/bin/yt-dlp + if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp else echo "ERROR: yt-dlp NOT FOUND" fi fi # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases # https://pypi.org/project/yt-dlp/#history From 9dfaccef74c780029462f641128508d726e95244 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 13 Dec 2024 18:50:35 -0500 Subject: [PATCH 213/380] scripts/iiab-update: Rename xklb to library for pipx --- scripts/iiab-update | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 63f4a8a68..dcf7d04f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -58,15 +58,15 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then if [[ $1 == "-f" || $1 == "--fast" ]]; then - echo -e "\e[4mNow running: pipx uninstall xklb # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall xklb - echo -e "\n\e[4mNow running: pipx install xklb # THIS ALSO INSTALLS yt-dlp\e[0m\n" - pipx install xklb + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library + echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" + pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" yt-dlp --version - echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default]\e[0m\n' + echo -e '\n\e[4mNeed better YouTube scraping? Run this for the latest yt-dlp "nightly" release:\e[0m\n\n\e[1mpipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default]\e[0m\n' # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE: - # pipx inject --pip-args="--upgrade --pre" -f xklb yt-dlp[default] + # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] # # https://github.com/yt-dlp/yt-dlp-nightly-builds/releases # https://pypi.org/project/yt-dlp/#history From ad57789c65a730ebbfbbedfbb4f290c9b0378ee6 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Sun, 15 Dec 2024 21:00:30 -0500 Subject: [PATCH 214/380] Check if older version of 'library' (xklb) is installed --- scripts/iiab-update | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/iiab-update b/scripts/iiab-update index dcf7d04f3..4e5d82547 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -58,6 +58,11 @@ if grep -q 'calibreweb_installed: True' /etc/iiab/iiab_state.yml; then if [[ $1 == "-f" || $1 == "--fast" ]]; then + echo -e "\e[4mChecking if an older version of 'library' (formerly 'xklb') exists...\e[0m" + if pipx list | grep -q 'xklb'; then + echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" + pipx uninstall xklb + fi echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" pipx uninstall library echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" From 577a8f171f5378ef276e9e82757f8f2872ac6189 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Sun, 15 Dec 2024 21:20:52 -0500 Subject: [PATCH 215/380] Ensure script continues even if 'library' is not installed --- scripts/iiab-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 4e5d82547..2e3f9e4f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -64,7 +64,7 @@ pipx uninstall xklb fi echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library + pipx uninstall library || true echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 59470cd13464ecd8d0e428f64e0eec7f53ce8559 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Sun, 15 Dec 2024 21:42:07 -0500 Subject: [PATCH 216/380] Update install.yml to check if older xklb is present --- roles/calibre-web/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62cae7c56..67b53766c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -99,7 +99,12 @@ if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then apt install ffmpeg pipx -y if lb --version; then - pipx reinstall library + if pipx list | grep -q 'xklb'; then + pipx uninstall xklb + pipx install library + else + pipx reinstall library + fi else pipx install library ln -sf /root/.local/bin/lb /usr/local/bin/lb From 58c5e8e71f9b367168fbc1502675b5fdf0a3a060 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Sun, 15 Dec 2024 22:00:40 -0500 Subject: [PATCH 217/380] Enhance library existence check --- scripts/iiab-update | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 2e3f9e4f3..6a6eeee34 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -63,8 +63,12 @@ echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" pipx uninstall xklb fi - echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library || true + if pipx list | grep -q 'library'; then + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library + else + echo -e "\e[4m'library' not found. Skipping uninstall.\e[0m\n" + fi echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 7f37ccd8dbac10e1ee377e63636eebbe87d3328c Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Mon, 16 Dec 2024 07:25:06 -0500 Subject: [PATCH 218/380] Remove grep step --- scripts/iiab-update | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/iiab-update b/scripts/iiab-update index 6a6eeee34..2e3f9e4f3 100755 --- a/scripts/iiab-update +++ b/scripts/iiab-update @@ -63,12 +63,8 @@ echo -e "\e[4mOlder version 'xklb' detected. Now running: pipx uninstall xklb\e[0m" pipx uninstall xklb fi - if pipx list | grep -q 'library'; then - echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" - pipx uninstall library - else - echo -e "\e[4m'library' not found. Skipping uninstall.\e[0m\n" - fi + echo -e "\e[4mNow running: pipx uninstall library # THIS ALSO UNINSTALLS yt-dlp\e[0m\n" + pipx uninstall library || true echo -e "\n\e[4mNow running: pipx install library # THIS ALSO INSTALLS yt-dlp\e[0m\n" pipx install library echo -e "\n\e[4mNow running: yt-dlp --version\e[0m\n" From 943dcccf7d1ddca7e542d0f7e340f6fc1cf574b8 Mon Sep 17 00:00:00 2001 From: Blondel MONDESIR Date: Mon, 16 Dec 2024 07:31:07 -0500 Subject: [PATCH 219/380] Make yt-dlp symlink failsafe --- roles/calibre-web/tasks/install.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 67b53766c..b678763ed 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -107,14 +107,14 @@ fi else pipx install library - ln -sf /root/.local/bin/lb /usr/local/bin/lb - if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then - ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp - elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then - ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp - else - echo "ERROR: yt-dlp NOT FOUND" - fi + fi + ln -sf /root/.local/bin/lb /usr/local/bin/lb + if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then + ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp + else + echo "ERROR: yt-dlp NOT FOUND" fi # NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release: # pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default] From 325d27a32ba97e0478228b9ab04e05870834f1d6 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 16 Dec 2024 18:37:47 -0500 Subject: [PATCH 220/380] Asterisk 22 (instead of 21, tested on Debian 13) --- roles/pbx/README.adoc | 2 +- roles/pbx/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index f19260023..99791114e 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of August 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-21-0-0-now-available/[Asterisk 21] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). +As of December 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-22-0-0-now-available/[Asterisk 22] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]). //// *PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) — sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released — so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!* diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index f0cb38124..647ad700d 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -26,7 +26,7 @@ asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk -asterisk_src_file: asterisk-21-current.tar.gz +asterisk_src_file: asterisk-22-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab # freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 From 8b5ea641d4f447f48d9f852c78605233801c4319 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Dec 2024 21:30:00 -0500 Subject: [PATCH 221/380] Bypass /etc/ImageMagick-6/policy.xml PDF surgery w/ ImageMagick 7+ --- roles/calibre-web/tasks/install.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 62cae7c56..3bad3f9ae 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -38,6 +38,13 @@ # state: present # when: python_version is version('3.10', '>=') +- name: Does /etc/ImageMagick-6/policy.xml exist? + stat: + path: /etc/ImageMagick-6/policy.xml + register: imagemagick6_policy_xml + +# 2024-12-16: Debian 13 uses /etc/ImageMagick-7/policy.xml instead, which doesn't need this lineinfile surgery: +# https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion - name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails lineinfile: path: /etc/ImageMagick-6/policy.xml @@ -45,8 +52,9 @@ backrefs: yes line: ' ' state: present + when: imagemagick6_policy_xml.stat.exists -- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)" +- name: "Create 2 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_config }} (each set to {{ calibreweb_user }}:{{ apache_user }}, default to 0755)" file: state: directory path: "{{ item }}" From b8a868e231043dd217b162b2b1c3c1aa91bcfa94 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 16 Dec 2024 22:25:36 -0500 Subject: [PATCH 222/380] Fix Ansible comment RE: python3-netifaces (PR #3852) --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 229cd3d34..d293afe23 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -21,7 +21,7 @@ # Official upstream instructions: # apt install python3-pip python3-venv # https://github.com/janeczku/calibre-web/wiki/Manual-installation -- name: "Install packages: imagemagick, python3-netifaces" +- name: "Install package: imagemagick" package: name: - imagemagick From f722cd783e00e282fcdf938ac87034eb407beb7e Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 17 Dec 2024 00:04:20 -0500 Subject: [PATCH 223/380] rpi_debian.yml: rfkill unblock wifi --- roles/network/tasks/rpi_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index fc02dccd7..df9ddb7c3 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -55,7 +55,7 @@ # This should go away, should only be unblocked by raspi-config - name: Enable the WiFi with rfkill - shell: rfkill unblock 0 + shell: rfkill unblock wifi ignore_errors: True - name: Copy the bridge script for RPi From 6a6d153034e90d05d817d5424873cf8035318b68 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 18 Dec 2024 08:47:43 -0600 Subject: [PATCH 224/380] deal with unblocking wifi while NM is active on newer RaspiOS --- roles/network/tasks/main.yml | 5 +++++ roles/network/tasks/rpi_debian.yml | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 7a1e6d5f5..30e1942d3 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -68,6 +68,11 @@ #### End services #### Start network layout + - name: Unblock WiFi on RaspiOS + shell: raspi-config nonint do_wifi_country {{ host_country_code }} + ignore_errors: True + when: is_raspbian + #- name: Redhat networking # include_tasks: ifcfg_mods.yml # when: is_redhat diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index df9ddb7c3..d2a15da5b 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -53,11 +53,6 @@ line: country={{ host_country_code }} when: country_code.stdout is defined and country_code.stdout | length == 0 -# This should go away, should only be unblocked by raspi-config -- name: Enable the WiFi with rfkill - shell: rfkill unblock wifi - ignore_errors: True - - name: Copy the bridge script for RPi template: dest: /etc/network/interfaces.d/iiab From 4a3e9517dcac8d3ee3b3a363d6635343cceeddd1 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 18 Dec 2024 19:55:14 -0500 Subject: [PATCH 225/380] Clarify 'raspi-config nonint do_wifi_country XX' --- roles/network/tasks/main.yml | 8 +++++--- roles/network/tasks/rpi_debian.yml | 6 ++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 30e1942d3..1f493067b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -68,10 +68,12 @@ #### End services #### Start network layout - - name: Unblock WiFi on RaspiOS - shell: raspi-config nonint do_wifi_country {{ host_country_code }} - ignore_errors: True + + # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml isn't enough, especially with NM (NetworkManager) + - name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS + command: raspi-config nonint do_wifi_country {{ host_country_code }} when: is_raspbian + #ignore_errors: True #- name: Redhat networking # include_tasks: ifcfg_mods.yml diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index d2a15da5b..e85c673dd 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -53,6 +53,12 @@ line: country={{ host_country_code }} when: country_code.stdout is defined and country_code.stdout | length == 0 +# 2024-12-18: SEE 'raspi-config nonint do_wifi_country {{ host_country_code }}' in roles/network/tasks/main.yml +# # This should go away, should only be unblocked by raspi-config +# - name: Enable the WiFi with rfkill +# shell: rfkill unblock wifi +# ignore_errors: True + - name: Copy the bridge script for RPi template: dest: /etc/network/interfaces.d/iiab From 1c9a784d2a1a61303c4e0d1c0f60d93797ef6255 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 18 Dec 2024 22:59:25 -0500 Subject: [PATCH 226/380] WiFi unblock via "rpi_debian.yml wasn't enough, especially with NM" --- roles/network/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 1f493067b..7e2f1eabb 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -69,7 +69,7 @@ #### Start network layout - # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml isn't enough, especially with NM (NetworkManager) + # 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml wasn't enough, especially with NM (NetworkManager) - name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS command: raspi-config nonint do_wifi_country {{ host_country_code }} when: is_raspbian From 3c32db26bdb0d34697afc8ef09be5479466b9115 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Thu, 19 Dec 2024 14:28:03 -0500 Subject: [PATCH 227/380] rename apache_allow_sudo and make True default --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 6 +++--- roles/www_options/tasks/php-settings.yml | 2 +- vars/default_vars.yml | 6 +++--- vars/local_vars_large.yml | 6 +++--- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 6 +++--- vars/local_vars_small.yml | 6 +++--- vars/local_vars_unittest.yml | 6 +++--- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index f728ffca8..e39bea703 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# apache_allow_sudo: True +# allow_www_data_sudo: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 8b2907823..2319c58f5 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,7 +77,7 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (apache_allow_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) @@ -86,13 +86,13 @@ src: 020_apache_poweroff.j2 dest: /etc/sudoers.d/020_apache_poweroff mode: '0440' - when: apache_allow_sudo + when: allow_www_data_sudo - name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff file: path: /etc/sudoers.d/020_apache_poweroff state: absent - when: not apache_allow_sudo + when: not allow_www_data_sudo # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 46955cf16..184c07b21 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bcb038a53..1e84fd3e0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # roles/www_base runs here (mandatory) @@ -340,8 +340,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 617ca9d93..ac2e78128 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 5df26eb52..45d6db53f 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -apache_allow_sudo: True +allow_www_data_sudo: True # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 7707afba2..c12fcb04f 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 55c50ee23..88253e035 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -218,8 +218,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index bd59f5bce..39d8cf05c 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, apache_allow_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo # 4-SERVER-OPTIONS @@ -224,8 +224,8 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf -# Make this True to enable http://box/js-menu/menu-files/services/power_off.php -apache_allow_sudo: False +# Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php +allow_www_data_sudo: True # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True From 6b9608505079d5d78baefbaec14b4b6dfe1582d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 19 Dec 2024 23:26:00 -0500 Subject: [PATCH 228/380] iiab-vpn: Update 3 Headscale doc URLs (Android, Apple, Windows) --- roles/tailscale/templates/iiab-vpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index bb9a32dc0..14508809e 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -2,9 +2,9 @@ # USEFUL DOCS: # https://tailscale.com/kb/1080/cli#status -# https://headscale.net/android-client/ -# https://headscale.net/apple-client/ -# https://headscale.net/windows-client/ +# https://headscale.net/stable/usage/connect/android/ +# https://headscale.net/stable/usage/connect/apple/ +# https://headscale.net/stable/usage/connect/windows/ VPN_URL=https://iiab.net VPN_KEY="$1" From 079c7f5fa27983c2e0af8e2181b825023497e635 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 21 Dec 2024 10:11:53 -0500 Subject: [PATCH 229/380] New MediaWiki 1.42.4 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 4a7abf5de..ce95ff076 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 3 +mediawiki_minor_version: 4 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From afa8ae0eeba6a876ebdb14ff1f4c84f5826e2690 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 22 Dec 2024 13:44:30 -0500 Subject: [PATCH 230/380] roles/usb_lib/README.rst: Fix 2 URLs --- roles/usb_lib/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index c27dc0e53..22fd711d2 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -2,7 +2,7 @@ usb_lib README ============== -**PLEASE SEE "Can teachers display their own content?" WITHIN http://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** +**PLEASE SEE "Can teachers display their own content?" WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** This role implements functionality similar to LibraryBox, to mount "teacher content" from USB drives. @@ -22,7 +22,7 @@ USB drives must be formatted with one of the filesystems listed under "FILESYSTE IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). -Official `usbmount 0.0.22 (2011-08-08) `_ documentation: +Official `usbmount 0.0.22 (2011-08-08) `_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) * https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) From 1950a5ba6d97f4b129490170c3359e0bcf7d8a86 Mon Sep 17 00:00:00 2001 From: Avni Khatri/Fein Date: Sat, 28 Dec 2024 15:59:56 -0500 Subject: [PATCH 231/380] Update iiab-vpn to fix ANSI color codes on OSX and change text color on blue bg. - Update iiab-vpn to fix ANSI color codes on OSX by using \033 instead of \e - Change text color to light gray when using blue bg --- roles/tailscale/templates/iiab-vpn | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/tailscale/templates/iiab-vpn b/roles/tailscale/templates/iiab-vpn index 14508809e..77e8c13be 100755 --- a/roles/tailscale/templates/iiab-vpn +++ b/roles/tailscale/templates/iiab-vpn @@ -10,7 +10,7 @@ VPN_URL=https://iiab.net VPN_KEY="$1" # if tailscale status > /dev/null; then # MANY IMPERFECT TESTS OF TAILNET CONNECTIVITY: tailscale0 CAN lose its IP address, as shown by 'ip a' and 'hostname -I' (testing 'systemctl is-active tailscaled' is likely no better!) Unclear if 'tailscale status --json | jq -r .Self.Online' is much better? Maybe explore 'tailscale debug --help' and 'tailscale debug prefs' for a cleaner/authoritative verdict? Or use + display string output of 'systemctl show tailscaled --property=StatusText' e.g. 'StatusText=Connected; iiab; 100.64.0.4' ? (OR JUST DON'T WORRY ABOUT IT, AS THE ~3 'tailscale up' COMMANDS BELOW ARE MORE PROACTIVE... AND APPEAR FAST + SAFE!) -# echo -e "\n\e[1;33mAlready connected to VPN!?\e[0m" +# echo -e "\n\033[1;33mAlready connected to VPN!?\033[0m" # else # [NEST ~20 LINES OF IF STATEMENTS FURTHER BELOW?] @@ -22,20 +22,20 @@ VPN_KEY="$1" # UX Optimization: {iiab-vpn, iiab-support} can be run WITHOUT key *IF* .BackendState is "Stopped" or "Running" *AND* .ControlURL is $VPN_URL (avoid their default, https://controlplane.tailscale.com !) if [[ $(tailscale status --json | jq -r .BackendState) != "NeedsLogin" && $(tailscale debug prefs | jq -r .ControlURL) = $VPN_URL ]]; then if ! tailscale up --login-server "$VPN_URL" --timeout 8s; then # (Re-)passing $VPN_URL is overkill on this line, but can't hurt! - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN\033[0m\n" exit 1 fi elif [ -z $VPN_KEY ]; then - echo -e "\n\e[1;33mVPN key required!\e[0m\n\nEmail holt@unleashkids.org to explain your need?\n" + echo -e "\n\033[1;33mVPN key required!\033[0m\n\nEmail holt@unleashkids.org to explain your need?\n" exit 1 else if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --timeout 8s; then - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN, so let's try --force-reauth\033[0m\n" # If 'tailscale up' just above fails w/ exit code 1 ~= "can't change --login-server without --force-reauth" (i.e. if switching login server, e.g. to/from their default (https://controlplane.tailscale.com) -- SEE ALSO: 'tailscale switch -h' and https://tailscale.com/blog/fast-user-switching) then more "brute force" is attempted below... # https://github.com/tailscale/tailscale/issues/3849 "Please warn that --force-reauth immediately disconnects" (brute force, only as a last resort!) # https://github.com/tailscale/tailscale/issues/4854 "Tailscale CLI has poor UX with expiring keys" (long-term node keys thankfully mitigate this!) if ! tailscale up --login-server "$VPN_URL" --auth-key "$VPN_KEY" --force-reauth --timeout 8s; then - echo -e "\n\e[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\e[0m\n" + echo -e "\n\033[41;1mERROR $?: Failed to connect to VPN, even with --force-reauth\033[0m\n" exit 1 fi fi @@ -43,7 +43,7 @@ fi # jq 1.7 (2023-09-05) on new OS's also allows new syntax... jq -r .Node.Tags.[] # Can also work: tailscale whois --json $(tailscale ip -1) | jq -r .Node.Tags[]) -echo -e "\n\e[44;1mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\e[0m\n" +echo -e "\n\033[44;37mCheck that VPN ($(tailscale status --json | jq -r .Self.Tags[])) is now live:\033[0m\n" echo -e " hostname -I" echo -e " tailscale ip" echo -e " tailscale status" @@ -52,20 +52,20 @@ echo -e " tailscale whois --json $(tailscale ip -1) | jq .Node.Endpoints,.Nod echo -e " tailscale ping --verbose [IP or HOSTNAME]" echo -e " tailscale status --json | jq" echo -e " systemctl status tailscaled\n" -echo -e "\e[4mTo disconnect from VPN:\e[0m\n" +echo -e "\033[4mTo disconnect from VPN:\033[0m\n" echo -e " tailscale down\n" -echo -e "\e[4mTo permanently log out of VPN:\e[0m\n" +echo -e "\033[4mTo permanently log out of VPN:\033[0m\n" echo -e " tailscale logout\n" # More useful table of IPs/usernames/etc than 'tailscale status' -#echo -e "\e[44;1mVPN peers: (rightmost column = online/offline)\e[0m\n" +#echo -e "\033[44;37mVPN peers: (rightmost column = online/offline)\033[0m\n" #tailscale status --json | jq -r '.Self,.Peer[] | .Tags[] + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + .OS + " " + .Relay + " " + (.Online|tostring)' | sort -V | column -t -#echo -e '\e[44;1mVPN peers: ("true" in 6th column means online)\e[0m\n' -echo -e '\e[44;1mVPN peers: (6th column = online/offline)\e[0m\n' +#echo -e '\033[44;37mVPN peers: ("true" in 6th column means online)\033[0m\n' +echo -e '\033[44;37mVPN peers: (6th column = online/offline)\033[0m\n' # (try .Tags[] catch "-") is safer than (.Tags[]? // "-") according to: https://stackoverflow.com/questions/54794749/jq-error-at-stdin0-cannot-iterate-over-null-null tailscale status --json | jq -r '.Self,.Peer[] | (try .Tags[] catch "-") + " " + .TailscaleIPs[] + " " + .HostName + " " + .DNSName + " " + (if .Relay == "" then "-" else .Relay end) + " XXX" + (.Online|tostring) + "XXX " + .OS' | sort -V | column -t | \ while read l; do - line=$(echo "$l" | sed 's/ XXXtrueXXX /\\e[0;32m ✅\\e[0m/ ; s/ XXXfalseXXX /\\e[0;31m ❌ \\e[0m/') + line=$(echo "$l" | sed 's/ XXXtrueXXX /\\033[0;32m ✅\\033[0m/ ; s/ XXXfalseXXX /\\033[0;31m ❌ \\033[0m/') echo -e "$line" $(tailscale whois --json $(echo $line | cut -d' ' -f2) | jq -r '.Node.Hostinfo | .Distro + " " + .DistroVersion + " " + .DeviceModel'); done echo From 3ebf210c991b35ccc612c43c17df5b4457d862f2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 31 Dec 2024 21:56:16 -0500 Subject: [PATCH 232/380] New MediaWiki 1.43.0 LTS --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index ce95ff076..5c37610af 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: "1.42" # "1.40" quotes nec if trailing zero -mediawiki_minor_version: 4 +mediawiki_major_version: "1.43" # "1.40" quotes nec if trailing zero +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 59956f2a913e9912432536c2b8b94e7916ffe968 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 31 Dec 2024 22:20:48 -0500 Subject: [PATCH 233/380] default_vars.yml: Launch 8.3 Release Cycle --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1e84fd3e0..4e61819a2 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -13,7 +13,7 @@ # IIAB (PRE-)release version number, for {{ iiab_env_file }} -iiab_base_ver: 8.2 +iiab_base_ver: 8.3 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear From 8d0f45bd4d674e7583f39fbe29317d6bc2ee4020 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 5 Jan 2025 16:35:38 -0500 Subject: [PATCH 234/380] Initial commit(x3) of Upload2USB stick app: 3 *.php files + UK logo --- roles/usb_lib/files/upload2usb/index.php | 50 +++++++++++++ roles/usb_lib/files/upload2usb/uk-swing.png | Bin 0 -> 4880 bytes .../usb_lib/files/upload2usb/upload-file.php | 70 ++++++++++++++++++ roles/usb_lib/files/upload2usb/upload2usb.php | 68 +++++++++++++++++ 4 files changed, 188 insertions(+) create mode 100644 roles/usb_lib/files/upload2usb/index.php create mode 100644 roles/usb_lib/files/upload2usb/uk-swing.png create mode 100644 roles/usb_lib/files/upload2usb/upload-file.php create mode 100644 roles/usb_lib/files/upload2usb/upload2usb.php diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload2usb/index.php new file mode 100644 index 000000000..ad4156876 --- /dev/null +++ b/roles/usb_lib/files/upload2usb/index.php @@ -0,0 +1,50 @@ + + + + + + + IIAB Homework Submission App + + + + + + + + + + +
+
+
+ +
+ +

Internet in a Box Homework Submission

+ + +

+ +
+
+ homework files have been submitted today! + +
+
+
+ + + diff --git a/roles/usb_lib/files/upload2usb/uk-swing.png b/roles/usb_lib/files/upload2usb/uk-swing.png new file mode 100644 index 0000000000000000000000000000000000000000..c5470365e784b58dde5eb8e9f2a1975621b700fc GIT binary patch literal 4880 zcma)A2UJtb77azv(4>hEDWQl6LJA550#fBsLJ2`ak(wa+kYW-bQ~^JHW{%acQBfuafYPTD+npdB#?%Xm1SqlWod6CtApplVg!KooK>_S6 zTZ(nTqVWLEZ{q-fHLC^aV@V!3khM37MxuI?$RI=8BOs)^C!V<72LL#-*naV3vH$c% zXL0FDszuk4 z{f5wD+1tZlSB!1%2m1N@p_4%V8Hh;zkrgXHFx{ODhN?oq|G^1~{O@iA!ryvQX(-&U%>FhY z6&*;%fl)Xr$&ccRW5MPAP67?@^&fb)XTB@{R@m?PB3P@VWk|uf(?}FFiR7#MUmpzw z_}}5bD!0vqL~0q~D0qJy_85gk_*P=FJB5ndR<0xahxDIo@0Q zwjVw%7KF77?%Uf>7m5J?W$XtY0p8x5f7+|x4}x!_tdl?&$STwyr;0A{*3HBv)^XWn zYNU^*voX{7Xy{haw&6qa5pFHf@|`c$VhYj593?TayBjRl3#GHN3+y8H_z3E>Qqeb6 zUNP3}4poO8KJI<%nXD{9a2GpUtf243LLHCSqj3~8yA7woPSev{)AfF<)66%_(a^{C zGif(c?@?!-rf+&JytubW2sy(o&@evpvCGF_9_doyVO(KDOyv6w_F5^vn{BQs*SqTZ zQx0x^Ut+7n+u+rOWji!l0@$iOH^?xIKDUEsj|4w6psKTBuD_rlF**5YZ%+?omyCa2 zZm#pnh)w@^*brr*3d9x-UfM7g@URuD$3&6LMFoUM9a+svz0W^!bS{a~wY#I8dx?zK22Tow&cj=Rp`5}g1VH4t{x z;p~P<^$biuPHx;cLe9Rn?;u*($ibEuXO|r#UF>|1lC$*S9G~|24YHg3GelO&5;Pb2 zsh%y&$8(nId}TxlU0ue?9Sjq`XR^g9#YL-h@rjs%@p4|?&^u8a@IBZiXpHK`n4ibdyRTrf^f!RgJL zQJu0%i9T<3_;x{Ey7r9c_?dr<+vGR zHsze5PQv$mi>HLLADcYn(7XaWjPgElVoZ~3Hnm;fmmbQhBV$^9Ek;pQBAH!7OjOh_ z=65Wi5pbnTz4|nkU zGMz`N#Qku`0d@Px@E+be*Jht<^_K2HTsbwuqKy0O>E;Zb;IQcWh8tJI0&J)J<_C)Q zY*;bgM!(V$5IF^r((|?53BAXG^T3Y|w>C&icIRD@;JQ z&=k!AiM$4zm*7R=dfL?r^&0MC@@`-%q?=F53CyUyqxA5pxiHfN#`ZR4rl(6*(NR9C5j?#nLJUGqiy>Rx8Gm)sVFwr>S%-Fn+%0CD> z-+~TOQr7e>RX}D_M+qR;%du(6v(3eyQ^+n`U%xmxzQ1|9HY|o$P0^)_G||vMJf3et zR*z1Vvo$*XQ6^XDf@$a5y`u$>`rox-afUib3;F@~x?{Ss_vMn`pA)CkU^<3wp1kpH#bQ89|8t!EMax_p5u$Yis-n#*u-nN z-*!htBl89Go-*1WL(;9|JxME?;4eW}Xwe53>Y|6h>ba zXs1bVEz;}^7j#*oo_$0d+R+>ppS~N0A>9NpC&CK?6`kO(zXHDK%}>aYa;+C$1uku= z^^CTxN)IGAPn{_)F7_*ahabQRaZREKoMqZ|3oEs4s}B_d_Al~Q-ClZcD29LL^!wDU z5v767zP0j~77D)VbK+}k)_|cA1#c&4?5S{e)$3K&V+6%lClngS5f^|wJm<3l6IM#~ zAibx>l~*dP+cHm3lJuA4=qK2aT7l$g8~zmm6+L@k*{Z=Qmur#-(P!im=i2NlVMJ^; z3EDj4U8@^O&M6U&G9i)kYGZo?B)`z?Bm^+_134*N!+m;vp_w$bYkHqz5MAMV!NR9A z4#cU$9Y`3abkW5q#YwXs`|QMMEVl!GhLP47xp|2%5K%}8>9@&eztG+%dErR!j((vh zU7G%ecQ!t_jV!s9W(|oc7BG#e1%*0-9Tf&8XBd-nlVP~lHizUJR8jTMeD7Z}<~-dl z_S!D*y~?gAM_raBUN}c6&qK* z`we{Qryl(lEVu&W9Ei9Y^YBGTYDmv$sokyPwr+Hu$)QKlJF}Li8jE~ z`G_~|i=gSkT)MbhKTxO4N<~LXobFn1Hb(Rc`^^jzuXJmQ#81qt$94~g)8S(gwf{Kz zi8&gue2#A)|9wf!7um7Iw55Trla0bH^8Gc}g@NgDnVW^WAIM5&k|q5IhP-(VLhySx zj#ebRNJs zwnhYt*$)FHj|bIfT)EPFnWtmbq2ocyEelkWGi=K%H8s^<#j$D@H`jEr*S=BDqi33T z34Tq2V_N;{*aom%YmKe}xQkrHR!MWy>xkr#|@lLB}3&L$2qpaYk&_Shvz4*}Hc68y*`XoWR@~k( zt2g)xta!tSw|TX`?rj!DoMHw()T}A(Bgr*Js(%Q)+d4EMe>CRBNM3|UvOz1GNr>FA zjviv+T;h;GPv}@zNemHspevMieviuhx=d@C&HVlW(cD-+DebxY{SrDdx7^=8FIjvU zU(kZ?Etoo(-Z{Uqdwq~2IKnKr^d2{yKT(D` zHPr7Ib?;(WTO4XDGPEvA7}K2Op|ItI^{Gm4cI^cA`wPftTTO)bbI>2?r4CCaZfPQT zpu+Z^3i)hS2iH7=6s;Jy`JT(x`2hB>n1xmV?p>qx&2?a0;mnA&Dd5y8eFehAOJ9GIhJ|9h?&z zynplN&Az5Q!Hazy=dXvn;H)f%*5=U@Vs3bOwq+PV&h{hBmrkE6Q8KCPco=-B{)rPG z?Y7KUkviS@9;M{$q778xU6AX}C%mEEIOgJAU1Meax@8ro>UUEe=4&sP%wkLg^%V%C z8Y$hU<*K-Q-?f)POtpr2&a{(wQbllkMBH~MGdcJJTynoit!N8I zU`i#W%&wQ~_v;4B-P|dkB%(}nwev(*fYBC$D<6}uc%=9P6%`fNI786Wm`$0jtB*9Q zp69#i$k=y-?kWI>GWdq>RmU%rA_q)A7VN$_1A}@#yJ=TZTIEH_DbJx)h=2mJqt9OO z(>M@1utN|kKaD*`^j;H_SY7IG1J7#n&+>Z1YL9M)WBNSmuIgE9Bv~@5){<{^c6R0q zZ%V}Oil1<9RT`KpoiH}dfBu>q4?ZdO`AW34@W@1|#9R4y^qQ8JrGEPDmOHg~aM^QM zVjUiFX69L$4_D?_XWBM@GCu5zvVVL3bB}INSAVVF+ggkZR6EsZcJD3~^CHM0wx`6% z_o^d{92v`fCy54JCS9fzANCYcip-0yBrH6k*uKeXpD>ZtN?J0pWB9IH4K>uRm{mMS zx2z=D_efn&vGi2V!9Kq{pEPI`+oq(ozcp206%ZE^xp7F9(=HpH(Pv|?*lE_$-F-U# zGryZoXZ^{p>qpEF1_$1Xtk>vp79A%CJh~%wnyheF;!99jT}@3*pTpfP+jJ4}HR%}G Wk%K$rjbygJ8krhf8kHKjMg9{3Sx(si literal 0 HcmV?d00001 diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php new file mode 100644 index 000000000..e2053864e --- /dev/null +++ b/roles/usb_lib/files/upload2usb/upload-file.php @@ -0,0 +1,70 @@ + + + + + + + IIAB Homework Submission App + + + + + + + + + + +
+
+
+ + +

Internet in a Box Homework Submission

+
+ homework files have been submitted today! + +
+
+
+ + + + diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php new file mode 100644 index 000000000..20b98e162 --- /dev/null +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -0,0 +1,68 @@ + 5000000) { +// $upload_msg = "Your file is too large."; +// $upload_ok = 0; +// } + +?> From 8d167ab98192454479c481d738d8b621412dcff9 Mon Sep 17 00:00:00 2001 From: avni Date: Mon, 6 Jan 2025 01:12:24 +0100 Subject: [PATCH 235/380] roles/usb_lib/tasks/install.yml: Add yaml to copy upload2usb app files to local_content folder --- roles/usb_lib/tasks/install.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e0699a652..c26746a61 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,6 +76,18 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } +# 2025-01-05: Copy upload2usb app files (#3875) to local_content +- name: 'Copy upload2usb app files from files/upload2usb/' + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: "0755" + with_fileglob: + - upload2usb/* + + # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 From 2706381a382c8e7326adcf1ab41769f350b0b380 Mon Sep 17 00:00:00 2001 From: avni Date: Mon, 6 Jan 2025 04:46:28 +0100 Subject: [PATCH 236/380] usb_lib/tasks/install.yml: Fixing yaml so upload2usb directory is created before files are copied --- roles/usb_lib/tasks/install.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index c26746a61..e05eeefc0 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,14 +76,19 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -# 2025-01-05: Copy upload2usb app files (#3875) to local_content -- name: 'Copy upload2usb app files from files/upload2usb/' +- name: '2025-01-05: Add upload2usb directory to local_content' + file: + state: directory + path: "{{ doc_root }}/local_content/upload2usb" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0755 + + +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload2usb/ to local_content' copy: src: "{{ item }}" dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: "0755" with_fileglob: - upload2usb/* From 99ff433a90f8d49d559d57a1540221766bb350a0 Mon Sep 17 00:00:00 2001 From: avni Date: Mon, 6 Jan 2025 04:48:19 +0100 Subject: [PATCH 237/380] usb_lib/files/upload2usb/*: renaming app to Upload To USB instead of HW Submission, other minor cleanup/styling --- roles/usb_lib/files/upload2usb/index.php | 14 +++++++------- roles/usb_lib/files/upload2usb/upload-file.php | 16 ++++++++-------- roles/usb_lib/files/upload2usb/upload2usb.php | 16 +++------------- 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload2usb/index.php index ad4156876..8151458b4 100644 --- a/roles/usb_lib/files/upload2usb/index.php +++ b/roles/usb_lib/files/upload2usb/index.php @@ -16,7 +16,7 @@ $file_count = getFileCount(getTargetFolderPath(0)); - IIAB Homework Submission App + IIAB Upload to USB App @@ -31,16 +31,16 @@ $file_count = getFileCount(getTargetFolderPath(0));
-
- -

Internet in a Box Homework Submission

+ + +

Internet in a Box Upload to USB

- -

+ +


- homework files have been submitted today! + files have been uploaded today!
diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php index e2053864e..ef23713ab 100644 --- a/roles/usb_lib/files/upload2usb/upload-file.php +++ b/roles/usb_lib/files/upload2usb/upload-file.php @@ -6,13 +6,13 @@ include("upload2usb.php"); -//get folder path where homework will be stored +//get folder path where file will be stored $target_folder_path = getTargetFolderPath(1); -$target_file = $target_folder_path . "/" . basename($_FILES["hw_submission"]["name"]); +$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]); $upload_ok = 1; $upload_msg = ""; -if(!isset($_POST["submit"]) || empty(basename($_FILES["hw_submission"]["name"]))) { +if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) { $upload_msg = "No file submitted."; $upload_ok = 0; } elseif (file_exists($target_file)) { @@ -26,8 +26,8 @@ if ($upload_ok == 0) { // if everything is ok, try to upload file } else { - if (move_uploaded_file($_FILES["hw_submission"]["tmp_name"], $target_file)) { - $upload_msg = "😊 ✅ Your homework file ". htmlspecialchars( basename( $_FILES["hw_submission"]["name"])). " was successfully uploaded!"; + if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { + $upload_msg = "😊 ✅ Your file ". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). " was successfully uploaded!"; } else { $upload_msg = "❌ There was an error uploading your file. " . $upload_msg; } @@ -41,7 +41,7 @@ $file_count = getFileCount($target_folder_path) - IIAB Homework Submission App + IIAB Upload to USB App @@ -57,9 +57,9 @@ $file_count = getFileCount($target_folder_path)
-

Internet in a Box Homework Submission

+

Internet in a Box Upload to USB


- homework files have been submitted today! + files have been submitted today!
diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 20b98e162..15a94290d 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -16,19 +16,14 @@ function getTargetUSBDriveLocation () { if (empty($removable_usb_path)) { return "/library/www/html/local_content/"; } else { - return $removable_usb_path . "/"; } - } -//returns folder path where homework will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist +//returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist function getTargetFolderPath ($create_folder_p) { $parent_dir = getTargetUSBDriveLocation(); - - -error_log("PARENTDIR: " . $parent_dir); - +// error_log("PARENTDIR: " . $parent_dir); $today_folder_name = "UPLOADS." . date("Y-m-d"); $target_folder_path = $parent_dir . $today_folder_name; @@ -36,9 +31,7 @@ error_log("PARENTDIR: " . $parent_dir); mkdir($target_folder_path, 0777); } - return $target_folder_path; - } //return number of files within a specified folder @@ -48,19 +41,16 @@ function getFileCount ($folder_path) { //*** TODO *** check file content to see if it's unique or not function isFileContentUnique ($file) { - - } //*** TODO **** check if file exists based on file name and return unique name if does function getUniqueFileName ($filename) { - } // Check file size - we are not going to check file size for now. -// elseif ($_FILES["hw_submission"]["size"] > 5000000) { +// elseif ($_FILES["uploaded_file"]["size"] > 5000000) { // $upload_msg = "Your file is too large."; // $upload_ok = 0; // } From 8fb56561893419e08e592f954a69f4444d3c118e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 5 Jan 2025 23:43:52 -0500 Subject: [PATCH 238/380] usb_lib/templates/content_dir.conf.unused: rename unused file --- .../templates/{content_dir.conf => content_dir.conf.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/usb_lib/templates/{content_dir.conf => content_dir.conf.unused} (100%) diff --git a/roles/usb_lib/templates/content_dir.conf b/roles/usb_lib/templates/content_dir.conf.unused similarity index 100% rename from roles/usb_lib/templates/content_dir.conf rename to roles/usb_lib/templates/content_dir.conf.unused From 1da4d45509868e5fe0fc5c6bf0ed71bf1fd9b8a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 6 Jan 2025 00:29:57 -0500 Subject: [PATCH 239/380] Update LICENSING.md --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index 33776a06e..77c1ed0b9 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2024, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2025, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From 956257f6cb57a7382b2bcfc2c92ebba41238a454 Mon Sep 17 00:00:00 2001 From: avni Date: Wed, 8 Jan 2025 11:45:00 +0100 Subject: [PATCH 240/380] usb_lib/upload/*.php, usb_lib/tasks/install.yml: Moving app from upload2usb/ to upload/; Fixing UK image on upload-file page; Minor formatting changes --- .../usb_lib/files/{upload2usb => upload}/index.php | 2 +- .../files/{upload2usb => upload}/uk-swing.png | Bin .../files/{upload2usb => upload}/upload-file.php | 2 +- .../files/{upload2usb => upload}/upload2usb.php | 1 + roles/usb_lib/tasks/install.yml | 10 +++++----- 5 files changed, 8 insertions(+), 7 deletions(-) rename roles/usb_lib/files/{upload2usb => upload}/index.php (96%) rename roles/usb_lib/files/{upload2usb => upload}/uk-swing.png (100%) rename roles/usb_lib/files/{upload2usb => upload}/upload-file.php (96%) rename roles/usb_lib/files/{upload2usb => upload}/upload2usb.php (96%) diff --git a/roles/usb_lib/files/upload2usb/index.php b/roles/usb_lib/files/upload/index.php similarity index 96% rename from roles/usb_lib/files/upload2usb/index.php rename to roles/usb_lib/files/upload/index.php index 8151458b4..0287e44f2 100644 --- a/roles/usb_lib/files/upload2usb/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -35,7 +35,7 @@ $file_count = getFileCount(getTargetFolderPath(0));

Internet in a Box Upload to USB

- +


diff --git a/roles/usb_lib/files/upload2usb/uk-swing.png b/roles/usb_lib/files/upload/uk-swing.png similarity index 100% rename from roles/usb_lib/files/upload2usb/uk-swing.png rename to roles/usb_lib/files/upload/uk-swing.png diff --git a/roles/usb_lib/files/upload2usb/upload-file.php b/roles/usb_lib/files/upload/upload-file.php similarity index 96% rename from roles/usb_lib/files/upload2usb/upload-file.php rename to roles/usb_lib/files/upload/upload-file.php index ef23713ab..684372823 100644 --- a/roles/usb_lib/files/upload2usb/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -56,7 +56,7 @@ $file_count = getFileCount($target_folder_path)
- +

Internet in a Box Upload to USB


files have been submitted today! diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php similarity index 96% rename from roles/usb_lib/files/upload2usb/upload2usb.php rename to roles/usb_lib/files/upload/upload2usb.php index 15a94290d..bd13d1f6b 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -16,6 +16,7 @@ function getTargetUSBDriveLocation () { if (empty($removable_usb_path)) { return "/library/www/html/local_content/"; } else { +// error_log ("REMOVABLE USB PATH: " . $removable_usb_path); return $removable_usb_path . "/"; } } diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e05eeefc0..de16e83a7 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,21 +76,21 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb directory to local_content' +- name: '2025-01-05: Add upload2usb app directory to local_content' file: state: directory - path: "{{ doc_root }}/local_content/upload2usb" + path: "{{ doc_root }}/local_content/upload" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload2usb/ to local_content' +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload2usb" # /library/www/html + dest: "{{ doc_root }}/local_content/upload" # /library/www/html with_fileglob: - - upload2usb/* + - upload/* # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ From 30f940a5f4c8f13e94fbcef8591747035273a014 Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 12 Jan 2025 12:04:47 +0100 Subject: [PATCH 241/380] error.php, header.php, footer.php - Add custom exception handling, header, footer; index.php, upload-file.php, upload-2-usb.php - Require exactly 1 USB stick to be inserted, allow same file name but different content (using incremental numbering), reject duplicate content, restrict file types --- roles/usb_lib/files/upload/error.php | 16 +++++ roles/usb_lib/files/upload/footer.php | 14 +++++ roles/usb_lib/files/upload/header.php | 32 ++++++++++ roles/usb_lib/files/upload/index.php | 34 ++--------- roles/usb_lib/files/upload/upload-file.php | 56 +++++++----------- roles/usb_lib/files/upload/upload2usb.php | 68 ++++++++++++++++++---- 6 files changed, 142 insertions(+), 78 deletions(-) create mode 100644 roles/usb_lib/files/upload/error.php create mode 100644 roles/usb_lib/files/upload/footer.php create mode 100644 roles/usb_lib/files/upload/header.php diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php new file mode 100644 index 000000000..75d4f5a2d --- /dev/null +++ b/roles/usb_lib/files/upload/error.php @@ -0,0 +1,16 @@ + + +AN ERROR occurred! Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Reach out to TK for help if you have any questions or continue having trouble with the setup. +

+ +Share the below error message with IIAB developers at TK for debugging: +
+ + + diff --git a/roles/usb_lib/files/upload/footer.php b/roles/usb_lib/files/upload/footer.php new file mode 100644 index 000000000..2e1fef0f7 --- /dev/null +++ b/roles/usb_lib/files/upload/footer.php @@ -0,0 +1,14 @@ + + +
+
+ + + + diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload/header.php new file mode 100644 index 000000000..78592e86d --- /dev/null +++ b/roles/usb_lib/files/upload/header.php @@ -0,0 +1,32 @@ + + + + + + + <?php echo $title ?> + + + + + + + + + + +
+
+
+ + +

diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index 0287e44f2..670d8499e 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -4,47 +4,21 @@ * Upload2USB App Index Page */ -include("upload2usb.php"); +$title = "IIAB Upload to USB"; +include("header.php"); //Check if folder for today exists, and get file count if it does - $file_count = getFileCount(getTargetFolderPath(0)); ?> - - - - - IIAB Upload to USB App - - - - - - - - - - -
-
-
-
- -

Internet in a Box Upload to USB

-



- files have been uploaded today! + files have been uploaded today! -
-
-
- - + \ No newline at end of file diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 684372823..d86f9aa60 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -4,20 +4,29 @@ * Upload2USB App - Process Submission */ -include("upload2usb.php"); +$title = "IIAB Upload to USB App Results"; +include("header.php"); //get folder path where file will be stored $target_folder_path = getTargetFolderPath(1); -$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]); +$uploaded_filename = basename($_FILES["uploaded_file"]["name"]); +$target_file = $target_folder_path . "/" . $uploaded_filename; $upload_ok = 1; $upload_msg = ""; -if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) { - $upload_msg = "No file submitted."; +if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) { + $upload_msg = "No file submitted!"; + $upload_ok = 0; +} elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; + $upload_ok = 0; +} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "This file already exists!"; $upload_ok = 0; } elseif (file_exists($target_file)) { - $upload_msg = "This file already exists."; - $upload_ok = 0; + // rename file so name is unique + $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); + $target_file = $target_folder_path . "/" . $new_filename; } // Check if $upload_ok is set to 0 by an error @@ -27,44 +36,19 @@ if ($upload_ok == 0) { // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { - $upload_msg = "😊 ✅ Your file ". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). " was successfully uploaded!"; + $upload_msg = "😊 ✅ Your file ". htmlspecialchars( $uploaded_filename ). " was successfully uploaded!"; } else { - $upload_msg = "❌ There was an error uploading your file. " . $upload_msg; + $upload_msg = "❌ There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg; } } -$file_count = getFileCount($target_folder_path) +$file_count = getFileCount($target_folder_path); ?> - - - - - IIAB Upload to USB App - - - - - - - - - - -
-
-
- - -

Internet in a Box Upload to USB


files have been submitted today! -
-
-
- - - + + diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index bd13d1f6b..3de51297d 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -4,6 +4,12 @@ * Upload2USB App Helper Functions */ +set_exception_handler(function (Throwable $exception) { + error_log('UPLOAD2USB ERROR: ' . (string)$exception); + + include ("error.php"); +}); + //return the first removable USB drive location function getTargetUSBDriveLocation () { @@ -11,26 +17,32 @@ function getTargetUSBDriveLocation () { // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 - $removable_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + # error if 1<>usb sticks are installed + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); + if ($rmv_usb_path_count == 0) { + throw new RuntimeException('0 USB sticks found

'); + } elseif ($rmv_usb_path_count > 1) { + throw new RuntimeException('More than 1 USB sticks installed

'); + } - if (empty($removable_usb_path)) { - return "/library/www/html/local_content/"; + $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + + if (empty($rmv_usb_path)) { + throw new RuntimeException('Not able to find USB stick

'); } else { -// error_log ("REMOVABLE USB PATH: " . $removable_usb_path); - return $removable_usb_path . "/"; + return $rmv_usb_path . "/"; } } //returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist function getTargetFolderPath ($create_folder_p) { $parent_dir = getTargetUSBDriveLocation(); -// error_log("PARENTDIR: " . $parent_dir); + $today_folder_name = "UPLOADS." . date("Y-m-d"); $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777); - + mkdir($target_folder_path, 0777); } return $target_folder_path; } @@ -40,15 +52,45 @@ function getFileCount ($folder_path) { return count(glob($folder_path . "/*")); } -//*** TODO *** check file content to see if it's unique or not -function isFileContentUnique ($file) { +//check if file mimetype is acceptable for upload +function isFileMimeTypeAcceptable ($file) { + $mimetype = strtolower(mime_content_type($file)); + $invalid_mimetypes_str = array ("compress", "octet", "xml", "zip"); + foreach ($invalid_mimetypes_str as $invalid_mt_str) { + if (str_contains($mimetype, $invalid_mt_str)) { + return false; + } + } + return true; } +//check file content to see if it's unique or not +function isFileContentUnique ($target_folder_path, $file) { + $file_to_upload_md5 = md5_file($file); + $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); + foreach ($usb_dir as $dir_file) { + $dir_file = $target_folder_path . "/" . $dir_file; -//*** TODO **** check if file exists based on file name and return unique name if does -function getUniqueFileName ($filename) { + if (!is_dir($dir_file)) { + $dir_file_md5 = md5_file($dir_file); + if ($file_to_upload_md5 == $dir_file_md5) { + return false; + } + } + } + return true; } +//return unique filename +function getUniqueFileName ($target_folder_path, $filename) { + $new_filename = $filename; + $counter = 1; + while (file_exists($target_folder_path . "/" . $new_filename)) { + $counter++; + $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); + } + return $new_filename; +} // Check file size - we are not going to check file size for now. // elseif ($_FILES["uploaded_file"]["size"] > 5000000) { @@ -56,4 +98,6 @@ function getUniqueFileName ($filename) { // $upload_ok = 0; // } + + ?> From 312ddce9ecbeda749e70e9e66cc2cc5ab33363e9 Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 12 Jan 2025 12:07:37 +0100 Subject: [PATCH 242/380] Adding PR number to beginning of upload2usb block --- roles/usb_lib/tasks/install.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index de16e83a7..670c2f61a 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,7 +76,7 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app directory to local_content' +- name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' file: state: directory path: "{{ doc_root }}/local_content/upload" @@ -84,7 +84,6 @@ group: "{{ apache_user }}" mode: 0755 - - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" @@ -92,7 +91,6 @@ with_fileglob: - upload/* - # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 From 917c6840d69e43d16155cb0035cd91e4fcdc69a2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 8 Jan 2025 19:26:27 -0600 Subject: [PATCH 243/380] better visual feedback when running --- roles/network/tasks/hostapd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 4d64bf843..afc3d701c 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -3,7 +3,7 @@ hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap -- name: Disable the Access Point 'hostapd' service +- name: Disable the Access Point 'hostapd' service hostapd_enabled False systemd: name: hostapd enabled: no @@ -15,7 +15,7 @@ ignore_errors: True when: wifi_up_down and can_be_ap and has_wifi_gateway is defined -- name: Set Wifi Region country code for hostapd when present +- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 From 9391d37f40944de7a61efffa68c76b51b246e19f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Jan 2025 16:43:01 -0600 Subject: [PATCH 244/380] move country code detection --- roles/network/tasks/detected_network.yml | 13 +++++++++++++ roles/network/tasks/hostapd.yml | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 0fe997598..34c5ade8d 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -239,6 +239,17 @@ iiab_lan_iface: "{{ iiab_wireless_lan_iface }}" when: iiab_wireless_lan_iface is defined and nobridge is defined +- name: Detect WiFi country code in use + shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" + register: REG_DOM + ignore_errors: True + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present + set_fact: + host_country_code: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -295,6 +306,8 @@ value: "{{ iiab_wan_iface }}" - option: can_be_ap value: "{{ can_be_ap }}" + - option: host_country_code_found + value: "{{ host_country_code }}" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index afc3d701c..ac5df14d9 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,17 +9,6 @@ enabled: no when: not hostapd_enabled -- name: Detect WiFi country code in use - shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" - register: REG_DOM - ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - -- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present - set_fact: - host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel From fa8cc5637e044f4cf46ebf96c0db51e96cbf356b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 12 Jan 2025 10:26:51 -0600 Subject: [PATCH 245/380] move channel detection also --- roles/network/tasks/detected_network.yml | 16 ++++++++++++++++ roles/network/tasks/hostapd.yml | 16 ---------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 34c5ade8d..aaaf06a7e 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -250,6 +250,11 @@ host_country_code: "{{ REG_DOM.stdout }}" when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 +- name: Detect current Wifi channel + shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 + register: current_client_channel + when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -309,6 +314,17 @@ - option: host_country_code_found value: "{{ host_country_code }}" +- name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: client_wifi_channel_found + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined + # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired - name: I'm not guessing declare gateway please diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index ac5df14d9..67e04f798 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -9,11 +9,6 @@ enabled: no when: not hostapd_enabled -- name: Detect current Wifi channel - shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 - register: current_client_channel - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined - - name: Setting WiFi channel to {{ current_client_channel.stdout }} set_fact: host_channel: "{{ current_client_channel.stdout }}" @@ -120,14 +115,3 @@ value: "{{ host_country_code }}" - option: host_channel value: "{{ host_channel }}" - -- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined From a9c916e2199988c63faf2c4d51449d627d0dc108 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 8 Jan 2025 19:26:32 -0600 Subject: [PATCH 246/380] dont start hostapd when no_net_restart is True --- roles/network/tasks/restart.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index ec1dda7b6..9220e2d92 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -28,12 +28,12 @@ state: restarted when: wifi_up_down and can_be_ap and ansible_ap0 is undefined -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd state: restarted daemon_reload: yes - when: hostapd_enabled and (wifi_up_down or not no_net_restart) + when: hostapd_enabled and not no_net_restart # 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch # any of the config files... netplan.yml renames one file if it's a container @@ -107,7 +107,7 @@ systemd: name: hostapd state: restarted - when: hostapd_enabled and wifi_slave.stdout is defined and wifi_slave.stdout == 0 + when: hostapd_enabled and not no_net_restart and wifi_slave.stdout is defined and wifi_slave.stdout == 0 #both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0 #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address From fb008640ef031e476f8b11262e8a724b4a027880 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 8 Jan 2025 23:49:37 -0600 Subject: [PATCH 247/380] deal with tailscale0 --- roles/network/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 82de51aff..6b81d5a58 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -55,7 +55,7 @@ strict_networking: False iiab_demo_mode: False gui_static_wan: False wan_cidr: "" -virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" +virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e tailscale0" # Set defaults for discovery process as strings wifi1: "not found-1" From e75a8e5449e58b672fa776202411ea2755406af4 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Mon, 13 Jan 2025 19:43:02 -0500 Subject: [PATCH 248/380] set www_data poweroff false with rename --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 16 ++++++++-------- roles/www_options/tasks/php-settings.yml | 2 +- ...ache_poweroff.j2 => 020_www_data_poweroff.j2} | 0 vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- 10 files changed, 21 insertions(+), 21 deletions(-) rename roles/www_options/templates/{020_apache_poweroff.j2 => 020_www_data_poweroff.j2} (100%) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index e39bea703..a28c2da61 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# allow_www_data_sudo: True +# allow_www_data_poweroff: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 2319c58f5..5795ea7e6 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,22 +77,22 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_poweroff) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_www_data_poweroff from template template: - src: 020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff + src: 020_www_data_poweroff.j2 + dest: /etc/sudoers.d/020_www_data_poweroff mode: '0440' - when: allow_www_data_sudo + when: allow_www_data_poweroff -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_www_data_poweroff file: - path: /etc/sudoers.d/020_apache_poweroff + path: /etc/sudoers.d/020_www_data_poweroff state: absent - when: not allow_www_data_sudo + when: not allow_www_data_poweroff # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 184c07b21..23c85d24b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_poweroff conditionals below. diff --git a/roles/www_options/templates/020_apache_poweroff.j2 b/roles/www_options/templates/020_www_data_poweroff.j2 similarity index 100% rename from roles/www_options/templates/020_apache_poweroff.j2 rename to roles/www_options/templates/020_www_data_poweroff.j2 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4e61819a2..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # roles/www_base runs here (mandatory) @@ -341,7 +341,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ac2e78128..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 45d6db53f..d997362a4 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -allow_www_data_sudo: True +allow_www_data_poweroff: False # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c12fcb04f..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88253e035..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 39d8cf05c..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -225,7 +225,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True From 2981a7deaa5df95dfc5064e68c84901ac2a4a1c0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2025 22:19:43 -0500 Subject: [PATCH 249/380] hostapd.yml: "Disable the Access Point 'hostapd' service if hostapd_enabled False" --- roles/network/tasks/hostapd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 67e04f798..c845bd637 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -3,7 +3,7 @@ hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap -- name: Disable the Access Point 'hostapd' service hostapd_enabled False +- name: Disable the Access Point 'hostapd' service if hostapd_enabled False systemd: name: hostapd enabled: no From a16be49be576b2f059a384c895c32ae3bd02b9dd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 15 Jan 2025 03:16:16 -0600 Subject: [PATCH 250/380] add recording of firmware selection and force wifi_up_down false when required --- roles/network/tasks/detected_network.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index aaaf06a7e..bd657010b 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -255,6 +255,11 @@ register: current_client_channel when: wifi_up_down and can_be_ap and has_wifi_gateway is defined +- name: Forcing wifi_up_down to False based on firmware selection "24" + set_fact: + wifi_up_down: False + when: rpi3bplus_rpi4_wifi_firmware == "24" + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -313,6 +318,10 @@ value: "{{ can_be_ap }}" - option: host_country_code_found value: "{{ host_country_code }}" + - option: firmware_option_1 + value: "{{ rpi3bplus_rpi4_wifi_firmware }}" + - option: firmware_option_2 + value: "{{ rpizerow_rpi3_wifi_firmware }}" - name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} ini_file: From 3bb41e2e07fbc0d40027e1b2e0eabd38640549d1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 15 Jan 2025 03:17:01 -0600 Subject: [PATCH 251/380] move firmware replacement --- roles/network/tasks/main.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 7e2f1eabb..221ea61b6 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,8 +1,3 @@ -- name: Select RPi firmware mode - include_role: - name: firmware - when: rpi_model != "none" - - name: detected_network include_tasks: detected_network.yml @@ -108,6 +103,10 @@ # end block when: network_installed is defined and network_enabled +- name: Select RPi firmware mode + include_role: + name: firmware + when: rpi_model != "none" - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: From d52fe013cd07b8bef45d070237c535ec72861f37 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 16 Jan 2025 07:07:51 -0600 Subject: [PATCH 252/380] don't restart wpa_supplicant when network_manager_active is set --- roles/network/tasks/restart.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 9220e2d92..5902f5d50 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -12,7 +12,7 @@ state: restarted with_items: - wpa_supplicant - when: wifi_up_down and hostapd_enabled + when: wifi_up_down and hostapd_enabled and not network_manager_active - name: Enable & Restart networkd-dispatcher.service systemd: From ca22622c7d30b4981f4ebfe679bbd6d8d1aac777 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 Jan 2025 09:51:32 -0500 Subject: [PATCH 253/380] detected_network.yml: Record WiFi firmware vars (43430 & 43455) --- roles/network/tasks/detected_network.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index bd657010b..ba104f5d6 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -318,10 +318,10 @@ value: "{{ can_be_ap }}" - option: host_country_code_found value: "{{ host_country_code }}" - - option: firmware_option_1 - value: "{{ rpi3bplus_rpi4_wifi_firmware }}" - - option: firmware_option_2 - value: "{{ rpizerow_rpi3_wifi_firmware }}" + - option: wifi_firmware_43430 + value: "{{ rpizerow_rpi3_wifi_firmware }}" + - option: wifi_firmware_43455 + value: "{{ rpi3bplus_rpi4_wifi_firmware }}" - name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} ini_file: From a5e90f65111f11d2976a861bcf43e44499460643 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 Jan 2025 09:54:44 -0500 Subject: [PATCH 254/380] network/tasks/main.yml: Blank line --- roles/network/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 221ea61b6..bb05482f5 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -108,6 +108,7 @@ name: firmware when: rpi_model != "none" + - name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. file: path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" From f8b743dafc003cecb57043eea42295ddf12649d3 Mon Sep 17 00:00:00 2001 From: avni Date: Fri, 17 Jan 2025 09:34:15 +0100 Subject: [PATCH 255/380] error.php, index.php, upload-file.php, upload2usb.php: Updating error message to refer to FAQs, titles to be more succinct, adding exception when directory can't be created. --- roles/usb_lib/files/upload/error.php | 4 ++-- roles/usb_lib/files/upload/index.php | 2 +- roles/usb_lib/files/upload/upload-file.php | 2 +- roles/usb_lib/files/upload/upload2usb.php | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index 75d4f5a2d..c5210d229 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -6,10 +6,10 @@ ?> -AN ERROR occurred! Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Reach out to TK for help if you have any questions or continue having trouble with the setup. +ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQs for additional support: FAQ #4 - Can teachers display their own content?, FAQ #49 - What are the best places for community support?. +

-Share the below error message with IIAB developers at TK for debugging:
diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index 670d8499e..e77b079ff 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -4,7 +4,7 @@ * Upload2USB App Index Page */ -$title = "IIAB Upload to USB"; +$title = "Upload to USB"; include("header.php"); //Check if folder for today exists, and get file count if it does diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index d86f9aa60..0d132d1d3 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -4,7 +4,7 @@ * Upload2USB App - Process Submission */ -$title = "IIAB Upload to USB App Results"; +$title = "Upload to USB Results"; include("header.php"); //get folder path where file will be stored diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index 3de51297d..31623ea6f 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -20,15 +20,15 @@ function getTargetUSBDriveLocation () { # error if 1<>usb sticks are installed $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); if ($rmv_usb_path_count == 0) { - throw new RuntimeException('0 USB sticks found

'); + throw new RuntimeException('0 USB sticks found.

'); } elseif ($rmv_usb_path_count > 1) { - throw new RuntimeException('More than 1 USB sticks installed

'); + throw new RuntimeException('More than 1 USB sticks installed.

'); } $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); if (empty($rmv_usb_path)) { - throw new RuntimeException('Not able to find USB stick

'); + throw new RuntimeException('Not able to find USB stick.

'); } else { return $rmv_usb_path . "/"; } @@ -42,7 +42,7 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777); + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_umask0000_for_kolibri' is set to 'True'.

"); } return $target_folder_path; } From ebbe9c066e8bb5e45cea30cca956c0eb82efaf96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jan 2025 10:16:37 -0500 Subject: [PATCH 256/380] iiab-diagnostics: wpa_supplicant, NetworkManager, dmesg | grep Firmware --- scripts/iiab-diagnostics | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 47a1ae015..248cbb70d 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -219,11 +219,14 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' +cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' +cat_cmd 'journalctl -b | grep NetworkManager' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' -cat_cmd 'lspci -nn' 'Devices on PCI buses' +cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' cat_cmd 'npm -v' 'npm version' From 59f1d1b090e11e8c9c0bdecc31fcd7de551d56ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jan 2025 10:23:36 -0500 Subject: [PATCH 257/380] iiab-diagnostics: rpi-eeprom-update to show bootloader version --- scripts/iiab-diagnostics | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 248cbb70d..d1e6e0b2b 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -195,6 +195,7 @@ echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' +cat_cmd 'rpi-eeprom-update' 'RPi Bootloader EEPROM' cat_cmd 'df -h' 'Disk usage' cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' From 720e328ab6c35167b7cbbd02b528a75fd9ef61c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jan 2025 10:55:43 -0500 Subject: [PATCH 258/380] iiab-diagnostics: Cap NetworkManager logging at 100 lines for now --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index d1e6e0b2b..51063f9f7 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -221,7 +221,7 @@ cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' -cat_cmd 'journalctl -b | grep NetworkManager' 'NetworkManager log since boot' +cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' From d09842245b16b2baa8d64e02c5aaabb8d2693e78 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 Jan 2025 13:09:48 -0500 Subject: [PATCH 259/380] iiab-diagnostics: Clarify RPi WiFi firmware / HW models --- scripts/iiab-diagnostics | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 51063f9f7..273bdd495 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -224,8 +224,8 @@ cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' -cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'RPi Zero W & 3 WiFi firmware' -cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'RPi 3 B+ & 4 WiFi firmware' +cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' +cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'WiFi firmware for: RPi 3 B+, 4, 5 & 500' cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' From 271da50114dfc80f983d513cb3597c4e12f683ea Mon Sep 17 00:00:00 2001 From: avni Date: Fri, 17 Jan 2025 23:03:01 +0100 Subject: [PATCH 260/380] upload-file.php: Allow upload of redundant files --- roles/usb_lib/files/upload/upload-file.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 0d132d1d3..0b92ee4e5 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -20,15 +20,17 @@ if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_n } elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; $upload_ok = 0; -} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { - $upload_msg = "This file already exists!"; - $upload_ok = 0; } elseif (file_exists($target_file)) { // rename file so name is unique $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); $target_file = $target_folder_path . "/" . $new_filename; } +#elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { +# $upload_msg = "This file already exists!"; +# $upload_ok = 0; +#} + // Check if $upload_ok is set to 0 by an error if ($upload_ok == 0) { $upload_msg = "❌ Your file was not uploaded. " . $upload_msg; From a81856db5d3f056c781478cacd09e6157627c6bc Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 00:09:09 -0500 Subject: [PATCH 261/380] iiab-diagnostics: Cleaner output if COMMAND NOT FOUND --- scripts/iiab-diagnostics | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 273bdd495..eae728eac 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -101,10 +101,18 @@ function cat_cmd() { # $1 = command + params, $2 = explanation spc_params=$(echo "$1" | sed 's/^\s*\S\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) - if [[ $2 == "" ]]; then - echo "COMMAND: $path_cmd$spc_params" >> $outfile + if [[ $path_cmd == "" ]]; then + if [[ $2 == "" ]]; then + echo "COMMAND: $1" >> $outfile + else + echo "COMMAND: $1 # $2" >> $outfile + fi else - echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile + if [[ $2 == "" ]]; then + echo "COMMAND: $path_cmd$spc_params" >> $outfile + else + echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile + fi fi echo >> $outfile if [[ $path_cmd == "" ]]; then From 803197e8179774ebf67a21b3680af29fccf4862e Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 00:23:47 -0500 Subject: [PATCH 262/380] iiab-diagnostics.README.md: Update key line numbers --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index fa6c560e5..8e60124a3 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-256 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-268 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From d6b7114afc168989202e18f02d6a16c2b3ebd2c5 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 01:35:36 -0500 Subject: [PATCH 263/380] CI: Revert ARM tests to run on Ubuntu 22.04 for now --- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- ...aspios.yml => 30min-iiab-test-install-raspios-on-zero2w.yml} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{30min-iiab-test-install-raspios.yml => 30min-iiab-test-install-raspios-on-zero2w.yml} (99%) diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index 9940b2781..403b1e7a7 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: arch: [debian12] diff --git a/.github/workflows/30min-iiab-test-install-raspios.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml similarity index 99% rename from .github/workflows/30min-iiab-test-install-raspios.yml rename to .github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index ea89758ed..9a51536ab 100644 --- a/.github/workflows/30min-iiab-test-install-raspios.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch] jobs: test-install: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64] From 66fd7fad394c5fee13e4572647fb029823179bc8 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 01:46:50 -0500 Subject: [PATCH 264/380] Cleaner 30min-iiab-test-install-raspios-on-zero2w.yml --- .../30min-iiab-test-install-raspios-on-zero2w.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index 9a51536ab..63105bd68 100644 --- a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install raspios' +name: '"30 min" IIAB test install raspios on zero2w' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html @@ -65,13 +65,13 @@ jobs: uname -a # uname -srm whoami # Typically 'root' instead of 'runner' pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }} - sudo apt-get update -y --allow-releaseinfo-change - sudo apt-get install --no-install-recommends -y git + apt-get update -y --allow-releaseinfo-change + apt-get install --no-install-recommends -y git ls /opt/iiab/iiab - sudo mkdir /etc/iiab - sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml - sudo /opt/iiab/iiab/scripts/ansible - sudo ./iiab-install + mkdir /etc/iiab + cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml + /opt/iiab/iiab/scripts/ansible + ./iiab-install cd /opt/iiab/iiab iiab-summary cat /etc/iiab/iiab_state.yml From 6f63de16223a3bcae3003972c664f120de103221 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Jan 2025 02:42:28 -0500 Subject: [PATCH 265/380] Clarify & tighten up all 3 GHA workflow names (titles) --- .github/workflows/10min-iiab-test-install.yml | 2 +- .github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml | 2 +- .github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/10min-iiab-test-install.yml b/.github/workflows/10min-iiab-test-install.yml index 24dfc6c79..d2b8bd056 100644 --- a/.github/workflows/10min-iiab-test-install.yml +++ b/.github/workflows/10min-iiab-test-install.yml @@ -1,4 +1,4 @@ -name: '"10 min" IIAB test install' +name: '"10 min" IIAB on Ubuntu 24.04 on x86-64' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html diff --git a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml index 403b1e7a7..a8703346e 100644 --- a/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml +++ b/.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install deb12 on rpi3' +name: '"30 min" IIAB on Debian 12 on RPi 3' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html diff --git a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml index 63105bd68..9b521fee6 100644 --- a/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml +++ b/.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml @@ -1,4 +1,4 @@ -name: '"30 min" IIAB test install raspios on zero2w' +name: '"30 min" IIAB on RasPiOS on Zero 2 W' # run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 # https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html From f60a61ea4bfa1f83ef74d6fdd43e1303f1763303 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 18 Jan 2025 14:04:33 -0600 Subject: [PATCH 266/380] replace is_raspbian with dhcpcd_result == enabled --- roles/network/templates/hostapd/iiab-hotspot-off | 4 ++-- roles/network/templates/hostapd/iiab-hotspot-on | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/templates/hostapd/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off index 25a5053be..fb45603a6 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-off +++ b/roles/network/templates/hostapd/iiab-hotspot-off @@ -14,7 +14,7 @@ echo " IIAB hotspot access point Disabled" #exit 0 {% else %} echo " IIAB hotspot access point Disabled" -{% if is_raspbian %} +{% if dhcpcd_result == "enabled" %} # hotspot-off before ap0_updown sed -i "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf #systemctl disable dnsmasq @@ -37,7 +37,7 @@ fi echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n" #exit 0 {% endif %} -#is_raspbian +#if dhcpcd_result == "enabled" {% endif %} #wifi_up_down {% endif %} diff --git a/roles/network/templates/hostapd/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on index 03ca2d4ae..35ccc7adf 100755 --- a/roles/network/templates/hostapd/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -16,7 +16,7 @@ systemctl enable hostapd systemctl enable iiab-wifi-test.service #exit 0 {% else %} -{% if is_raspbian %} +{% if dhcpcd_result == "enabled" %} # just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf @@ -44,7 +44,7 @@ fi systemctl enable hostapd #exit 0 {% endif %} -#is_raspbian +#if dhcpcd_result == "enabled" {% endif %} #wifi_up_down {% endif %} From 9426e6ac98802ebbfdd8a2c74d964a9a6f0b5293 Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 19 Jan 2025 08:21:27 +0100 Subject: [PATCH 267/380] upload-file.php: throw error when user uploads a file that has the same content and name as an already uploaded file on the same day. --- roles/usb_lib/files/upload/upload-file.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 0b92ee4e5..510a308ab 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -21,15 +21,16 @@ if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_n $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; $upload_ok = 0; } elseif (file_exists($target_file)) { - // rename file so name is unique - $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); - $target_file = $target_folder_path . "/" . $new_filename; -} -#elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { -# $upload_msg = "This file already exists!"; -# $upload_ok = 0; -#} + if (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) { + $upload_msg = "This file already exists!"; + $upload_ok = 0; + } else { + // rename file so name is unique + $new_filename = getUniqueFileName($target_folder_path, $uploaded_filename); + $target_file = $target_folder_path . "/" . $new_filename; + } +} // Check if $upload_ok is set to 0 by an error if ($upload_ok == 0) { From e4bdc4ddabc50ef89bfafe6c112c367076b5956f Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 19 Jan 2025 09:04:01 +0100 Subject: [PATCH 268/380] install.yml: add comment that usb_lib_umask0000_for_kolibri must be set to true in order to write to USB sticks. --- roles/usb_lib/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 670c2f61a..94d9b5e9a 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,6 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) +# usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 0994a5786d87b96f56cfdd4461725caa1a29108d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 20 Jan 2025 08:27:49 -0600 Subject: [PATCH 269/380] detect Firmware rejected country setting --- roles/network/defaults/main.yml | 1 + roles/network/tasks/detected_network.yml | 26 +++++++++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 6b81d5a58..100b1f6ff 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -71,6 +71,7 @@ iiab_lan_iface: none discovered_lan_iface: none discovered_wired_iface: none discovered_wireless_iface: none +host_country_code_found: unset # Red Hat #iiab_wired_lan_iface: "none" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index ba104f5d6..f75ad3f06 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -243,12 +243,16 @@ shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||" register: REG_DOM ignore_errors: True - when: wifi_up_down and can_be_ap and has_wifi_gateway is defined + +- name: Set host_country_code_found + set_fact: + host_country_code_found: "{{ REG_DOM.stdout }}" + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 - name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present set_fact: host_country_code: "{{ REG_DOM.stdout }}" - when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 + when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 and wifi_up_down and can_be_ap and has_wifi_gateway is defined - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 @@ -260,6 +264,11 @@ wifi_up_down: False when: rpi3bplus_rpi4_wifi_firmware == "24" +- name: Detect "Firmware rejected country setting" in dmesg + shell: dmesg | grep ieee80211 | grep "Firmware rejected country setting" + register: FW_rejected_country + ignore_errors: True + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -317,7 +326,7 @@ - option: can_be_ap value: "{{ can_be_ap }}" - option: host_country_code_found - value: "{{ host_country_code }}" + value: "{{ host_country_code_found }}" - option: wifi_firmware_43430 value: "{{ rpizerow_rpi3_wifi_firmware }}" - option: wifi_firmware_43455 @@ -334,6 +343,17 @@ value: "{{ current_client_channel.stdout }}" when: current_client_channel.stdout is defined +- name: Add 'detected_network' variable 'FW_rejected_country' value if defined, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: FW_rejected_country + value: "{{ host_country_code_found }}" + when: FW_rejected_country.stdout is defined + # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired - name: I'm not guessing declare gateway please From f15a50610ee446ed966eeb95c65f5678d5eaf9a2 Mon Sep 17 00:00:00 2001 From: avni Date: Wed, 22 Jan 2025 05:18:41 +0100 Subject: [PATCH 270/380] install.yml: Adding instructions on how to unmount and mount drive manually if writing to the USB stick still doesn't work. --- roles/usb_lib/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 94d9b5e9a..181bd8819 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -8,6 +8,7 @@ # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) # usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 0caa16491df4df543e94813bad138e48ed65aac6 Mon Sep 17 00:00:00 2001 From: Avni Khatri/Fein Date: Tue, 21 Jan 2025 23:27:45 -0500 Subject: [PATCH 271/380] install.yml: adding e.g. to make clear that variable doesn't have to be in local_vars.yml" roles/usb_lib/tasks/install.yml Co-authored-by: A Holt --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 94d9b5e9a..f5172b190 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,7 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_umask0000_for_kolibri (in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_umask0000_for_kolibri (e.g. in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From f79a43e305675ae2178266921573f72be0d98f98 Mon Sep 17 00:00:00 2001 From: avni Date: Wed, 22 Jan 2025 10:16:21 +0100 Subject: [PATCH 272/380] install.yml: merging comments related to usb_lib_umask0000_for_kolibri --- roles/usb_lib/tasks/install.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index afc36e4f8..e435719dc 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,8 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) - -# usb_lib_umask0000_for_kolibri (e.g. in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_umask0000_for_kolibri (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks # If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). From 335d8ad4c1551db1725b0532b815f387e3899177 Mon Sep 17 00:00:00 2001 From: avni Date: Wed, 22 Jan 2025 10:22:38 +0100 Subject: [PATCH 273/380] nginx/templates/iiab.conf.j2, usb_lib/files/upload/button.html: Adding button to upload2usb app on every usb/ directory listing page. --- roles/nginx/templates/iiab.conf.j2 | 2 ++ roles/usb_lib/files/upload/button.html | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 roles/usb_lib/files/upload/button.html diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index df2fc6a94..e25a2b08c 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,10 +5,12 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; + add_before_body /usb/upload/button.html; } location /local_content/ { fancyindex on; # autoindex on; + add_before_body /usb/upload/button.html; } location /info { diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html new file mode 100644 index 000000000..276baa839 --- /dev/null +++ b/roles/usb_lib/files/upload/button.html @@ -0,0 +1,19 @@ + +Upload to USB From 01baaa661a7e274c451198ab80b3bacdb3bb1411 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Jan 2025 16:53:44 -0500 Subject: [PATCH 274/380] iiab-diagnostics: Refine 3+ 'sudo dmesg | grep ...' cmds --- scripts/iiab-diagnostics | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index eae728eac..6f93f0359 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -201,6 +201,7 @@ cat_dir /etc/netplan # Redacts most passwords above echo -e "\n 4. Output of Commands:\n" echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' +cat_cmd 'sudo dmesg | grep -i "command line:"' 'Kernel boot parameters' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' cat_cmd 'rpi-eeprom-update' 'RPi Bootloader EEPROM' @@ -230,11 +231,11 @@ cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' -#cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' -cat_cmd 'dmesg | grep Firmware' '(Wi-Fi) firmware boot diagnostics' +#cat_cmd 'sudo dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +cat_cmd 'sudo dmesg | grep Firmware:' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' cat_cmd 'ls -l /lib/firmware/cypress/*43455*' 'WiFi firmware for: RPi 3 B+, 4, 5 & 500' -cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' +cat_cmd 'sudo dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'env' 'Environment variables' cat_cmd 'node -v' 'Node.js version' From 765e1cd4b1060d787e7b580e2368e3701eac9c98 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Jan 2025 17:42:56 -0500 Subject: [PATCH 275/380] iiab-diagnostics: Use sudo with journalctl (in all 6 cases_ --- scripts/iiab-diagnostics | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 6f93f0359..ca1ee4d67 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -229,8 +229,8 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' -cat_cmd 'journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' -cat_cmd 'journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' +cat_cmd 'sudo journalctl -b | grep wpa_supplicant' 'wpa_supplicant log since boot' +cat_cmd 'sudo journalctl -b | grep NetworkManager | head -100' 'NetworkManager log since boot' #cat_cmd 'sudo dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'sudo dmesg | grep Firmware:' '(Wi-Fi) firmware boot diagnostics' cat_cmd 'ls -l /lib/firmware/cypress/*43430*' 'WiFi firmware for: RPi Zero W, Zero 2 W & 3' @@ -245,10 +245,10 @@ cat_cmd 'cd /usr/local/calibre-web-py3; sudo git log --graph --oneline --decorat cat_cmd 'sudo lb --version' 'xklb version' cat_cmd 'sudo yt-dlp --version' 'yt-dlp version' cat_cmd 'systemctl status calibre-web' 'Is Calibre-Web running?' -cat_cmd 'journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' +cat_cmd 'sudo journalctl -u calibre-web | tail -100' 'Calibre-Web systemd log' cat_tail /var/log/calibre-web.log 100 cat_tail /var/log/xklb.log 300 -cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' +cat_cmd 'sudo journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" From 89a06d6e5e5706a81faf5345acc7cb8bef785a84 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 Jan 2025 18:26:43 -0500 Subject: [PATCH 276/380] Update iiab-diagnostics.README.md for PR #3909 --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 8e60124a3..f766e922e 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-268 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-269 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From ad175fb3caf50a66935afbcef7616ea18affff56 Mon Sep 17 00:00:00 2001 From: avni Date: Thu, 23 Jan 2025 06:19:13 +0100 Subject: [PATCH 277/380] index.php, upload-file.php: change 'submit' to 'upload' in user-facing text --- roles/usb_lib/files/upload/index.php | 2 +- roles/usb_lib/files/upload/upload-file.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload/index.php index e77b079ff..6eab98dbf 100644 --- a/roles/usb_lib/files/upload/index.php +++ b/roles/usb_lib/files/upload/index.php @@ -15,7 +15,7 @@ $file_count = getFileCount(getTargetFolderPath(0));



- +

files have been uploaded today! diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index 510a308ab..a3c6e9674 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -15,10 +15,10 @@ $upload_ok = 1; $upload_msg = ""; if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) { - $upload_msg = "No file submitted!"; + $upload_msg = "No file uploaded!"; $upload_ok = 0; } elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) { - $upload_msg = "You can not upload zips, executables, xml, and other high-risk files!"; + $upload_msg = "You cannot upload zips, executables, xml, or binary files!"; $upload_ok = 0; } elseif (file_exists($target_file)) { @@ -50,7 +50,7 @@ $file_count = getFileCount($target_folder_path); ?>
- files have been submitted today! + files have been uploaded today! From 91533f5fb3eb4a4e2eda0d807cfacbb6cec8b7a1 Mon Sep 17 00:00:00 2001 From: avni Date: Thu, 23 Jan 2025 06:19:25 +0100 Subject: [PATCH 278/380] iiab.conf.j2: modify config to route /usb/upload/*.php to the upload2usb app! --- roles/nginx/templates/iiab.conf.j2 | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index e25a2b08c..e3fdee774 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,7 +5,20 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /usb/upload/button.html; +} + +location ~ ^/usb/upload/(.*)\.php$ { + alias /library/www/html/local_content/upload/$1.php; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; } location /local_content/ { From 68dafdbc399bd493bee8cd5b2c6a55cb707e9846 Mon Sep 17 00:00:00 2001 From: avni Date: Thu, 23 Jan 2025 06:27:32 +0100 Subject: [PATCH 279/380] button.html: change button href to point to /usb/upload instead of /local_content/upload --- roles/usb_lib/files/upload/button.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html index 276baa839..658f74fb2 100644 --- a/roles/usb_lib/files/upload/button.html +++ b/roles/usb_lib/files/upload/button.html @@ -16,4 +16,4 @@ color: #ddd; } -Upload to USB +Upload to USB From 6dfda009e424dbdcb4531433c2d752364cd2edf7 Mon Sep 17 00:00:00 2001 From: avni Date: Thu, 23 Jan 2025 06:51:43 +0100 Subject: [PATCH 280/380] upload2usb.php: allow all word files, be more specific about xml mimetypes; log error message if user uploads invalid mimetype --- roles/usb_lib/files/upload/upload2usb.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index 31623ea6f..f2b3aa883 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -55,9 +55,10 @@ function getFileCount ($folder_path) { //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "octet", "xml", "zip"); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml", "zip"); foreach ($invalid_mimetypes_str as $invalid_mt_str) { if (str_contains($mimetype, $invalid_mt_str)) { + error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); return false; } } From 0cc63d8895dd6b07dcee71a61db2c3dbd8304151 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 23 Jan 2025 02:38:56 -0600 Subject: [PATCH 281/380] detect cmdline country code passed --- roles/network/tasks/detected_network.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index f75ad3f06..5e95182d3 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -269,6 +269,11 @@ register: FW_rejected_country ignore_errors: True +- name: Detect country code passed from cmdline + shell: dmesg | awk -F cfg80211.ieee80211_regdom= '{print $2}' + register: cmdline_country_code + ignore_errors: True + - name: In VM disable LAN - needs local_vars entry to activate set_fact: iiab_lan_iface: none @@ -351,7 +356,7 @@ value: "{{ item.value | string }}" with_items: - option: FW_rejected_country - value: "{{ host_country_code_found }}" + value: "{{ cmdline_country_code }}" when: FW_rejected_country.stdout is defined # well if there ever was a point to tell the user things are FUBAR this is it. From eb21c8654aa4a24d6be41e9dab43f35609c5ba03 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 23 Jan 2025 06:45:38 -0600 Subject: [PATCH 282/380] UNSET --- roles/network/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 100b1f6ff..593f14922 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -71,7 +71,8 @@ iiab_lan_iface: none discovered_lan_iface: none discovered_wired_iface: none discovered_wireless_iface: none -host_country_code_found: unset +# use the same case as what `iw reg get` would return with 00 present +host_country_code_found: UNSET # Red Hat #iiab_wired_lan_iface: "none" From 999127339102c443a6d2ed9a7612f5ea2a552b73 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 23 Jan 2025 12:36:55 -0600 Subject: [PATCH 283/380] grep & stdout --- roles/network/tasks/detected_network.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 5e95182d3..e4ec63bd8 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -269,8 +269,8 @@ register: FW_rejected_country ignore_errors: True -- name: Detect country code passed from cmdline - shell: dmesg | awk -F cfg80211.ieee80211_regdom= '{print $2}' +- name: Detect country code passed from cmdline in dmesg + shell: dmesg | grep ieee80211 | awk -F cfg80211.ieee80211_regdom= '{print $2}' register: cmdline_country_code ignore_errors: True @@ -356,7 +356,7 @@ value: "{{ item.value | string }}" with_items: - option: FW_rejected_country - value: "{{ cmdline_country_code }}" + value: "{{ cmdline_country_code.stdout }}" when: FW_rejected_country.stdout is defined # well if there ever was a point to tell the user things are FUBAR this is it. From dcc9862527f92153ba90affaabdfdc436eb7722f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 23 Jan 2025 15:36:19 -0600 Subject: [PATCH 284/380] use systemd-udev-trigger.service --- roles/usb_lib/templates/usbmount@.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 34d75d9f3..52da18ba5 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -1,7 +1,7 @@ [Unit] BindTo=%i.device After=%i.device -After=rc-local.service +After=systemd-udev-trigger.service [Service] #Type=oneshot From e319b394e87177ccf440d62077c9baab2fee735f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 24 Jan 2025 08:14:42 -0600 Subject: [PATCH 285/380] Update roles/network/tasks/detected_network.yml future proof Co-authored-by: A Holt --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index e4ec63bd8..a5fc5eaf0 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -270,7 +270,7 @@ ignore_errors: True - name: Detect country code passed from cmdline in dmesg - shell: dmesg | grep ieee80211 | awk -F cfg80211.ieee80211_regdom= '{print $2}' + shell: dmesg | grep -m1 'cfg80211\.ieee80211_regdom=' | awk -F 'cfg80211\.ieee80211_regdom=' '{print $2}' register: cmdline_country_code ignore_errors: True From eecf6f83064c3eda3c5574711720b2d28fd6a4d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 Jan 2025 10:06:30 -0500 Subject: [PATCH 286/380] Wifi Country Code might in the middle of dmesg line (not on the right) --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index a5fc5eaf0..1663f8c39 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -270,7 +270,7 @@ ignore_errors: True - name: Detect country code passed from cmdline in dmesg - shell: dmesg | grep -m1 'cfg80211\.ieee80211_regdom=' | awk -F 'cfg80211\.ieee80211_regdom=' '{print $2}' + shell: dmesg | grep -om1 'cfg80211\.ieee80211_regdom=\S*' | cut -d= -f2 register: cmdline_country_code ignore_errors: True From 3b9edfdfc0282cb2218bdcb3a3147302991b50a7 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 07:13:09 +0100 Subject: [PATCH 287/380] multiple files in vars/ and usb_lib/: rename usb_lib_umask0000_for_kolibri to usb_lib_writable_sticks so it is more generally applicable --- roles/usb_lib/README.rst | 2 +- roles/usb_lib/defaults/main.yml | 4 ++-- roles/usb_lib/files/upload/upload2usb.php | 2 +- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/tasks/main.yml | 14 +++++++------- vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 2 +- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 22fd711d2..54d9714ca 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri and other app exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) `_ documentation: diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index 2a4b19308..c53591f8f 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -5,8 +5,8 @@ # iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -# usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# usb_lib_writable_sticks: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index f2b3aa883..cfd87775f 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -42,7 +42,7 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_umask0000_for_kolibri' is set to 'True'.

"); + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_writable_sticks' is set to 'True'.

"); } return $target_folder_path; } diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..4e40a99eb 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,7 +7,7 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_umask0000_for_kolibri (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks +# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks # If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 7836f2d3a..52d192da8 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -32,28 +32,28 @@ # If setup.yml becomes the norm in future, put the 2-3 stanzas below in there: -- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri exports work" +- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"' path: /etc/usbmount/usbmount.conf - when: usb_lib_umask0000_for_kolibri + when: usb_lib_writable_sticks # Setting 'umask=0000' for all filesystems: (much the same thing as above, as # the mount command does not use this umask setting for filesystems like ext4) -#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work" +#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" # lineinfile: # regexp: '^MOUNTOPTIONS=.*' # line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"' # path: /etc/usbmount/usbmount.conf -# when: usb_lib_umask0000_for_kolibri +# when: usb_lib_writable_sticks - name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole path: /etc/usbmount/usbmount.conf - when: not usb_lib_umask0000_for_kolibri + when: not usb_lib_writable_sticks - name: Enable/Disable/Restart NGINX @@ -88,5 +88,5 @@ value: "{{ usb_lib_install }}" - option: usb_lib_enabled value: "{{ usb_lib_enabled }}" - - option: usb_lib_umask0000_for_kolibri - value: "{{ usb_lib_umask0000_for_kolibri }}" + - option: usb_lib_writable_sticks + value: "{{ usb_lib_writable_sticks }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4494cbd72..11ed238a7 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -310,8 +310,8 @@ usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 920cf7ba1..91b744051 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: True diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index d997362a4..445c9bb2f 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -12,7 +12,7 @@ munin_install: True munin_enabled: True vnstat_install: True vnstat_enabled: True -usb_lib_umask0000_for_kolibri: False +usb_lib_writable_sticks: False allow_www_data_poweroff: False # By default # kiwix diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a554dc34b..f55dd8ce8 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8689b3ae9..5cfa34bec 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -195,8 +195,8 @@ bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 30720a49e..89accf217 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -202,7 +202,7 @@ bluetooth_term_enabled: False iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: -usb_lib_umask0000_for_kolibri: True +usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) cups_install: False From 286890b0d097e84ab404e8f40dc25432f3009d6d Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 08:14:44 +0100 Subject: [PATCH 288/380] error.php: updating FAQ reference to refer to new upload2usb-specific FAQ. --- roles/usb_lib/files/upload/error.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index c5210d229..2e51003e0 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -5,8 +5,7 @@ */ ?> - -ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQs for additional support: FAQ #4 - Can teachers display their own content?, FAQ #49 - What are the best places for community support?. +ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, Can students upload their own work?, for additional support.

From 44e2772ccc4eec963ed610f0b94cde422a990b71 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 09:44:02 -0500 Subject: [PATCH 289/380] Update README to clarify Kolibri exports --- roles/usb_lib/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 54d9714ca..bb8b82e4e 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri and other app exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). +IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). Official `usbmount 0.0.22 (2011-08-08) `_ documentation: From 7c2f0c9c6ef42ef2ffe44f230d8245555d7de979 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 21:30:36 +0100 Subject: [PATCH 290/380] usb_lib/*, vars/*: prevent Cheating (Copying) of homeworks, when teacher creates 'PUBLIC' folder on their USB stick --- roles/usb_lib/files/upload/error.php | 2 +- roles/usb_lib/tasks/install.yml | 6 +- roles/usb_lib/tasks/main.yml | 11 +-- roles/usb_lib/tasks/nginx.yml | 32 +++++---- roles/usb_lib/templates/iiab-clean-usb.sh | 4 +- ...l-off => iiab-usb_lib-show-all-off.unused} | 0 ...all-on => iiab-usb_lib-show-all-on.unused} | 0 .../usb_lib/templates/mount.d/70-usb-library | 72 ------------------- .../templates/mount.d/70-usb-library.j2 | 45 ++++++++++++ .../70-usb-library | 4 +- vars/default_vars.yml | 3 +- vars/local_vars_large.yml | 3 +- vars/local_vars_medium.yml | 3 +- vars/local_vars_small.yml | 3 +- vars/local_vars_unittest.yml | 3 +- 15 files changed, 85 insertions(+), 106 deletions(-) rename roles/usb_lib/templates/{iiab-usb_lib-show-all-off => iiab-usb_lib-show-all-off.unused} (100%) rename roles/usb_lib/templates/{iiab-usb_lib-show-all-on => iiab-usb_lib-show-all-on.unused} (100%) delete mode 100644 roles/usb_lib/templates/mount.d/70-usb-library create mode 100644 roles/usb_lib/templates/mount.d/70-usb-library.j2 rename roles/usb_lib/templates/{umount.d => umount.d.unused}/70-usb-library (75%) diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php index 2e51003e0..46dd0e667 100644 --- a/roles/usb_lib/files/upload/error.php +++ b/roles/usb_lib/files/upload/error.php @@ -5,7 +5,7 @@ */ ?> -ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, Can students upload their own work?, for additional support. +ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, "Can students upload their own work?", for additional support.

diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..f4c5d671e 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -75,8 +75,6 @@ with_items: - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' } - - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } - name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' @@ -90,7 +88,7 @@ - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload" # /library/www/html + dest: "{{ doc_root }}/local_content/upload/" # /library/www/html with_fileglob: - upload/* diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 7836f2d3a..af9d22790 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,11 +66,12 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +#- name: Put variable in iiab.env that enables display of content at root of USB +# lineinfile: +# path: "{{ iiab_env_file }}" +# regexp: "^IIAB_USB_LIB_SHOW_ALL.*" +# line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} diff --git a/roles/usb_lib/tasks/nginx.yml b/roles/usb_lib/tasks/nginx.yml index 7e572142a..1e6be6d21 100644 --- a/roles/usb_lib/tasks/nginx.yml +++ b/roles/usb_lib/tasks/nginx.yml @@ -1,20 +1,21 @@ - name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled template: - src: mount.d/70-usb-library - dest: /etc/usbmount/mount.d/ + src: mount.d/70-usb-library.j2 + dest: /etc/usbmount/mount.d/70-usb-library owner: root group: root mode: '0751' when: usb_lib_enabled -- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled - template: - src: umount.d/70-usb-library - dest: /etc/usbmount/umount.d - owner: root - group: root - mode: '0751' - when: usb_lib_enabled +# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh +# - name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled +# template: +# src: umount.d/70-usb-library +# dest: /etc/usbmount/umount.d +# owner: root +# group: root +# mode: '0751' +# when: usb_lib_enabled - name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled file: @@ -22,11 +23,12 @@ state: absent when: not usb_lib_enabled -- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled - file: - path: /etc/usbmount/umount.d/70-usb-library - state: absent - when: not usb_lib_enabled +# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh +# - name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled +# file: +# path: /etc/usbmount/umount.d/70-usb-library +# state: absent +# when: not usb_lib_enabled - name: Restart 'nginx' systemd service systemd: diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index a1876551c..56d63292d 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -5,10 +5,10 @@ DEVICE=`echo $@ | sed -s 's|-|/|'` MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'` CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'` CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usbmount" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK - logger -p user.notice -t "usbmount" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed." fi diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-off b/roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused similarity index 100% rename from roles/usb_lib/templates/iiab-usb_lib-show-all-off rename to roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-on b/roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused similarity index 100% rename from roles/usb_lib/templates/iiab-usb_lib-show-all-on rename to roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused diff --git a/roles/usb_lib/templates/mount.d/70-usb-library b/roles/usb_lib/templates/mount.d/70-usb-library deleted file mode 100644 index 5b9cfefe8..000000000 --- a/roles/usb_lib/templates/mount.d/70-usb-library +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# Create symlink in DocumentRoot/content to autmounted usb drive -# -# based on a similar script in the xs-rsync package -# by Martin Langhoff -# -# and the adaptation for xs-activity-server by Douglas Bagnall -# -# -# by Tim Moody tim@timmoody.com - -source {{ iiab_env_file }} -case $IIAB_USB_LIB_SHOW_ALL in -'True'|'true'|'TRUE') - logger -p user.notice -t "70-usb-library" -- "Display entire USB drive is True. Checking for rootfs or /library on $UM_MOUNTPOINT." - # regularize the variable - IIAB_USB_LIB_SHOW_ALL=True - ;; -*) - logger -p user.notice -t "70-usb-library" -- "Looking for /share, /Share, /Piratebox/Share, /USB, or /usb on $UM_MOUNTPOINT." - ;; -esac - -VERBOSE=yes - -SHARE_DIR="" -# Only show content if in these directories - -if [ -d $UM_MOUNTPOINT/share ]; then - SHARE_DIR="$UM_MOUNTPOINT/share" -fi -if [ -d $UM_MOUNTPOINT/Share ]; then - SHARE_DIR="$UM_MOUNTPOINT/Share" -fi -if [ -d $UM_MOUNTPOINT/Piratebox/Share ]; then - SHARE_DIR="$UM_MOUNTPOINT/Piratebox/Share" -fi -if [ -d $UM_MOUNTPOINT/USB ]; then - SHARE_DIR="$UM_MOUNTPOINT/USB" -fi -if [ -d $UM_MOUNTPOINT/usb ]; then - SHARE_DIR="$UM_MOUNTPOINT/usb" -fi - -if [ "$IIAB_USB_LIB_SHOW_ALL" == "True" ]; then - UM_DEV=`findmnt $UM_MOUNTPOINT | grep / | awk '{print $2}'` - LIB_DEV=`findmnt /library | grep / | awk '{print $2}' |awk -F '[' '{print $1}'` - ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` - if [ "$UM_DEV" == "$LIB_DEV" ]; then - logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing /library" - #echo "lib on dev" - elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing rootfs" - #echo "rootfs on dev" - else - SHARE_DIR="$UM_MOUNTPOINT" - fi -fi - -if [ ! -z "$SHARE_DIR" ]; then - logger -p user.notice -t "70-usb-library" -- "Found Share Directory $SHARE_DIR." -else - logger -p user.notice -t "70-usb-library" -- "did not find /share, /Share, /Piratebox/Share, /USB, or /usb on USB" -fi - - -if [ "$SHARE_DIR" != "" ];then - CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` - CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" - logger -p user.notice -t "70-usb-library" -- "Creating link to $CONTENT_LINK." - ln -s $SHARE_DIR $CONTENT_LINK -fi diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 new file mode 100644 index 000000000..d124e79c0 --- /dev/null +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -0,0 +1,45 @@ +#!/bin/bash +# Create symlink in DocumentRoot/content to automounted usb drive +# +# based on a similar script in the xs-rsync package +# by Martin Langhoff +# +# and the adaptation for xs-activity-server by Douglas Bagnall +# +# +# by Tim Moody tim@timmoody.com + +VERBOSE=yes + +# UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +SHARE_DIR=$UM_MOUNTPOINT +if [ -d $UM_MOUNTPOINT/PUBLIC ]; then + SHARE_DIR="$UM_MOUNTPOINT/PUBLIC" + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" +else + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" +fi + +LIB_DEV=`findmnt /library | grep / | awk '{print $2}' | awk -F '[' '{print $1}'` +ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` +BOOT_DEV=`findmnt /boot | grep / | awk '{print $2}'` +BOOTFW_DEV=`findmnt /boot/firmware | grep / | awk '{print $2}'` +if [ "$UM_DEVICE" == "$LIB_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" + exit +elif [ "$UM_DEVICE" == "$ROOT_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" + exit +elif [ "$UM_DEVICE" == "$BOOT_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" + exit +elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" + exit +fi + +CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` +CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" +ln -s $SHARE_DIR $CONTENT_LINK + diff --git a/roles/usb_lib/templates/umount.d/70-usb-library b/roles/usb_lib/templates/umount.d.unused/70-usb-library similarity index 75% rename from roles/usb_lib/templates/umount.d/70-usb-library rename to roles/usb_lib/templates/umount.d.unused/70-usb-library index 5af914c01..d8e095008 100644 --- a/roles/usb_lib/templates/umount.d/70-usb-library +++ b/roles/usb_lib/templates/umount.d.unused/70-usb-library @@ -12,7 +12,7 @@ CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "70-usb-library" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Attempting to remove link $CONTENT_LINK." if [ -L $CONTENT_LINK ]; then {% if is_debuntu %} @@ -20,5 +20,5 @@ if [ -L $CONTENT_LINK ]; then {% else %} /usr/bin/rm -f $CONTENT_LINK {% endif %} - logger -p user.notice -t "70-usb-library" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (70-usb-library)" -- "$CONTENT_LINK removed." fi diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4494cbd72..c42a4ca99 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -308,7 +308,8 @@ bluetooth_term_enabled: False usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 920cf7ba1..c84b30736 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a554dc34b..ff46f8a9b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 8689b3ae9..1190ec377 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -193,7 +193,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 30720a49e..744148cc0 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -199,7 +199,8 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True +# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. +# iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True From fe633b2cd72d55b0266c19e37cb3253033185fe7 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Jan 2025 15:36:05 -0500 Subject: [PATCH 291/380] Upload2USB initial doc cleanup --- roles/usb_lib/README.rst | 32 +++++++++++++++----------------- roles/usb_lib/defaults/main.yml | 4 ++-- roles/usb_lib/tasks/main.yml | 4 ++-- vars/default_vars.yml | 6 ++---- vars/local_vars_large.yml | 6 ++---- vars/local_vars_medium.yml | 6 ++---- vars/local_vars_small.yml | 6 ++---- vars/local_vars_unittest.yml | 6 ++---- 8 files changed, 29 insertions(+), 41 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index bb8b82e4e..33d93e2dc 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -2,30 +2,28 @@ usb_lib README ============== -**PLEASE SEE "Can teachers display their own content?" WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** +**PLEASE SEE** `"Can teachers display their own content?" `_ **AND** `"Can students upload their own work?" `_ **WITHIN https://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION!** -This role implements functionality similar to LibraryBox, to mount "teacher content" from USB drives. +This role (1) implements functionality similar to LibraryBox, to mount "teacher content" from USB sticks / drives for students, and (2) allows students to upload their work to the teacher's USB stick / drive: -Users should have nearly immediate access to this "teacher content" (on all inserted USB drives) by browsing to http://box/usb +#. Students should have nearly immediate access to "teacher content" (on all inserted USB sticks) by browsing to http://box/usb. +#. Students can also click the "Upload to USB" button on top of this same page (http://box/usb), to upload their work to the teacher's USB stick. (FYI student uploads appear in folders like ``UPLOADS.YYYY-MM-DD`` within the root of the teacher's USB stick). -Automount is handled by usbmount, and scripts in this role look in the root of the mounted drive for... +As of January 2025, automount is handled by usbmount: (`devmon included with udevil `_ might be considered in future) -* /usb -* /USB -* /share -* /Share -* /Piratebox/Share +* A script in this role (/etc/usbmount/mount.d/70-usb-library) looks in the root of the mounted USB stick for folder /PUBLIC and if found, creates a symlink of the form /library/www/html/local_content/USBn pointing to /media/usbn/PUBLIC — where n is generally one of {0, 1, 2, 3, 4, 5, 6, 7}. *RESULT: Only documents within /PUBLIC are browsable by students.* This option is very useful to **prevent students from copying uploaded homework!** +* If however folder /PUBLIC is not found, the symlink is created to the root of the mounted USB stick. *RESULT: EVERYTHING on the USB stick is browsable by students — just like with a traditional community bulletin board.* This option is very useful when students are uploading artwork, photo essays, personal audio recordings and **science projects that are intended to be shared!** -...and if found, creates a symlink of the form /library/www/html/local_content/USBn pointing to /media/usbn — where n is generally one of {0, 1, 2, 3, 4, 5, 6, 7}. +Technical Details: -USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 100 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -IIAB will generally mount USB drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB). +* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` -Official `usbmount 0.0.22 (2011-08-08) `_ documentation: +* Official `usbmount 0.0.22 (2011-08-08) `_ documentation: -* https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) -* https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) -* https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) + * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) + * https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) + * https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -Legacy warning: There is also a patch for problems with automount on Fedora 21+. Please note that as of 4.1.8-200.fc22.x86_64 not all USB drives will mount, even with this patch. +* Dev Notes at the top of: https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index c53591f8f..427a26ea7 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -4,8 +4,8 @@ # Show entire contents of USB sticks/drives (at http://box/usb) # iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) # usb_lib_writable_sticks: True # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 52d192da8..ab6f0f19e 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -32,7 +32,7 @@ # If setup.yml becomes the norm in future, put the 2-3 stanzas below in there: -- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" +- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf -- for Kolibri exports AND student uploads to teacher's USB stick (using http://box/usb)" lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"' @@ -41,7 +41,7 @@ # Setting 'umask=0000' for all filesystems: (much the same thing as above, as # the mount command does not use this umask setting for filesystems like ext4) -#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri, upload2usb, and other app exports work" +#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work" # lineinfile: # regexp: '^MOUNTOPTIONS=.*' # line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 11ed238a7..a45384e1e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -307,10 +307,8 @@ bluetooth_term_enabled: False # USB_LIB usb_lib_install: True usb_lib_enabled: True -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 91b744051..7228bb506 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f55dd8ce8..153401d26 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 5cfa34bec..b17fcc9ae 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -192,10 +192,8 @@ bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri, upload2usb, and other apps can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 89accf217..840d0d9b8 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -198,10 +198,8 @@ bluetooth_install: False bluetooth_enabled: False bluetooth_term_enabled: False -# Show entire contents of USB sticks/drives (at http://box/usb) -iiab_usb_lib_show_all: True -# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so -# Kolibri can export & import channels to USB sticks/drive: +# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for +# Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) usb_lib_writable_sticks: True # Common UNIX Printing System (CUPS) From d15493b399553f519a55beed5d11848e8907af83 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Jan 2025 15:47:56 -0500 Subject: [PATCH 292/380] Begin to remove iiab_usb_lib_show_all and IIAB_USB_LIB_SHOW_ALL --- roles/usb_lib/defaults/main.yml | 3 --- roles/usb_lib/tasks/main.yml | 6 ------ 2 files changed, 9 deletions(-) diff --git a/roles/usb_lib/defaults/main.yml b/roles/usb_lib/defaults/main.yml index 427a26ea7..f7cbf10b6 100644 --- a/roles/usb_lib/defaults/main.yml +++ b/roles/usb_lib/defaults/main.yml @@ -1,9 +1,6 @@ # usb_lib_install: True # usb_lib_enabled: True -# Show entire contents of USB sticks/drives (at http://box/usb) -# iiab_usb_lib_show_all: True - # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf for # Kolibri exports, and student uploads to teacher's USB stick (http://box/usb) # usb_lib_writable_sticks: True diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index ab6f0f19e..023b714a7 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,12 +66,6 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} ini_file: From 6562a4a12d4067858b962802aaad696af5fd8e41 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 16:02:01 -0500 Subject: [PATCH 293/380] 70-usb-library.j2: remove blank at EOF Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index d124e79c0..7e52c0329 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -42,4 +42,3 @@ CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" ln -s $SHARE_DIR $CONTENT_LINK - From 13f5227824fd15bd4ed95e08f1d48b7a9de495e4 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 22:39:00 +0100 Subject: [PATCH 294/380] vars/local_vars*, vars/default_vars.yml, roles/usb_lib/tasks/main.yml: reverting comment of iiab_usb_lib_show_all --- roles/usb_lib/tasks/main.yml | 11 +++++------ vars/default_vars.yml | 3 +-- vars/local_vars_large.yml | 3 +-- vars/local_vars_medium.yml | 3 +-- vars/local_vars_small.yml | 3 +-- vars/local_vars_unittest.yml | 3 +-- 6 files changed, 10 insertions(+), 16 deletions(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index af9d22790..7836f2d3a 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -66,12 +66,11 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -#- name: Put variable in iiab.env that enables display of content at root of USB -# lineinfile: -# path: "{{ iiab_env_file }}" -# regexp: "^IIAB_USB_LIB_SHOW_ALL.*" -# line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" +- name: Put variable in iiab.env that enables display of content at root of USB + lineinfile: + path: "{{ iiab_env_file }}" + regexp: "^IIAB_USB_LIB_SHOW_ALL.*" + line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c42a4ca99..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -308,8 +308,7 @@ bluetooth_term_enabled: False usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index c84b30736..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index ff46f8a9b..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 1190ec377..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -193,8 +193,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 744148cc0..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -199,8 +199,7 @@ bluetooth_enabled: False bluetooth_term_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) -# 20250125: using existence of PUBLIC folder on USB stick in lieu of this env variable. -# iiab_usb_lib_show_all: True +iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True From f9538a48340fe97ee373dd30418eeec2cdc132b5 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:04:46 -0500 Subject: [PATCH 295/380] mount.d/70-usb-library.j2: move lib/root/boot check above check for PUBLIC dir Co-authored-by: A Holt --- .../templates/mount.d/70-usb-library.j2 | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 7e52c0329..f0d41f22d 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -12,18 +12,11 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts -SHARE_DIR=$UM_MOUNTPOINT -if [ -d $UM_MOUNTPOINT/PUBLIC ]; then - SHARE_DIR="$UM_MOUNTPOINT/PUBLIC" - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" -else - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" -fi -LIB_DEV=`findmnt /library | grep / | awk '{print $2}' | awk -F '[' '{print $1}'` -ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` -BOOT_DEV=`findmnt /boot | grep / | awk '{print $2}'` -BOOTFW_DEV=`findmnt /boot/firmware | grep / | awk '{print $2}'` +LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) +ROOT_DEV=$(findmnt -no source /) +BOOT_DEV=$(findmnt -no source /boot) +BOOTFW_DEV=$(findmnt -no source /boot/firmware) if [ "$UM_DEVICE" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit @@ -38,6 +31,14 @@ elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then exit fi +if [ -d $UM_MOUNTPOINT/PUBLIC ]; then + SHARE_DIR=$UM_MOUNTPOINT/PUBLIC + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" +else + SHARE_DIR=$UM_MOUNTPOINT + logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" +fi + CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" From 18c5fe711d147fff379d5823e03698117e4838d4 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:30:14 -0500 Subject: [PATCH 296/380] Update roles/usb_lib/templates/mount.d/70-usb-library.j2 Add thanks and reference to PR #3254 Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index f0d41f22d..6e167656c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,6 +13,8 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# 2022-06-16 better security thanks to @tim-moody and @jvonau: +# https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) From 64756b6772d64ae7465ad292b2cde93f068a647e Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:35:43 -0500 Subject: [PATCH 297/380] Update roles/usb_lib/templates/mount.d/70-usb-library.j2 Add thanks and reference to PR #3254 Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 6e167656c..2d77abceb 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,6 +13,8 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# 2022-06-16 better security thanks to @tim-moody and @jvonau: +# https://github.com/iiab/iiab/pull/3254 # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) From 2462bba6f5ad2745bb56deb4d69487d5df3dceb2 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:45:11 -0500 Subject: [PATCH 298/380] 70-usb-library.j2: Fix symlink from/to in comment Thank you! Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 2d77abceb..1c05f001c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -45,5 +45,5 @@ fi CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $SHARE_DIR to $CONTENT_LINK" +logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" ln -s $SHARE_DIR $CONTENT_LINK From 427dc57ed0b9563b52ae8d4c1b14649d769fe8bc Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 17:45:54 -0500 Subject: [PATCH 299/380] 70-usb-library.j2: revert duplicate comment Revert duplicate comment Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 1c05f001c..850693a1c 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -13,8 +13,6 @@ VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts -# 2022-06-16 better security thanks to @tim-moody and @jvonau: -# https://github.com/iiab/iiab/pull/3254 # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) From d0a00da60127fddb52aaa6715e9d6df09dcde8e8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 25 Jan 2025 20:08:37 -0500 Subject: [PATCH 300/380] usb_lib/README.rst: Clarify usbmount supported filesystems line --- roles/usb_lib/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 33d93e2dc..e51db625a 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -16,7 +16,7 @@ As of January 2025, automount is handled by usbmount: (`devmon included with ude Technical Details: -* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 100 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` From 2401ff3d60aa2ee14c9c6f7deceb8dd287072c78 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 20:49:12 -0500 Subject: [PATCH 301/380] 70-usb-library.j2: Add additional logging of lib/root/boot mount points Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 850693a1c..7f63f3ea5 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -19,6 +19,12 @@ LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) BOOTFW_DEV=$(findmnt -no source /boot/firmware) +# Verbose logging to illuminate occasional boot bugginess: +logger -t "usb_lib (70-usb-library)" "UM_DEVICE is: $UM_DEVICE" +logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" +logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" +logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" +logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEVICE" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit From cd160da6799c7bc425e2088d94285c75b8e98246 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 20:52:04 -0500 Subject: [PATCH 302/380] 70-usb-library.j2: syntax change to CONTENT_LINK_USB var Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 7f63f3ea5..3f29c7f45 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -47,7 +47,7 @@ else logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" fi -CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` +CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" ln -s $SHARE_DIR $CONTENT_LINK From 425cbf494cf79c59c9518e341dc5cd86f3c19f59 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 25 Jan 2025 20:54:32 -0500 Subject: [PATCH 303/380] iiab-clean-usb.sh: $() instead of `` for command substitution --- roles/usb_lib/templates/iiab-clean-usb.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index 56d63292d..dcdf987d3 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -1,9 +1,9 @@ #!/bin/bash # Remove symlink in /library/content to automounted usb drive # -DEVICE=`echo $@ | sed -s 's|-|/|'` -MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'` -CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'` +DEVICE=$(echo $@ | sed -s 's|-|/|') +MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') +CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." From 27e286b8aeff45f9b564e9e72fa236bd47e4ab00 Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 20:55:13 -0500 Subject: [PATCH 304/380] 70-usb-library.j2: comm Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 3f29c7f45..8b54568c6 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -9,7 +9,8 @@ # # by Tim Moody tim@timmoody.com -VERBOSE=yes +# Better to set this in /etc/usbmount/usbmount.conf +# VERBOSE=yes # UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts From 920235d54ccbb5219898bc2bbf47712d5131c36e Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 26 Jan 2025 04:41:10 +0100 Subject: [PATCH 305/380] 70-usb-library.j2: use findmnt instead of UM_DEVICE from usbmount to find device given the missing leading /; adding comment about public folder --- .../usb_lib/templates/mount.d/70-usb-library.j2 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 8b54568c6..164d66598 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -12,7 +12,8 @@ # Better to set this in /etc/usbmount/usbmount.conf # VERBOSE=yes -# UM_MOUNTPOINT and UM_DEVICE are documented at: https://github.com/rbrito/usbmount#hook-scripts +# UM_MOUNTPOINT is documented at: https://github.com/rbrito/usbmount#hook-scripts +UM_DEV=$(findmnt -no source $UM_MOUNTPOINT) # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 @@ -20,26 +21,29 @@ LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) ROOT_DEV=$(findmnt -no source /) BOOT_DEV=$(findmnt -no source /boot) BOOTFW_DEV=$(findmnt -no source /boot/firmware) + # Verbose logging to illuminate occasional boot bugginess: -logger -t "usb_lib (70-usb-library)" "UM_DEVICE is: $UM_DEVICE" +logger -t "usb_lib (70-usb-library)" "UM_DEV is: $UM_DEV" logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" -if [ "$UM_DEVICE" == "$LIB_DEV" ]; then + +if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" exit -elif [ "$UM_DEVICE" == "$ROOT_DEV" ]; then +elif [ "$UM_DEV" == "$ROOT_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" exit -elif [ "$UM_DEVICE" == "$BOOT_DEV" ]; then +elif [ "$UM_DEV" == "$BOOT_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" exit -elif [ "$UM_DEVICE" == "$BOOTFW_DEV" ]; then +elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" exit fi +# 2025-01-25: check for existence of PUBLIC folder on USB stick to determine if all stick content is public or private if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" From 5663a84d276c26ea1b8644133b9f9e0bd3bc69cb Mon Sep 17 00:00:00 2001 From: avni Date: Sat, 25 Jan 2025 23:57:27 -0500 Subject: [PATCH 306/380] 70-usb-library.j2: update comment explaining PUBLIC folder better (from @holta) Co-authored-by: A Holt --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 164d66598..803313f7e 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -43,7 +43,9 @@ elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then exit fi -# 2025-01-25: check for existence of PUBLIC folder on USB stick to determine if all stick content is public or private +# 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable. +# Teachers can set their stick for 1 of 2 two "personalities" — students can either upload "confidential homework" or +# "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" From d4e66748f34f2932588ad14e31857658c47f01c0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Jan 2025 00:42:32 -0500 Subject: [PATCH 307/380] usb_lib/install.yml: Clarify usb_lib_writable_sticks and umask=0000 --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 4e40a99eb..2fb9bd2a6 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,8 +7,8 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order to be able to write to mounted USB sticks -# If you are still not able to write to a mounted USB stick, you can unmount the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). +# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. +# If you are still not able to write to a mounted USB stick, try unmounting the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). - name: Record (initial) disk space used From cea4cac7f23f9a2edb673f46b5f78c8ffd7a1e3d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Jan 2025 09:28:48 -0500 Subject: [PATCH 308/380] Clarify reset of FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, if usb_lib_writable_sticks False --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 023b714a7..fdd7a2751 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -48,7 +48,7 @@ # path: /etc/usbmount/usbmount.conf # when: usb_lib_writable_sticks -- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used' +- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. Kolibri exports AND student uploads to teacher's USB stick are not needed' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole From 7812edfed0ce091cdf1ac99eeed73707fb29df90 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 26 Jan 2025 09:32:49 -0500 Subject: [PATCH 309/380] Fix 2 typos (explanation of when: not usb_lib_writable_sticks) --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index fdd7a2751..4def69c4f 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -48,7 +48,7 @@ # path: /etc/usbmount/usbmount.conf # when: usb_lib_writable_sticks -- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. Kolibri exports AND student uploads to teacher's USB stick are not needed' +- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf -- e.g. if Kolibri exports AND student uploads to teacher USB stick are not needed' lineinfile: regexp: '^FS_MOUNTOPTIONS=.*' line: 'FS_MOUNTOPTIONS=""' # Restore apt pkg default, e.g. for runrole From 1795276b20694af9eb69d784570c775890add10c Mon Sep 17 00:00:00 2001 From: avni Date: Sun, 26 Jan 2025 16:36:43 +0100 Subject: [PATCH 310/380] upload/upload-file.php: fix var name bug and add better error handling --- roles/usb_lib/files/upload/upload-file.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload/upload-file.php index a3c6e9674..8c81c731d 100644 --- a/roles/usb_lib/files/upload/upload-file.php +++ b/roles/usb_lib/files/upload/upload-file.php @@ -41,7 +41,8 @@ if ($upload_ok == 0) { if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) { $upload_msg = "😊 ✅ Your file ". htmlspecialchars( $uploaded_filename ). " was successfully uploaded!"; } else { - $upload_msg = "❌ There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg; + $upload_ok = 0; + throw new RuntimeException('There was an error uploading your file.

'); } } From fb07b9e3e531915bc6f84c47092d63e7e2fd14a4 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 26 Jan 2025 21:18:30 -0500 Subject: [PATCH 311/380] nginx/templates/iiab.conf.j2, usb_lib/files/upload/header.php, usb_lib/tasks/install.yml: move app out of local_content and into /library/www/html/ --- roles/nginx/templates/iiab.conf.j2 | 8 ++++---- roles/usb_lib/files/upload/button.html | 2 +- roles/usb_lib/tasks/install.yml | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/nginx/templates/iiab.conf.j2 b/roles/nginx/templates/iiab.conf.j2 index e3fdee774..20773967f 100644 --- a/roles/nginx/templates/iiab.conf.j2 +++ b/roles/nginx/templates/iiab.conf.j2 @@ -5,11 +5,11 @@ location / { location /usb { alias /library/www/html/local_content/; fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /upload2usb/button.html; } -location ~ ^/usb/upload/(.*)\.php$ { - alias /library/www/html/local_content/upload/$1.php; +location ~ ^/upload2usb/(.*)\.php$ { + alias /library/www/html/upload2usb/$1.php; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; @@ -23,7 +23,7 @@ location ~ ^/usb/upload/(.*)\.php$ { location /local_content/ { fancyindex on; # autoindex on; - add_before_body /usb/upload/button.html; + add_before_body /upload2usb/button.html; } location /info { diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload/button.html index 658f74fb2..52cc493ce 100644 --- a/roles/usb_lib/files/upload/button.html +++ b/roles/usb_lib/files/upload/button.html @@ -16,4 +16,4 @@ color: #ddd; } -Upload to USB +Upload to USB diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index e435719dc..98606005f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -79,18 +79,18 @@ - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app (#3875) directory to local_content' +- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' file: state: directory - path: "{{ doc_root }}/local_content/upload" + path: "{{ doc_root }}/upload2usb" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to local_content' +- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to upload2usb' copy: src: "{{ item }}" - dest: "{{ doc_root }}/local_content/upload" # /library/www/html + dest: "{{ doc_root }}/upload2usb" # /library/www/html with_fileglob: - upload/* From 48f4fc56f8bb2913746c00c861716ea81bd2bd1e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 26 Jan 2025 21:20:12 -0500 Subject: [PATCH 312/380] usb_lib/files/upload/header.php: link swing image back to upload2usb main page --- roles/usb_lib/files/upload/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload/header.php index 78592e86d..fc8218800 100644 --- a/roles/usb_lib/files/upload/header.php +++ b/roles/usb_lib/files/upload/header.php @@ -28,5 +28,5 @@ include("upload2usb.php");
- +

From c49c7b0d8d6f8b4c86161f1497894852e4df89e8 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 26 Jan 2025 21:26:16 -0500 Subject: [PATCH 313/380] usb_lib/files/upload/upload2usb.php: allow zip files given some MacOS files, e.g., Pages files, have a mimetype of application/aip --- roles/usb_lib/files/upload/upload2usb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload/upload2usb.php index f2b3aa883..b1ce329fc 100644 --- a/roles/usb_lib/files/upload/upload2usb.php +++ b/roles/usb_lib/files/upload/upload2usb.php @@ -55,7 +55,7 @@ function getFileCount ($folder_path) { //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml", "zip"); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); foreach ($invalid_mimetypes_str as $invalid_mt_str) { if (str_contains($mimetype, $invalid_mt_str)) { error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); From 765d7854c3d9ab0c26f7d5c585065c834b28a2ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 27 Jan 2025 15:45:34 -0500 Subject: [PATCH 314/380] Recommend ansible-core 2.18.2 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 968819464..c5ab3e074 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.1] -GOOD_VER=2.18.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.2] +GOOD_VER=2.18.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 00d45099eada43798be62125ec497f05ded1f000 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 28 Jan 2025 11:23:29 -0600 Subject: [PATCH 315/380] 1520 --- roles/network/tasks/NM-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 9cb2cf1db..a0af7adcc 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -78,7 +78,7 @@ - name: Reload systemd systemd: daemon_reload: yes - when: not iiab_lan_iface == "br0" + when: not no_net_restart or not iiab_lan_iface == "br0" - name: Restart the NetworkManager service systemd: From 16b745d7341451482488bc19ae7be95ba93979fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 00:42:08 -0500 Subject: [PATCH 316/380] iiab-diagnostics: 3 commands to record locale info --- scripts/iiab-diagnostics | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ca1ee4d67..51a7d6797 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -162,17 +162,20 @@ for f in "$@"; do done if [ $# -eq 0 ]; then - echo -e " 2. Regular Files:\n" + echo -e " 2. Regular Files etc:\n" else - echo -e "\n 2. Regular Files:\n" + echo -e "\n 2. Regular Files etc:\n" fi -echo -e "\n\n\n2. REGULAR FILES\n" >> $outfile +echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /dev/sda # Device "file" test #cat_file /nonsense # Non-existence test #cat_file /opt/iiab/iiab # Directory test #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image +cat_file /etc/default/locale +cat_cmd 'localectl' 'Locale settings' +cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini cat_file /etc/iiab/local_vars.yml # Redacts most passwords above From 18efafc23e19aaedc6b273bc878749c12e772c76 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 00:53:18 -0500 Subject: [PATCH 317/380] iiab-diagnostics.README.md: Update lines numbers --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index f766e922e..d11c13720 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-269 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-272 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From 957cf6976ae773a907c5849f150c74b14831dd3f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 01:20:22 -0500 Subject: [PATCH 318/380] PHP defaults TOO LOW, so run www_options/tasks/php-settings.yml every time --- roles/www_options/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 5795ea7e6..f157abb26 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -69,7 +69,8 @@ # WordPress) so './runrole ' and similar are fully self-sufficient! - name: "Run php-settings.yml -- allows post-install toggling of nginx_high_php_limits in /etc/iiab/local_vars.yml -- if you run './runrole www_options'" include_tasks: php-settings.yml - when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install + # 2025-01-29: PHP's own defaults (presumably from the 1990s?) were Way Too Low -- for usb-lib's upload2usb, and in general -- so let's run php-settings.yml every time! + # when: nginx_high_php_limits or matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 668d57cb977fada20e6535aa07e111c80faa27dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 02:26:49 -0500 Subject: [PATCH 319/380] php-settings.yml; Fix typo in TZ explanation (PR #3927, GHA) --- roles/www_options/tasks/php-settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 23c85d24b..de8326d67 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -21,7 +21,7 @@ # # This takes care of essentially everything (e.g. output "America/New_York") # by checking (1) symlink /etc/localtime then (2) text file /etc/timezone if -# nec, then (3) if neither exist, "UTC" is declated (correctly!) Potential +# nec, then (3) if neither exist, "UTC" is declared (correctly!) Potential # drawback: timedatectl is not easily usable within chroot environments. - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) From 4da759a84b9913a04186c97c4e30c73cbf4784a8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 03:43:03 -0500 Subject: [PATCH 320/380] php-settings.yml: Note lack of systemd on chroot GHA runners for RPi --- roles/www_options/tasks/php-settings.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index de8326d67..adedee11b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -24,6 +24,12 @@ # nec, then (3) if neither exist, "UTC" is declared (correctly!) Potential # drawback: timedatectl is not easily usable within chroot environments. +# 2025-01-29: Current GitHub Actions chroot environments for RPi (using guyot/arm-runner-action@v2) surface this error, after PR #3927 mainlined php-settings.yml... +# "System has not been booted with systemd as init system (PID 1). Can't operate.\nFailed to connect to bus: Host is down" +# ...which might be mitigated in 2 ways: +# 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true +# 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' + - name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) command: timedatectl show -p Timezone --value register: tz_cli From 519daacc2af19bf3848c9f7926fec241400bbe85 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 11:05:07 -0500 Subject: [PATCH 321/380] iiab-network: Run Ansible with --extra-vars "{\"skip_role_on_error\":false}" --- iiab-network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-network b/iiab-network index 5dc831b8e..c888c27bf 100755 --- a/iiab-network +++ b/iiab-network @@ -42,7 +42,7 @@ fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" Start=`date` ansible -m setup -i ansible_hosts localhost --connection=local | grep python -ansible-playbook -i ansible_hosts iiab-network.yml --connection=local +ansible-playbook -i ansible_hosts iiab-network.yml --extra-vars "{\"skip_role_on_error\":false}" --connection=local End=`date` From 4e7541fc1ea055487faac67336bcc04a05af79b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 29 Jan 2025 14:00:56 -0500 Subject: [PATCH 322/380] usb_lib/README.rst: Punctuation cleanup & link to PR #3916 WIP --- roles/usb_lib/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index e51db625a..da2564f36 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -18,7 +18,7 @@ Technical Details: * USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ -* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` +* IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` * Official `usbmount 0.0.22 (2011-08-08) `_ documentation: @@ -27,3 +27,5 @@ Technical Details: * https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) * Dev Notes at the top of: https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml + + * January 2025 work to improve automount reliability during boot: `PR #3916 `_ From 6c5b4c35ecf7cf2601004f49aabf158de591c705 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 12:24:44 -0600 Subject: [PATCH 323/380] delay hostapd to allow ap0 to stabilize --- roles/network/tasks/restart.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 5902f5d50..d5de9e27d 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -28,6 +28,10 @@ state: restarted when: wifi_up_down and can_be_ap and ansible_ap0 is undefined +- name: Waiting {{ hostapd_wait }} seconds for network to stabilize for ap0 + shell: sleep {{ hostapd_wait }} + when: ansible_ap0 is undefined + - name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd From 57fa6bb08f6ba6a392351556a8c91eae9a8d64da Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 14:53:50 -0600 Subject: [PATCH 324/380] Files from usbmount_0.0.22_all.deb --- roles/usb_lib/files/usbmount/copyright | 17 ++ roles/usb_lib/files/usbmount/usbmount | 210 +++++++++++++++++++++ roles/usb_lib/files/usbmount/usbmount.conf | 53 ++++++ roles/usb_lib/tasks/install.yml | 15 +- roles/usb_lib/templates/usbmount.rules.j2 | 6 +- 5 files changed, 295 insertions(+), 6 deletions(-) create mode 100644 roles/usb_lib/files/usbmount/copyright create mode 100644 roles/usb_lib/files/usbmount/usbmount create mode 100644 roles/usb_lib/files/usbmount/usbmount.conf diff --git a/roles/usb_lib/files/usbmount/copyright b/roles/usb_lib/files/usbmount/copyright new file mode 100644 index 000000000..75fae2dde --- /dev/null +++ b/roles/usb_lib/files/usbmount/copyright @@ -0,0 +1,17 @@ +Format: http://dep.debian.net/deps/dep5/ +Upstream-Name: usbmount +Upstream-Contact: Martin Dickopp , Rogério Brito +Source: git://git.debian.org/usbmount/usbmount.git + +Files: * +Copyright: 2004-2007, Martin Dickopp + 2008-2011, Rogério Brito +License: BSD-2 + This package is free software; the copyright holder gives unlimited + permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY, to the extent permitted by law; without + even the implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount new file mode 100644 index 000000000..75f249ab6 --- /dev/null +++ b/roles/usb_lib/files/usbmount/usbmount @@ -0,0 +1,210 @@ +#!/bin/sh +# This script mounts USB mass storage devices when they are plugged in +# and unmounts them when they are removed. +# Copyright © 2004, 2005 Martin Dickopp +# Copyright © 2008, 2009, 2010 Rogério Theodoro de Brito +# +# This file is free software; the copyright holder gives unlimited +# permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. +# +set -e +exec > /dev/null 2>&1 + +###################################################################### +# Auxiliary functions + +# Log a string via the syslog facility. +log() +{ + if [ $1 != debug ] || expr "$VERBOSE" : "[yY]" > /dev/null; then + logger -p user.$1 -t "usbmount[$$]" -- "$2" + fi +} + + +# Test if the first parameter is in the list given by the second +# parameter. +in_list() +{ + for v in $2; do + [ "$1" != "$v" ] || return 0 + done + return 1 +} + + +###################################################################### +# Main program + +# Default values for configuration variables. +ENABLED=1 +MOUNTPOINTS= +FILESYSTEMS= +MOUNTOPTIONS= +FS_MOUNTOPTIONS= +VERBOSE=no + +if [ -r /etc/usbmount/usbmount.conf ]; then + . /etc/usbmount/usbmount.conf + log debug "loaded usbmount configurations" +fi + +if [ "${ENABLED:-1}" -eq 0 ]; then + log info "usbmount is disabled, see /etc/usbmount/usbmount.conf" + exit 0 +fi + +if [ ! -x /sbin/blkid ]; then + log err "cannot execute /sbin/blkid" + exit 1 +fi + +# Per Policy 9.3.2, directories under /var/run have to be created +# after every reboot. +if [ ! -e /var/run/usbmount ]; then + mkdir -p /var/run/usbmount + log debug "creating /var/run/usbmount directory" +fi + +umask 022 + + +if [ "$1" = add ]; then + + # Acquire lock. + log debug "trying to acquire lock /var/run/usbmount/.mount.lock" + lockfile-create --retry 3 /var/run/usbmount/.mount || \ + { log err "cannot acquire lock /var/run/usbmount/.mount.lock"; exit 1; } + trap '( lockfile-remove /var/run/usbmount/.mount )' 0 + log debug "acquired lock /var/run/usbmount/.mount.lock" + + # Grab device information from device and "divide it" + # FIXME: improvement: implement mounting by label (notice that labels + # can contain spaces, which makes things a little bit less comfortable). + DEVINFO=$(/sbin/blkid -p $DEVNAME) + FSTYPE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]TYPE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + UUID=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]UUID="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') + + if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then + log info "$DEVNAME does not contain a filesystem or disklabel" + exit 1 + fi + + # Try to use specifications in /etc/fstab first. + if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then + log info "executing command: mount $DEVNAME" + mount $DEVNAME || log err "mount by DEVNAME with $DEVNAME wasn't successful; return code $?" + + elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then + log info "executing command: mount -U $UUID" + mount -U $UUID || log err "mount by UUID with $UUID wasn't successful; return code $?" + + else + log debug "$DEVNAME contains filesystem type $FSTYPE" + + fstype=$FSTYPE + # Test if the filesystem type is in the list of filesystem + # types to mount. + if in_list "$fstype" "$FILESYSTEMS"; then + # Search an available mountpoint. + for v in $MOUNTPOINTS; do + if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then + mountpoint="$v" + log debug "mountpoint $mountpoint is available for $DEVNAME" + break + fi + done + if [ -n "$mountpoint" ]; then + # Determine mount options. + options= + for v in $FS_MOUNTOPTIONS; do + if expr "$v" : "-fstype=$fstype,."; then + options="$(echo "$v" | sed 's/^[^,]*,//')" + break + fi + done + if [ -n "$MOUNTOPTIONS" ]; then + options="$MOUNTOPTIONS${options:+,$options}" + fi + + # Mount the filesystem. + log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" + mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" + + # Determine vendor and model. + vendor= + if [ -r "/sys$DEVPATH/device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/device/vendor\"`" + elif [ -r "/sys$DEVPATH/../device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" + elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" + elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" + fi + vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + + model= + if [ -r "/sys$DEVPATH/device/model" ]; then + model="`cat \"/sys$DEVPATH/device/model\"`" + elif [ -r "/sys$DEVPATH/../device/model" ]; then + model="`cat \"/sys$DEVPATH/../device/model\"`" + elif [ -r "/sys$DEVPATH/device/../product" ]; then + model="`cat \"/sys$DEVPATH/device/../product\"`" + elif [ -r "/sys$DEVPATH/../device/../product" ]; then + model="`cat \"/sys$DEVPATH/../device/../product\"`" + fi + model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + export UM_MOUNTOPTIONS="$options" + export UM_VENDOR="$vendor" + export UM_MODEL="$model" + log info "executing command: run-parts /etc/usbmount/mount.d" + run-parts /etc/usbmount/mount.d || : + else + # No suitable mount point found. + log warning "no mountpoint found for $DEVNAME" + exit 1 + fi + fi + fi +elif [ "$1" = remove ]; then + + # A block or partition device has been removed. + # Test if it is mounted. + while read device mountpoint fstype remainder; do + if [ "$DEVNAME" = "$device" ]; then + # If the mountpoint and filesystem type are maintained by + # this script, unmount the filesystem. + if in_list "$mountpoint" "$MOUNTPOINTS" && + in_list "$fstype" "$FILESYSTEMS"; then + log info "executing command: umount -l $mountpoint" + umount -l "$mountpoint" + + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + log info "executing command: run-parts /etc/usbmount/umount.d" + run-parts /etc/usbmount/umount.d || : + fi + break + fi + done < /proc/mounts +else + log err "unexpected: action '$1'" + exit 1 +fi + +log debug "usbmount execution finished" diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf new file mode 100644 index 000000000..97f7ccc20 --- /dev/null +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -0,0 +1,53 @@ +# Configuration file for the usbmount package, which mounts removable +# storage devices when they are plugged in and unmounts them when they +# are removed. + +# Change to zero to disable usbmount +ENABLED=1 + +# Mountpoints: These directories are eligible as mointpoints for +# removable storage devices. A newly plugged in device is mounted on +# the first directory in this list that exists and on which nothing is +# mounted yet. +MOUNTPOINTS="/media/usb0 /media/usb1 /media/usb2 /media/usb3 + /media/usb4 /media/usb5 /media/usb6 /media/usb7" + +# Filesystem types: removable storage devices are only mounted if they +# contain a filesystem type which is in this list. +FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus" + +############################################################################# +# WARNING! # +# # +# The "sync" option may not be a good choice to use with flash drives, as # +# it forces a greater amount of writing operating on the drive. This makes # +# the writing speed considerably lower and also leads to a faster wear out # +# of the disk. # +# # +# If you omit it, don't forget to use the command "sync" to synchronize the # +# data on your disk before removing the drive or you may experience data # +# loss. # +# # +# It is highly recommended that you use the pumount command (as a regular # +# user) before unplugging the device. It makes calling the "sync" command # +# and mounting with the sync option unnecessary---this is similar to other # +# operating system's "safely disconnect the device" option. # +############################################################################# +# Mount options: Options passed to the mount command with the -o flag. +# See the warning above regarding removing "sync" from the options. +MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime" + +# Filesystem type specific mount options: This variable contains a space +# separated list of strings, each which the form "-fstype=TYPE,OPTIONS". +# +# If a filesystem with a type listed here is mounted, the corresponding +# options are appended to those specificed in the MOUNTOPTIONS variable. +# +# For example, "-fstype=vfat,gid=floppy,dmask=0007,fmask=0117" would add +# the options "gid=floppy,dmask=0007,fmask=0117" when a vfat filesystem +# is mounted. +FS_MOUNTOPTIONS="" + +# If set to "yes", more information will be logged via the syslog +# facility. +VERBOSE=no diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index ba8b3a164..d8a13e945 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,18 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' +- name: Setup directories for usbmount + file: + path: "{{ item }}" + # owner: root + # group: root + # mode: '0755' + state: directory + with_items: + - /etc/usbmount/mount.d + - /etc/usbmount/umount.d + +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -82,7 +93,7 @@ state: directory path: "{{ doc_root }}/upload2usb" owner: "{{ apache_user }}" - group: "{{ apache_user }}" + group: "{{ apache_user }}" mode: 0755 - name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/' diff --git a/roles/usb_lib/templates/usbmount.rules.j2 b/roles/usb_lib/templates/usbmount.rules.j2 index 564186c5a..939a31041 100644 --- a/roles/usb_lib/templates/usbmount.rules.j2 +++ b/roles/usb_lib/templates/usbmount.rules.j2 @@ -1,5 +1,3 @@ -KERNEL=="sd*", DRIVERS=="sbp2", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="ub*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" -KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="remove", PROGRAM="/usr/share/usbmount/usbmount remove" +ACTION=="add", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem" PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" +ACTION=="remove", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem" PROGRAM="/bin/systemd-escape -p /usr/share/usbmount/usbmount remove" From 229a913ba4f370cc78bbbefa1abb4f61b8f8df79 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 15:29:35 -0600 Subject: [PATCH 325/380] filesystems supported --- roles/usb_lib/files/usbmount/usbmount.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf index 97f7ccc20..c92ced73d 100644 --- a/roles/usb_lib/files/usbmount/usbmount.conf +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -14,7 +14,7 @@ MOUNTPOINTS="/media/usb0 /media/usb1 /media/usb2 /media/usb3 # Filesystem types: removable storage devices are only mounted if they # contain a filesystem type which is in this list. -FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus" +FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs" ############################################################################# # WARNING! # From 36485a109d167465f7f38b996d94749d8a661de0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 15:30:36 -0600 Subject: [PATCH 326/380] turn on debug --- roles/usb_lib/files/usbmount/usbmount.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount.conf b/roles/usb_lib/files/usbmount/usbmount.conf index c92ced73d..7bd194873 100644 --- a/roles/usb_lib/files/usbmount/usbmount.conf +++ b/roles/usb_lib/files/usbmount/usbmount.conf @@ -50,4 +50,4 @@ FS_MOUNTOPTIONS="" # If set to "yes", more information will be logged via the syslog # facility. -VERBOSE=no +VERBOSE=yes From a5af8c89d4370a83891de10a647a128ea6a941a6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 15:36:56 -0600 Subject: [PATCH 327/380] move mkdir and copyright --- roles/usb_lib/files/usbmount/usbmount | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 75f249ab6..e144c46d3 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -3,6 +3,7 @@ # and unmounts them when they are removed. # Copyright © 2004, 2005 Martin Dickopp # Copyright © 2008, 2009, 2010 Rogério Theodoro de Brito +# Copyright © 2025, Jerry Vonau # # This file is free software; the copyright holder gives unlimited # permission to copy and/or distribute it, with or without @@ -12,7 +13,7 @@ # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# +# Add web link to copyright notice help in iiab on github set -e exec > /dev/null 2>&1 @@ -65,18 +66,19 @@ if [ ! -x /sbin/blkid ]; then exit 1 fi -# Per Policy 9.3.2, directories under /var/run have to be created -# after every reboot. -if [ ! -e /var/run/usbmount ]; then - mkdir -p /var/run/usbmount - log debug "creating /var/run/usbmount directory" -fi - -umask 022 - - if [ "$1" = add ]; then + # Per Policy 9.3.2, directories under /var/run have to be created + # after every reboot. + if [ ! -e /var/run/usbmount ]; then + mkdir -p /var/run/usbmount + log debug "creating /var/run/usbmount directory" + else + log debug "/var/run/usbmount exists" + fi + + umask 022 + # Acquire lock. log debug "trying to acquire lock /var/run/usbmount/.mount.lock" lockfile-create --retry 3 /var/run/usbmount/.mount || \ From f58ef267681da61f52eb3df0263802cc2934fa9b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 15:39:08 -0600 Subject: [PATCH 328/380] just exit to quite down systemd logging of umount failed on stuff we don't care about --- roles/usb_lib/files/usbmount/usbmount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index e144c46d3..cd4d50ae6 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,7 +96,7 @@ if [ "$1" = add ]; then if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then log info "$DEVNAME does not contain a filesystem or disklabel" - exit 1 + exit fi # Try to use specifications in /etc/fstab first. From 60ca24d63a820d4e36b7b16853e3c451d7e5a93e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 16:37:22 -0600 Subject: [PATCH 329/380] replace deb with local files --- roles/usb_lib/tasks/install.yml | 36 +++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index d8a13e945..02e55b36b 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -47,10 +47,10 @@ when: udev_unit.stat.exists is defined and udev_unit.stat.exists # http://raspbian.raspberrypi.org/raspbian/pool/main/u/usbmount/usbmount_0.0.22_all.deb -- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} - apt: - deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" - # when: is_debian +#- name: Install {{ iiab_download_url }}/usbmount_0.0.22_all.deb, no longer supported by {RasPiOS, Debian, Ubuntu} +# apt: +# deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" +# # when: is_debian # check status of usbmount on mintlinux - should be ok Ubuntu variant # - name: Install usbmount from OS repo for Ubuntu variants @@ -73,11 +73,21 @@ # owner: root # group: root # mode: '0755' + mode: 0644 state: directory with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d +- name: '2025-01-25: Copy files from files/usbmount to filesystem' + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } + - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } + - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" @@ -106,16 +116,16 @@ # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... # SEE ALSO: https://github.com/iiab/iiab/blob/586bfc5cb1abf6b4333a21d3fa89695f115432dc/roles/2-common/tasks/packages.yml#L11-L12 -- name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf - lineinfile: - regexp: '^FILESYSTEMS=.*' - line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' - path: /etc/usbmount/usbmount.conf +#- name: Add ' exfat fuseblk ntfs' to FILESYSTEMS var in /etc/usbmount/usbmount.conf +# lineinfile: +# regexp: '^FILESYSTEMS=.*' +# line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' +# path: /etc/usbmount/usbmount.conf -- name: Remove /etc/usbmount/mount.d/00_create_model_symlink - file: - path: /etc/usbmount/mount.d/00_create_model_symlink - state: absent +#- name: Remove /etc/usbmount/mount.d/00_create_model_symlink +# file: +# path: /etc/usbmount/mount.d/00_create_model_symlink +# state: absent # RECORD 'USB_LIB' AS INSTALLED From 257dc008ec6502f5c355e484f24c54d277093bfd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 16:56:21 -0600 Subject: [PATCH 330/380] bump number of lock tries --- roles/usb_lib/files/usbmount/usbmount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index cd4d50ae6..b1abf49cb 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -81,7 +81,7 @@ if [ "$1" = add ]; then # Acquire lock. log debug "trying to acquire lock /var/run/usbmount/.mount.lock" - lockfile-create --retry 3 /var/run/usbmount/.mount || \ + lockfile-create --retry 6 /var/run/usbmount/.mount || \ { log err "cannot acquire lock /var/run/usbmount/.mount.lock"; exit 1; } trap '( lockfile-remove /var/run/usbmount/.mount )' 0 log debug "acquired lock /var/run/usbmount/.mount.lock" From 640ab00d26d73d3e825098713ddfe402d8edbdcd Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 17:05:03 -0600 Subject: [PATCH 331/380] update iiab-clean-usb.sh --- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/templates/usbmount@.service.j2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 02e55b36b..daf0fcc96 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -96,7 +96,7 @@ with_items: - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } + - { src: 'iiab-clean-usb.sh', dest: '/usr/local/sbin/', mode: '0755' } - name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' file: diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 52da18ba5..0671ce296 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -7,8 +7,8 @@ After=systemd-udev-trigger.service #Type=oneshot TimeoutStartSec=0 Environment=DEVNAME=%I -ExecStart=/usr/share/usbmount/usbmount add -ExecStop=/usr/sbin/iiab-clean-usb.sh %I +ExecStart=/usr/local/sbin/usbmount add +ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes From 34b4a8a7ad74a26a5cfca397a0ed94dcd325bd7f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2025 17:17:04 -0600 Subject: [PATCH 332/380] ConditionPathExists=/var/run --- roles/usb_lib/templates/usbmount@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 0671ce296..dca318ac7 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -2,6 +2,7 @@ BindTo=%i.device After=%i.device After=systemd-udev-trigger.service +ConditionPathExists=/var/run [Service] #Type=oneshot From e6051088fcebfff891c2b1bab7c5be8620759406 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 26 Jan 2025 08:34:46 -0600 Subject: [PATCH 333/380] RuntimeDirectory=usbmount --- roles/usb_lib/templates/usbmount@.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index dca318ac7..2dc0177c0 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -12,4 +12,5 @@ ExecStart=/usr/local/sbin/usbmount add ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes +RuntimeDirectory=usbmount From 76d5b5fc1780322bf6db0aba217e59de795f99e5 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 29 Jan 2025 06:00:07 -0500 Subject: [PATCH 334/380] usb_lib: Minor whitespace typos --- roles/usb_lib/tasks/install.yml | 2 +- roles/usb_lib/templates/usbmount@.service.j2 | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index daf0fcc96..6c7660748 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -59,7 +59,7 @@ # state: present # when: is_ubuntu -- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) +- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory path: "{{ doc_root }}/local_content" diff --git a/roles/usb_lib/templates/usbmount@.service.j2 b/roles/usb_lib/templates/usbmount@.service.j2 index 2dc0177c0..6cf1f990b 100644 --- a/roles/usb_lib/templates/usbmount@.service.j2 +++ b/roles/usb_lib/templates/usbmount@.service.j2 @@ -13,4 +13,3 @@ ExecStop=/usr/local/sbin/iiab-clean-usb.sh %I ExecStopPost=/bin/umount /%I RemainAfterExit=yes RuntimeDirectory=usbmount - From 190d66409f0265c81548584e9b52c28a5f6d1c48 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jan 2025 08:59:24 -0600 Subject: [PATCH 335/380] Update roles/usb_lib/templates/iiab-clean-usb.sh to restore previous search-ability Co-authored-by: A Holt --- roles/usb_lib/templates/iiab-clean-usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index dcdf987d3..2223c15a5 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -5,7 +5,7 @@ DEVICE=$(echo $@ | sed -s 's|-|/|') MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK." +logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK, as auto-created earlier by usbmount." if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK From daa3deb034c661000025321efcd07eb01983a67f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 29 Jan 2025 08:59:49 -0600 Subject: [PATCH 336/380] Update roles/usb_lib/templates/iiab-clean-usb.sh to restore previous search-ability Co-authored-by: A Holt --- roles/usb_lib/templates/iiab-clean-usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index 2223c15a5..c04c8c5f7 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -9,6 +9,6 @@ logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove if [ -L $CONTENT_LINK ]; then /bin/rm $CONTENT_LINK - logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed." + logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed, as auto-created earlier by usbmount." fi From eca12605b91148c8c0f109b39ee8833e083eb8ce Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 03:19:31 -0600 Subject: [PATCH 337/380] forgot the dependencies --- roles/usb_lib/tasks/install.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 6c7660748..a4f608698 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -52,12 +52,12 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -# check status of usbmount on mintlinux - should be ok Ubuntu variant -# - name: Install usbmount from OS repo for Ubuntu variants -# package: -# name: usbmount -# state: present -# when: is_ubuntu +- name: Install lockfile-progs util-linux for usbmount from OS repo + package: + name: + - lockfile-progs + - util-linux + state: present - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: From 0dec3fe8108f52832b9398e329119920a3ba5a96 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 09:52:41 -0600 Subject: [PATCH 338/380] indent --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index a4f608698..ac444d05f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -55,8 +55,8 @@ - name: Install lockfile-progs util-linux for usbmount from OS repo package: name: - - lockfile-progs - - util-linux + - lockfile-progs + - util-linux state: present - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} From 78924e84bab6118d2333995b403058adb9b9209a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 11:59:15 -0600 Subject: [PATCH 339/380] create /media/usb0-7 --- roles/usb_lib/tasks/install.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index ac444d05f..bd4d4ab7f 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: Setup directories for usbmount +- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, and /media/usb0-7 file: path: "{{ item }}" # owner: root @@ -78,6 +78,14 @@ with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d + - /media/usb0 + - /media/usb1 + - /media/usb2 + - /media/usb3 + - /media/usb4 + - /media/usb5 + - /media/usb6 + - /media/usb7 - name: '2025-01-25: Copy files from files/usbmount to filesystem' copy: From 97eeae48455c6950b01bccb35859990306c02eac Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 14:07:51 -0600 Subject: [PATCH 340/380] wording --- roles/usb_lib/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index bd4d4ab7f..2993865fd 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -67,7 +67,7 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, and /media/usb0-7 +- name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, /media/usb0-7 file: path: "{{ item }}" # owner: root @@ -96,7 +96,7 @@ - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 80bdfc677e6845aa6f86b1e0adbcbf4642da2186 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jan 2025 14:13:26 -0600 Subject: [PATCH 341/380] Update roles/usb_lib/tasks/install.yml missed during rebase Co-authored-by: A Holt --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 2993865fd..77abac259 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -96,7 +96,7 @@ - { src: 'usbmount/usbmount.conf', dest: '/etc/usbmount/', mode: '0644' } - { src: 'usbmount/usbmount', dest: '/usr/local/sbin/', mode: '0755' } -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/local/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 6b4b94dae2081ffab88339479d3a147faf83071e Mon Sep 17 00:00:00 2001 From: root Date: Fri, 31 Jan 2025 01:41:23 -0500 Subject: [PATCH 342/380] usb_lib / usbmount: Refine, lint, clarify --- .../files/{upload => upload2usb}/button.html | 0 .../files/{upload => upload2usb}/error.php | 0 .../files/{upload => upload2usb}/footer.php | 0 .../files/{upload => upload2usb}/header.php | 0 .../files/{upload => upload2usb}/index.php | 0 .../files/{upload => upload2usb}/uk-swing.png | Bin .../{upload => upload2usb}/upload-file.php | 0 .../{upload => upload2usb}/upload2usb.php | 0 roles/usb_lib/tasks/install.yml | 23 ++++++++---------- roles/usb_lib/templates/iiab-clean-usb.sh | 16 ++++++------ .../templates/mount.d/70-usb-library.j2 | 16 ++++++------ 11 files changed, 26 insertions(+), 29 deletions(-) rename roles/usb_lib/files/{upload => upload2usb}/button.html (100%) rename roles/usb_lib/files/{upload => upload2usb}/error.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/footer.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/header.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/index.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/uk-swing.png (100%) rename roles/usb_lib/files/{upload => upload2usb}/upload-file.php (100%) rename roles/usb_lib/files/{upload => upload2usb}/upload2usb.php (100%) diff --git a/roles/usb_lib/files/upload/button.html b/roles/usb_lib/files/upload2usb/button.html similarity index 100% rename from roles/usb_lib/files/upload/button.html rename to roles/usb_lib/files/upload2usb/button.html diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload2usb/error.php similarity index 100% rename from roles/usb_lib/files/upload/error.php rename to roles/usb_lib/files/upload2usb/error.php diff --git a/roles/usb_lib/files/upload/footer.php b/roles/usb_lib/files/upload2usb/footer.php similarity index 100% rename from roles/usb_lib/files/upload/footer.php rename to roles/usb_lib/files/upload2usb/footer.php diff --git a/roles/usb_lib/files/upload/header.php b/roles/usb_lib/files/upload2usb/header.php similarity index 100% rename from roles/usb_lib/files/upload/header.php rename to roles/usb_lib/files/upload2usb/header.php diff --git a/roles/usb_lib/files/upload/index.php b/roles/usb_lib/files/upload2usb/index.php similarity index 100% rename from roles/usb_lib/files/upload/index.php rename to roles/usb_lib/files/upload2usb/index.php diff --git a/roles/usb_lib/files/upload/uk-swing.png b/roles/usb_lib/files/upload2usb/uk-swing.png similarity index 100% rename from roles/usb_lib/files/upload/uk-swing.png rename to roles/usb_lib/files/upload2usb/uk-swing.png diff --git a/roles/usb_lib/files/upload/upload-file.php b/roles/usb_lib/files/upload2usb/upload-file.php similarity index 100% rename from roles/usb_lib/files/upload/upload-file.php rename to roles/usb_lib/files/upload2usb/upload-file.php diff --git a/roles/usb_lib/files/upload/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php similarity index 100% rename from roles/usb_lib/files/upload/upload2usb.php rename to roles/usb_lib/files/upload2usb/upload2usb.php diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 77abac259..107ae9a4c 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -52,7 +52,7 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -- name: Install lockfile-progs util-linux for usbmount from OS repo +- name: Install lockfile-progs and util-linux for usbmount from OS repo package: name: - lockfile-progs @@ -62,19 +62,16 @@ - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory - path: "{{ doc_root }}/local_content" - owner: "{{ apache_user }}" + path: "{{ doc_root }}/local_content" # /library/www/html + owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 - name: Set up dirs /etc/usbmount/mount.d, /etc/usbmount/umount.d, /media/usb0-7 file: - path: "{{ item }}" - # owner: root - # group: root - # mode: '0755' - mode: 0644 state: directory + path: "{{ item }}" + mode: 0755 with_items: - /etc/usbmount/mount.d - /etc/usbmount/umount.d @@ -87,7 +84,7 @@ - /media/usb6 - /media/usb7 -- name: '2025-01-25: Copy files from files/usbmount to filesystem' +- name: Copy files from files/usbmount to filesystem copy: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -106,7 +103,7 @@ - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - { src: 'iiab-clean-usb.sh', dest: '/usr/local/sbin/', mode: '0755' } -- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root' +- name: Add dir {{ doc_root }}/upload2usb (0775) owned by {{ apache_user }}:{{ apache_user }} file: state: directory path: "{{ doc_root }}/upload2usb" @@ -114,12 +111,12 @@ group: "{{ apache_user }}" mode: 0755 -- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/' +- name: Copy files from files/upload2usb/ into {{ doc_root }}/upload2usb/ copy: src: "{{ item }}" - dest: "{{ doc_root }}/upload2usb/" # /library/www/html + dest: "{{ doc_root }}/upload2usb/" with_fileglob: - - upload/* + - upload2usb/* # 2021-03-21: If usbmount is repackaged by apt as a result of Linux kernel 5.4+ # supporting exFAT, the stanza below (might) in future no longer be needed... diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh index c04c8c5f7..360d737f4 100644 --- a/roles/usb_lib/templates/iiab-clean-usb.sh +++ b/roles/usb_lib/templates/iiab-clean-usb.sh @@ -1,14 +1,14 @@ #!/bin/bash -# Remove symlink in /library/content to automounted usb drive -# -DEVICE=$(echo $@ | sed -s 's|-|/|') -MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}') +# Remove symlink in /library/www/html/local_content to automounted USB drive + +DEVICE="/$(echo $1 | sed 's|-|/|')" +MNT_POINT=$(findmnt -no target $DEVICE) CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}') CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK, as auto-created earlier by usbmount." + +logger -t "usb_lib (iiab-clean-usb.sh)" "Attempting to remove symlink $CONTENT_LINK, as auto-created earlier by usbmount." if [ -L $CONTENT_LINK ]; then - /bin/rm $CONTENT_LINK - logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed, as auto-created earlier by usbmount." + /usr/bin/rm $CONTENT_LINK + logger -t "usb_lib (iiab-clean-usb.sh)" "Symlink $CONTENT_LINK removed, as auto-created earlier by usbmount." fi - diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 803313f7e..62d15b27a 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -30,16 +30,16 @@ logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" exit elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" exit elif [ "$UM_DEV" == "$BOOT_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" exit elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware" + logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" exit fi @@ -48,13 +48,13 @@ fi # "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst if [ -d $UM_MOUNTPOINT/PUBLIC ]; then SHARE_DIR=$UM_MOUNTPOINT/PUBLIC - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT" + logger -t "usb_lib (70-usb-library)" "Found /PUBLIC on $UM_MOUNTPOINT" else SHARE_DIR=$UM_MOUNTPOINT - logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT" + logger -t "usb_lib (70-usb-library)" "Did not find /PUBLIC on $UM_MOUNTPOINT" fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR" -ln -s $SHARE_DIR $CONTENT_LINK +logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" +ln -sf $SHARE_DIR $CONTENT_LINK From 3077a39cd607c9d4b034aa6802c2ebbd7bd3ecb6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 31 Jan 2025 03:45:23 -0500 Subject: [PATCH 343/380] Invert rejected country red error; Clarify 3 channel/country vars for iiab.ini --- roles/network/tasks/detected_network.yml | 34 +++++++++++++----------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 1663f8c39..c72028d53 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -264,8 +264,8 @@ wifi_up_down: False when: rpi3bplus_rpi4_wifi_firmware == "24" -- name: Detect "Firmware rejected country setting" in dmesg - shell: dmesg | grep ieee80211 | grep "Firmware rejected country setting" +- name: Detect "Firmware rejected country setting" in dmesg (invert return code, for intentional red error) + shell: '! dmesg | grep ieee80211 | grep "Firmware rejected country setting"' register: FW_rejected_country ignore_errors: True @@ -337,27 +337,29 @@ - option: wifi_firmware_43455 value: "{{ rpi3bplus_rpi4_wifi_firmware }}" -- name: Add 'detected_network' variable 'current_client_channel_found' value if defined, to {{ iiab_ini_file }} +- name: Add 'detected_network' variable 'current_client_channel_found' stdout value ({{ current_client_channel.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: client_wifi_channel_found - value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined + option: client_wifi_channel_found + value: "{{ current_client_channel.stdout }}" + when: current_client_channel.stdout is defined and current_client_channel.stdout != "" -- name: Add 'detected_network' variable 'FW_rejected_country' value if defined, to {{ iiab_ini_file }} +- name: Add 'detected_network' variable 'FW_rejected_country' stdout value ({{ FW_rejected_country.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: FW_rejected_country - value: "{{ cmdline_country_code.stdout }}" - when: FW_rejected_country.stdout is defined + option: FW_rejected_country + value: "{{ FW_rejected_country.stdout }}" + when: FW_rejected_country.stdout is defined and FW_rejected_country.stdout != "" + +- name: Add 'detected_network' variable 'cmdline_country_code' stdout value ({{ cmdline_country_code.stdout }}) if defined and non-empty, to {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: detected_network + option: cmdline_country_code + value: "{{ cmdline_country_code.stdout }}" + when: cmdline_country_code.stdout is defined and cmdline_country_code.stdout != "" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired From b6b2f3a0d771a0e84bf931f2aec6341985b30caa Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 31 Jan 2025 04:24:07 -0500 Subject: [PATCH 344/380] usbmount copyright URL clarifs for PR #3929 --- roles/usb_lib/files/usbmount/usbmount | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index b1abf49cb..7541b5335 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -13,7 +13,8 @@ # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# Add web link to copyright notice help in iiab on github +# https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/copyright +# https://github.com/rbrito/usbmount/blob/master/debian/copyright set -e exec > /dev/null 2>&1 From c975dd21fce3227e7d54413eecb91b198caa178d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Feb 2025 00:35:54 -0500 Subject: [PATCH 345/380] php-settings.yml: TZ hack that avoids systemd, for GHA --- roles/www_options/tasks/php-settings.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index adedee11b..4693db885 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -30,8 +30,10 @@ # 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true # 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' -- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) - command: timedatectl show -p Timezone --value +#- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) +# command: timedatectl show -p Timezone --value +- name: Extract Time Zone from symlink /etc/localtime, or declare UTC + shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || echo UTC register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From f22ba85c49f9cfa7b890db9a362e1ad21511d481 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Feb 2025 00:54:47 -0500 Subject: [PATCH 346/380] php-settings.yml: More complete shell hack, equiv to timedatectl --- roles/www_options/tasks/php-settings.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 4693db885..7109ccfeb 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -30,10 +30,10 @@ # 1) Try spawning these "guyot/arm-runner-action@v2" GHA workflows with... use_systemd_nspawn: true # 2) Weaken timedatectl command just below, trying this instead... shell: readlink /etc/localtime | sed 's#^/usr/share/zoneinfo/##' -#- name: Extract Time Zone from symlink /etc/localtime &/or text file /etc/timezone (or lack thereof!) -# command: timedatectl show -p Timezone --value -- name: Extract Time Zone from symlink /etc/localtime, or declare UTC - shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || echo UTC +- name: Extract Time Zone from symlink /etc/localtime, text file /etc/timezone, or if all else fails declare Etc/UTC + # command: timedatectl show -p Timezone --value + # 2025-02-01: "guyot/arm-runner-action@v2" GHA workflows don't seem to work with "use_systemd_nspawn: true", so hack in the equivalent of timedatectl... + shell: tmp=$(readlink /etc/localtime) && echo $tmp | sed 's|^/usr/share/zoneinfo/||' || cat /etc/timezone || echo Etc/UTC register: tz_cli - name: Store 'date.timezone = {{ tz_cli.stdout }}' (from above) in /etc/php/{{ php_version }}/fpm/php.ini and /etc/php/{{ php_version }}/cli/php.ini From fb787e0649cd1817d0e4bef0e2025e6353a91906 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Feb 2025 01:24:47 -0500 Subject: [PATCH 347/380] Update USB_LIB description for iiab.ini --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 4def69c4f..4d2710874 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -77,7 +77,7 @@ - option: name value: USB_LIB - option: description - value: '"USB_LIB automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"' + value: '"USB_LIB automounts Teacher Content on USB sticks to /library/www/html/local_content, so students can browse the USB AND upload their work to the USB, all at http://box/usb"' - option: usb_lib_install value: "{{ usb_lib_install }}" - option: usb_lib_enabled From 8eed5e3face334dca474063043b07fbd63915f8c Mon Sep 17 00:00:00 2001 From: root Date: Sun, 2 Feb 2025 20:44:02 +0000 Subject: [PATCH 348/380] usb_lib/README.rst, usb_lib/tasks/install.yml: Add docs on how to disable Desktop auto-mount functionality on RPi Desktop; other minor doc cleanup --- roles/usb_lib/README.rst | 3 +++ roles/usb_lib/tasks/install.yml | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index da2564f36..aa5409d90 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -20,6 +20,9 @@ Technical Details: * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` +* If you are using a Desktop install of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the auto-mount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the auto-mount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". + + * Official `usbmount 0.0.22 (2011-08-08) `_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 107ae9a4c..35f533652 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -7,9 +7,10 @@ # https://github.com/rbrito/usbmount/blob/master/README.md (2018-08-10) # https://github.com/rbrito/usbmount/blob/master/usbmount.conf (2010-04-25) -# usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml) must be set to true in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. -# If you are still not able to write to a mounted USB stick, try unmounting the drive (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). - +# The variable, usb_lib_writable_sticks (e.g., in /etc/iiab/local_vars.yml), must be set to true +# in order for non-root users to be able to write to VFAT/FAT32, NTFS and exFAT USB sticks. +# If you are still not able to write to a mounted USB stick, try unmounting the drive +# (sudo umount ) and then remount it setting umask to 0000 manually (sudo mount -o umask=0000 ). - name: Record (initial) disk space used shell: df -B1 --output=used / | tail -1 From 38a860d3c5734b361f2a898e74809fcd84b7a3e4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Feb 2025 16:12:11 -0500 Subject: [PATCH 349/380] Update usb_lib/README.rst --- roles/usb_lib/README.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index aa5409d90..e874e9525 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -16,13 +16,12 @@ As of January 2025, automount is handled by usbmount: (`devmon included with ude Technical Details: -* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 103 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml `_ +* USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 17 of: `/opt/iiab/iiab/roles/usb_lib/files/usbmount/usbmount.conf `_ + +* If you are using a Graphical Desktop version of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the automount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` -* If you are using a Desktop install of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the auto-mount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the auto-mount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". - - * Official `usbmount 0.0.22 (2011-08-08) `_ documentation: * https://github.com/hfuchs/usbmount/blob/master/README (2010-08-11) From 3596963d5cfdf547f8c777e161d320eaf7ef90b7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Feb 2025 16:22:38 -0500 Subject: [PATCH 350/380] Further update usb_lib/README.rst --- roles/usb_lib/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index e874e9525..b7536387c 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -18,7 +18,9 @@ Technical Details: * USB sticks / drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 17 of: `/opt/iiab/iiab/roles/usb_lib/files/usbmount/usbmount.conf `_ -* If you are using a Graphical Desktop version of Raspberry Pi OS (vs Lite, for example) for your IIAB, USB sticks will be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. To disable the automount function, in the File Manager (pcmanfm), go to Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". +* If your IIAB was built on a Graphical Desktop OS (instead of a headless OS, like Raspberry Pi OS Lite), USB sticks will problematically be mounted twice by default, once by usbmount and once by the desktop. You must disable the automount function in the Desktop in order to use the "Upload to USB" functionality, which allows students to upload their work to your USB stick. + + * EXAMPLE: To disable Desktop automount within "Raspberry Pi OS with desktop", go to File Manager (pcmanfm) → Edit → Preferences → Volume Management, and uncheck "Mount removable media automatically when they are inserted". * IIAB will generally mount USB sticks / drives 'rw' allowing root to both read and write to them. In addition, in March 2021 (`PR #2715 `_) Kolibri exports were enabled, by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB sticks — using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default. This ``umask=0000`` is also required for students to upload to the teachers's VFAT/FAT32, NTFS and exFAT USB sticks, as introduced in January 2025 (`PR #3875 `_). If, however, you prefer to restore usbmount's default, set ``usb_lib_writable_sticks: False`` in `/etc/iiab/local_vars.yml `_ — please do this prior to installing IIAB — so you don't have to run: ``cd /opt/iiab/iiab ; ./runrole --reinstall usb_lib`` From c2c36b178edc71d103b34e1f991c9cf75af7f667 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 6 Feb 2025 08:07:00 -0600 Subject: [PATCH 351/380] iiab-check-firmware: Mention 'sudo iiab-network' --- roles/firmware/templates/iiab-check-firmware | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index b2f7a1cce..f10cd752b 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -60,7 +60,7 @@ else echo -e " cd /opt/iiab/iiab" echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo ./runrole --reinstall firmware" - echo -e " sudo ./iiab-network # SOMETIMES NECESSARY" + echo -e " sudo iiab-network # SOMETIMES NECESSARY" echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'" echo -e " sudo reboot\n" #echo From 2398313918991a755c25c4d8789aacf48bfa3aae Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Feb 2025 03:13:51 -0500 Subject: [PATCH 352/380] 70-usb-library.j2: Forcibly delete e.g. stale /library/www/html/local_content/USB0 --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 62d15b27a..441cebb74 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -57,4 +57,7 @@ fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" -ln -sf $SHARE_DIR $CONTENT_LINK +# 'rm -rf' even stronger than 'ln -nsf' and 'ln -Tsf' +# https://serverfault.com/questions/147787/how-to-update-a-symbolic-link-target-ln-f-s-not-working/522483#522483 +rm -rf $CONTENT_LINK +ln -s $SHARE_DIR $CONTENT_LINK From 94ca58aa0cad87225ee39bf55bdc3de298521700 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Feb 2025 03:45:52 -0500 Subject: [PATCH 353/380] 70-usb-library.j2: Cleaner logging & error handling (e.g. exit code 1) --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 441cebb74..89dfea840 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -31,16 +31,16 @@ logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" - exit + exit 1 elif [ "$UM_DEV" == "$ROOT_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" - exit + exit 1 elif [ "$UM_DEV" == "$BOOT_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" - exit + exit 1 elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" - exit + exit 1 fi # 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable. @@ -55,9 +55,13 @@ else fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') +if [ -z "$CONTENT_LINK_USB" ]; then + logger -t "usb_lib (70-usb-library)" "ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" might be dangerous!)" + exit 1 +fi CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" -logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" # 'rm -rf' even stronger than 'ln -nsf' and 'ln -Tsf' # https://serverfault.com/questions/147787/how-to-update-a-symbolic-link-target-ln-f-s-not-working/522483#522483 +logger -t "usb_lib (70-usb-library)" "Creating link from $CONTENT_LINK to $SHARE_DIR" rm -rf $CONTENT_LINK ln -s $SHARE_DIR $CONTENT_LINK From 1ec743a65428cd307b0fb951e5525b5d2a805cee Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 11 Feb 2025 10:42:05 -0500 Subject: [PATCH 354/380] 70-usb-library.j2: Fix logger string quotation marks --- roles/usb_lib/templates/mount.d/70-usb-library.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 89dfea840..8263bde1f 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -56,7 +56,7 @@ fi CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}') if [ -z "$CONTENT_LINK_USB" ]; then - logger -t "usb_lib (70-usb-library)" "ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" might be dangerous!)" + logger -t "usb_lib (70-usb-library)" 'ERROR: Var CONTENT_LINK_USB is empty ("rm -rf /library/www/html/local_content/" would be dangerous!)' exit 1 fi CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB" From 9bc2006ba3ea40dead77090d40808dc680474447 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 11 Feb 2025 16:25:06 -0600 Subject: [PATCH 355/380] exclude usb based device that host usbbooted filesytems --- roles/usb_lib/files/usbmount/usbmount | 39 ++++++++++++++++++++------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 7541b5335..284069a19 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,22 +96,41 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log info "$DEVNAME does not contain a filesystem or disklabel" + log info "/$DEVNAME does not contain a filesystem or disklabel" exit fi - # Try to use specifications in /etc/fstab first. + log debug "DEVNAME /$DEVNAME" + BOOTFW_DEV=$(/usr/bin/findmnt -no source /boot/firmware) + log debug "BOOTFW_DEV $BOOTFW_DEV" + if [ $BOOTFW_DEV = /$DEVNAME ]; then + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + exit + fi + ROOT_DEV=$(/usr/bin/findmnt -no source /) + log debug "ROOT_DEV $ROOT_DEV" + if [ $ROOT_DEV = /$DEVNAME ]; then + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + exit + fi + BOOT_DEV=$(/usr/bin/findmnt -no source /boot) + log debug "BOOT_DEV $BOOT_DEV" + if [ $BOOT_DEV = /$DEVNAME ]; then + log debug "skipping BOOTFS_DEV $BOOT_DEV mount as /boot" + exit + fi + + # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then - log info "executing command: mount $DEVNAME" - mount $DEVNAME || log err "mount by DEVNAME with $DEVNAME wasn't successful; return code $?" - + log debug "skipping /$DEVNAME exit" + exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then - log info "executing command: mount -U $UUID" - mount -U $UUID || log err "mount by UUID with $UUID wasn't successful; return code $?" - + log debug "skipping $UUID" + exit else - log debug "$DEVNAME contains filesystem type $FSTYPE" - + log debug "/$DEVNAME contains filesystem type $FSTYPE" fstype=$FSTYPE # Test if the filesystem type is in the list of filesystem # types to mount. From fda19ad7f95a25acb8d369e39a4c1ed742422a7b Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2025 02:18:16 -0500 Subject: [PATCH 356/380] upload2usb/header.php: update swing logo to point to /usb/ instead of /upload2usb/ --- roles/usb_lib/files/upload2usb/header.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload2usb/header.php b/roles/usb_lib/files/upload2usb/header.php index fc8218800..ef75c2c01 100644 --- a/roles/usb_lib/files/upload2usb/header.php +++ b/roles/usb_lib/files/upload2usb/header.php @@ -28,5 +28,5 @@ include("upload2usb.php");
- +

From 759126414edeb21a6cd0445f1d5d3237db1efffe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 10:26:21 -0600 Subject: [PATCH 357/380] #set -e, lockfile-remove, typo, missing debug line --- roles/usb_lib/files/usbmount/usbmount | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 284069a19..3a4e26c29 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -15,7 +15,7 @@ # PARTICULAR PURPOSE. # https://github.com/iiab/iiab/blob/master/roles/usb_lib/files/usbmount/copyright # https://github.com/rbrito/usbmount/blob/master/debian/copyright -set -e +#set -e exec > /dev/null 2>&1 ###################################################################### @@ -106,6 +106,7 @@ if [ "$1" = add ]; then if [ $BOOTFW_DEV = /$DEVNAME ]; then log debug "/$DEVNAME contains filesystem type $FSTYPE" log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + lockfile-remove /var/run/usbmount/.mount exit fi ROOT_DEV=$(/usr/bin/findmnt -no source /) @@ -113,12 +114,15 @@ if [ "$1" = add ]; then if [ $ROOT_DEV = /$DEVNAME ]; then log debug "/$DEVNAME contains filesystem type $FSTYPE" log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + lockfile-remove /var/run/usbmount/.mount exit fi BOOT_DEV=$(/usr/bin/findmnt -no source /boot) log debug "BOOT_DEV $BOOT_DEV" if [ $BOOT_DEV = /$DEVNAME ]; then - log debug "skipping BOOTFS_DEV $BOOT_DEV mount as /boot" + log debug "/$DEVNAME contains filesystem type $FSTYPE" + log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" + lockfile-remove /var/run/usbmount/.mount exit fi From 9a95a046c4bd16c88ea29b092e49917d120cc95e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 10:36:22 -0600 Subject: [PATCH 358/380] lockfile-remove for fstab check --- roles/usb_lib/files/usbmount/usbmount | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 3a4e26c29..939a76c45 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -129,9 +129,11 @@ if [ "$1" = add ]; then # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then log debug "skipping /$DEVNAME exit" + lockfile-remove /var/run/usbmount/.mount exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then log debug "skipping $UUID" + lockfile-remove /var/run/usbmount/.mount exit else log debug "/$DEVNAME contains filesystem type $FSTYPE" From 52da42c14638e2ab2816a6af958e0f7bf981cb31 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 11:19:54 -0600 Subject: [PATCH 359/380] touchups and ordering --- roles/usb_lib/files/usbmount/usbmount | 36 ++++++++++++--------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 939a76c45..08b9e81c3 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,34 +96,30 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log info "/$DEVNAME does not contain a filesystem or disklabel" + log debug "/$DEVNAME does not contain a filesystem or disklabel" exit fi - log debug "DEVNAME /$DEVNAME" + log debug "/$DEVNAME contains filesystem type $FSTYPE" BOOTFW_DEV=$(/usr/bin/findmnt -no source /boot/firmware) log debug "BOOTFW_DEV $BOOTFW_DEV" - if [ $BOOTFW_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" - lockfile-remove /var/run/usbmount/.mount - exit - fi ROOT_DEV=$(/usr/bin/findmnt -no source /) log debug "ROOT_DEV $ROOT_DEV" - if [ $ROOT_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" - lockfile-remove /var/run/usbmount/.mount - exit - fi BOOT_DEV=$(/usr/bin/findmnt -no source /boot) log debug "BOOT_DEV $BOOT_DEV" - if [ $BOOT_DEV = /$DEVNAME ]; then - log debug "/$DEVNAME contains filesystem type $FSTYPE" - log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" - lockfile-remove /var/run/usbmount/.mount - exit + + if [ $BOOTFW_DEV = /$DEVNAME ]; then + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + lockfile-remove /var/run/usbmount/.mount + exit + elif [ $ROOT_DEV = /$DEVNAME ]; then + log debug "skipping ROOT_DEV $ROOT_DEV mounted at /" + lockfile-remove /var/run/usbmount/.mount + exit + elif [ $BOOT_DEV = /$DEVNAME ]; then + log debug "skipping BOOT_DEV $BOOT_DEV mount as /boot" + lockfile-remove /var/run/usbmount/.mount + exit fi # Try to use specifications in /etc/fstab to skip. @@ -145,7 +141,7 @@ if [ "$1" = add ]; then for v in $MOUNTPOINTS; do if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then mountpoint="$v" - log debug "mountpoint $mountpoint is available for $DEVNAME" + log debug "mountpoint $mountpoint is available for /$DEVNAME" break fi done From bd8c131ef667fd7e9c8eec674ad051872862c328 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 11:45:04 -0600 Subject: [PATCH 360/380] clearer dependencies --- roles/usb_lib/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 35f533652..660df7eb2 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -53,7 +53,7 @@ # deb: "{{ iiab_download_url }}/usbmount_0.0.22_all.deb" # # when: is_debian -- name: Install lockfile-progs and util-linux for usbmount from OS repo +- name: Install lockfile-progs and util-linux (findmnt blkid) for usbmount from OS repo package: name: - lockfile-progs From ebceb4a6ac970c00a22a2a4255e927695f158f52 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 12 Feb 2025 13:28:05 -0600 Subject: [PATCH 361/380] upload2usb.php add 'grep media' to device filter --- roles/usb_lib/files/upload2usb/upload2usb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 38b5e0c86..643a46ed4 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -18,7 +18,7 @@ function getTargetUSBDriveLocation () { // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 # error if 1<>usb sticks are installed - $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l'); + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | grep media | wc -l'); if ($rmv_usb_path_count == 0) { throw new RuntimeException('0 USB sticks found.

'); } elseif ($rmv_usb_path_count > 1) { From a96b46c22320876021ec336efb991f3c91576304 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Feb 2025 15:50:02 -0500 Subject: [PATCH 362/380] upload2usb/upload2usb.php: using existence of /media to determine if a USB stick is mounted or not for both count and upload location; changing tabs to spaces for the whole file --- roles/usb_lib/files/upload2usb/upload2usb.php | 91 +++++++++---------- 1 file changed, 44 insertions(+), 47 deletions(-) diff --git a/roles/usb_lib/files/upload2usb/upload2usb.php b/roles/usb_lib/files/upload2usb/upload2usb.php index 643a46ed4..555a40f5a 100644 --- a/roles/usb_lib/files/upload2usb/upload2usb.php +++ b/roles/usb_lib/files/upload2usb/upload2usb.php @@ -10,27 +10,25 @@ set_exception_handler(function (Throwable $exception) { include ("error.php"); }); - //return the first removable USB drive location function getTargetUSBDriveLocation () { - // Get the first removal USB drive using - // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1 - // lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2 + // Get the count of storage mounted at /media, and error if there is <>1 otherwise return upload path - # error if 1<>usb sticks are installed - $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | grep media | wc -l'); - if ($rmv_usb_path_count == 0) { - throw new RuntimeException('0 USB sticks found.

'); - } elseif ($rmv_usb_path_count > 1) { - throw new RuntimeException('More than 1 USB sticks installed.

'); - } + # error if 1<>usb sticks are installed + $rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs | cut -d " " -f 4 | grep "^MOUNTPOINT=\"/media" | wc -l'); - $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2'))); + if ($rmv_usb_path_count == 0) { + throw new RuntimeException('0 USB sticks found.

'); + } elseif ($rmv_usb_path_count > 1) { + throw new RuntimeException('More than 1 USB sticks installed.

'); + } + + $rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs | cut -d " " -f 4 | grep "^MOUNTPOINT=\"/media" | cut -d "=" -f 2'))); if (empty($rmv_usb_path)) { - throw new RuntimeException('Not able to find USB stick.

'); + throw new RuntimeException('Not able to find USB stick.

'); } else { - return $rmv_usb_path . "/"; + return $rmv_usb_path . "/"; } } @@ -42,55 +40,55 @@ function getTargetFolderPath ($create_folder_p) { $target_folder_path = $parent_dir . $today_folder_name; if (!file_exists($target_folder_path) && $create_folder_p) { - mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_writable_sticks' is set to 'True'.

"); - } - return $target_folder_path; + mkdir($target_folder_path, 0777) or throw new RuntimeException("Not able to create upload directory.
Make sure 'usb_lib_writable_sticks' is set to 'True'.

"); + } + return $target_folder_path; } //return number of files within a specified folder function getFileCount ($folder_path) { - return count(glob($folder_path . "/*")); + return count(glob($folder_path . "/*")); } //check if file mimetype is acceptable for upload function isFileMimeTypeAcceptable ($file) { - $mimetype = strtolower(mime_content_type($file)); - $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); - foreach ($invalid_mimetypes_str as $invalid_mt_str) { - if (str_contains($mimetype, $invalid_mt_str)) { - error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); - return false; - } - } - return true; + $mimetype = strtolower(mime_content_type($file)); + $invalid_mimetypes_str = array ("compress", "image/svg+xml", "octet", "text/xml", "xhtml+xml"); + foreach ($invalid_mimetypes_str as $invalid_mt_str) { + if (str_contains($mimetype, $invalid_mt_str)) { + error_log('UPLOAD2USB ERROR - MIMETYPE: ' . $mimetype); + return false; + } + } + return true; } //check file content to see if it's unique or not function isFileContentUnique ($target_folder_path, $file) { - $file_to_upload_md5 = md5_file($file); - $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); - foreach ($usb_dir as $dir_file) { - $dir_file = $target_folder_path . "/" . $dir_file; + $file_to_upload_md5 = md5_file($file); + $usb_dir = array_diff(scandir($target_folder_path), array('..', '.')); + foreach ($usb_dir as $dir_file) { + $dir_file = $target_folder_path . "/" . $dir_file; - if (!is_dir($dir_file)) { - $dir_file_md5 = md5_file($dir_file); - if ($file_to_upload_md5 == $dir_file_md5) { - return false; - } - } - } - return true; + if (!is_dir($dir_file)) { + $dir_file_md5 = md5_file($dir_file); + if ($file_to_upload_md5 == $dir_file_md5) { + return false; + } + } + } + return true; } //return unique filename function getUniqueFileName ($target_folder_path, $filename) { - $new_filename = $filename; - $counter = 1; - while (file_exists($target_folder_path . "/" . $new_filename)) { - $counter++; - $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); - } - return $new_filename; + $new_filename = $filename; + $counter = 1; + while (file_exists($target_folder_path . "/" . $new_filename)) { + $counter++; + $new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4); + } + return $new_filename; } // Check file size - we are not going to check file size for now. @@ -100,5 +98,4 @@ function getUniqueFileName ($target_folder_path, $filename) { // } - ?> From fe6516b2e953682b59a2c7bb0940b0ebff8bc44a Mon Sep 17 00:00:00 2001 From: avni Date: Fri, 14 Feb 2025 15:56:09 -0500 Subject: [PATCH 363/380] Add lockfile removal before exit in usbmount script per Jerry's recommendation. Add lockfile removal before exit in usbmount script per Jerry's recommendation. Also adjusted spacing! Read up on file locking a bit: - https://www.baeldung.com/linux/file-locking - https://linux.die.net/man/1/lockfile-create --- roles/usb_lib/files/usbmount/usbmount | 175 +++++++++++++------------- 1 file changed, 88 insertions(+), 87 deletions(-) diff --git a/roles/usb_lib/files/usbmount/usbmount b/roles/usb_lib/files/usbmount/usbmount index 08b9e81c3..8104564e7 100644 --- a/roles/usb_lib/files/usbmount/usbmount +++ b/roles/usb_lib/files/usbmount/usbmount @@ -96,8 +96,9 @@ if [ "$1" = add ]; then USAGE=$(echo "$DEVINFO" | sed 's/.*[[:blank:]]USAGE="\([^"]*\)".*/\1/g; s/[[:blank:]]*//g;') if ! echo $USAGE | egrep -q "(filesystem|disklabel)"; then - log debug "/$DEVNAME does not contain a filesystem or disklabel" - exit + log debug "/$DEVNAME does not contain a filesystem or disklabel" + lockfile-remove /var/run/usbmount/.mount + exit fi log debug "/$DEVNAME contains filesystem type $FSTYPE" @@ -109,7 +110,7 @@ if [ "$1" = add ]; then log debug "BOOT_DEV $BOOT_DEV" if [ $BOOTFW_DEV = /$DEVNAME ]; then - log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" + log debug "skipping BOOTFS_DEV $BOOTFS_DEV mounted at /boot/firmware" lockfile-remove /var/run/usbmount/.mount exit elif [ $ROOT_DEV = /$DEVNAME ]; then @@ -124,107 +125,107 @@ if [ "$1" = add ]; then # Try to use specifications in /etc/fstab to skip. if egrep -q "^[[:blank:]]*$DEVNAME" /etc/fstab; then - log debug "skipping /$DEVNAME exit" - lockfile-remove /var/run/usbmount/.mount - exit + log debug "skipping /$DEVNAME exit" + lockfile-remove /var/run/usbmount/.mount + exit elif grep -q "^[[:blank:]]*UUID=$UUID" /etc/fstab; then - log debug "skipping $UUID" - lockfile-remove /var/run/usbmount/.mount + log debug "skipping $UUID" + lockfile-remove /var/run/usbmount/.mount exit else - log debug "/$DEVNAME contains filesystem type $FSTYPE" - fstype=$FSTYPE - # Test if the filesystem type is in the list of filesystem - # types to mount. - if in_list "$fstype" "$FILESYSTEMS"; then - # Search an available mountpoint. - for v in $MOUNTPOINTS; do - if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then - mountpoint="$v" - log debug "mountpoint $mountpoint is available for /$DEVNAME" - break - fi - done - if [ -n "$mountpoint" ]; then - # Determine mount options. - options= - for v in $FS_MOUNTOPTIONS; do - if expr "$v" : "-fstype=$fstype,."; then - options="$(echo "$v" | sed 's/^[^,]*,//')" - break - fi - done - if [ -n "$MOUNTOPTIONS" ]; then - options="$MOUNTOPTIONS${options:+,$options}" - fi + log debug "/$DEVNAME contains filesystem type $FSTYPE" + fstype=$FSTYPE + # Test if the filesystem type is in the list of filesystem + # types to mount. + if in_list "$fstype" "$FILESYSTEMS"; then + # Search an available mountpoint. + for v in $MOUNTPOINTS; do + if [ -d "$v" ] && ! grep -q "^[^ ][^ ]* *$v " /proc/mounts; then + mountpoint="$v" + log debug "mountpoint $mountpoint is available for /$DEVNAME" + break + fi + done + if [ -n "$mountpoint" ]; then + # Determine mount options. + options= + for v in $FS_MOUNTOPTIONS; do + if expr "$v" : "-fstype=$fstype,."; then + options="$(echo "$v" | sed 's/^[^,]*,//')" + break + fi + done + if [ -n "$MOUNTOPTIONS" ]; then + options="$MOUNTOPTIONS${options:+,$options}" + fi - # Mount the filesystem. - log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" - mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" + # Mount the filesystem. + log info "executing command: mount -t$fstype ${options:+-o$options} $DEVNAME $mountpoint" + mount "-t$fstype" "${options:+-o$options}" "$DEVNAME" "$mountpoint" - # Determine vendor and model. - vendor= - if [ -r "/sys$DEVPATH/device/vendor" ]; then - vendor="`cat \"/sys$DEVPATH/device/vendor\"`" - elif [ -r "/sys$DEVPATH/../device/vendor" ]; then - vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" - elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then - vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" - elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then - vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" - fi - vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + # Determine vendor and model. + vendor= + if [ -r "/sys$DEVPATH/device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/device/vendor\"`" + elif [ -r "/sys$DEVPATH/../device/vendor" ]; then + vendor="`cat \"/sys$DEVPATH/../device/vendor\"`" + elif [ -r "/sys$DEVPATH/device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/device/../manufacturer\"`" + elif [ -r "/sys$DEVPATH/../device/../manufacturer" ]; then + vendor="`cat \"/sys$DEVPATH/../device/../manufacturer\"`" + fi + vendor="$(echo "$vendor" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" - model= - if [ -r "/sys$DEVPATH/device/model" ]; then - model="`cat \"/sys$DEVPATH/device/model\"`" - elif [ -r "/sys$DEVPATH/../device/model" ]; then - model="`cat \"/sys$DEVPATH/../device/model\"`" - elif [ -r "/sys$DEVPATH/device/../product" ]; then - model="`cat \"/sys$DEVPATH/device/../product\"`" - elif [ -r "/sys$DEVPATH/../device/../product" ]; then - model="`cat \"/sys$DEVPATH/../device/../product\"`" - fi - model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" + model= + if [ -r "/sys$DEVPATH/device/model" ]; then + model="`cat \"/sys$DEVPATH/device/model\"`" + elif [ -r "/sys$DEVPATH/../device/model" ]; then + model="`cat \"/sys$DEVPATH/../device/model\"`" + elif [ -r "/sys$DEVPATH/device/../product" ]; then + model="`cat \"/sys$DEVPATH/device/../product\"`" + elif [ -r "/sys$DEVPATH/../device/../product" ]; then + model="`cat \"/sys$DEVPATH/../device/../product\"`" + fi + model="$(echo "$model" | sed 's/^[[:blank:]]\+//; s/[[:blank:]]\+$//')" - # Run hook scripts; ignore errors. - export UM_DEVICE="$DEVNAME" - export UM_MOUNTPOINT="$mountpoint" - export UM_FILESYSTEM="$fstype" - export UM_MOUNTOPTIONS="$options" - export UM_VENDOR="$vendor" - export UM_MODEL="$model" - log info "executing command: run-parts /etc/usbmount/mount.d" - run-parts /etc/usbmount/mount.d || : - else - # No suitable mount point found. - log warning "no mountpoint found for $DEVNAME" - exit 1 - fi + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + export UM_MOUNTOPTIONS="$options" + export UM_VENDOR="$vendor" + export UM_MODEL="$model" + log info "executing command: run-parts /etc/usbmount/mount.d" + run-parts /etc/usbmount/mount.d || : + else + # No suitable mount point found. + log warning "no mountpoint found for $DEVNAME" + exit 1 + fi fi - fi +fi elif [ "$1" = remove ]; then # A block or partition device has been removed. # Test if it is mounted. while read device mountpoint fstype remainder; do - if [ "$DEVNAME" = "$device" ]; then + if [ "$DEVNAME" = "$device" ]; then # If the mountpoint and filesystem type are maintained by # this script, unmount the filesystem. if in_list "$mountpoint" "$MOUNTPOINTS" && - in_list "$fstype" "$FILESYSTEMS"; then - log info "executing command: umount -l $mountpoint" - umount -l "$mountpoint" + in_list "$fstype" "$FILESYSTEMS"; then + log info "executing command: umount -l $mountpoint" + umount -l "$mountpoint" - # Run hook scripts; ignore errors. - export UM_DEVICE="$DEVNAME" - export UM_MOUNTPOINT="$mountpoint" - export UM_FILESYSTEM="$fstype" - log info "executing command: run-parts /etc/usbmount/umount.d" - run-parts /etc/usbmount/umount.d || : - fi - break - fi + # Run hook scripts; ignore errors. + export UM_DEVICE="$DEVNAME" + export UM_MOUNTPOINT="$mountpoint" + export UM_FILESYSTEM="$fstype" + log info "executing command: run-parts /etc/usbmount/umount.d" + run-parts /etc/usbmount/umount.d || : + fi + break + fi done < /proc/mounts else log err "unexpected: action '$1'" From f52b3908218f38e2b4b62d05e7ececb74c133eda Mon Sep 17 00:00:00 2001 From: root Date: Sat, 15 Feb 2025 18:36:28 +0000 Subject: [PATCH 364/380] usb_lib/tasks/main.yml: updating USB_LIB description to be more clear about the two-way information/data exchange between teachers and students --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 4d2710874..0c4e3c1c4 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -77,7 +77,7 @@ - option: name value: USB_LIB - option: description - value: '"USB_LIB automounts Teacher Content on USB sticks to /library/www/html/local_content, so students can browse the USB AND upload their work to the USB, all at http://box/usb"' + value: '"USB_LIB (1) automounts teacher content on USB sticks to /library/www/html/local_content, so students can browse the USB; AND (2) allows students to upload their work to USB sticks / drives, all from http://box/usb"' - option: usb_lib_install value: "{{ usb_lib_install }}" - option: usb_lib_enabled From e80b912eeab2c0173f16e6f85229ccc73b4990af Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 15 Feb 2025 15:12:20 -0500 Subject: [PATCH 365/380] usb_lib/tasks/main.yml: Tiny comment update RE: iiab.conf.j2 --- roles/usb_lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 0c4e3c1c4..ee4bd18ea 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -1,7 +1,7 @@ # TO DO: (2020-02-13) # - Look at analogous NGINX logic for http://box/usb in # nginx/templates/iiab.conf.j2 and make that visually meaningful for teachers: -# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L8 +# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L9 # "How do i fail a task in Ansible if the variable contains a boolean value? From 66a35ee9508925ac11bf3aa0b47ebb2a3811d165 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Feb 2025 02:42:17 -0600 Subject: [PATCH 366/380] jupyterhub drop --system-site-packages --- roles/jupyterhub/tasks/install.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 4e23f9ccc..d4d9d99e8 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -51,7 +51,8 @@ - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 + #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) extra_args: "--no-cache-dir --prefer-binary" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 @@ -68,7 +69,8 @@ - ipywidgets virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no - virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 + #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" From 2ef96ad0ff6601d80d16c3da494d690e5fc2517f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Feb 2025 02:49:09 -0600 Subject: [PATCH 367/380] jupyterhub drop python3-psutil --- roles/jupyterhub/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d4d9d99e8..d55fdf696 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -17,11 +17,11 @@ shell: df -B1 --output=used / | tail -1 register: df1 - -- name: "Install package: python3-psutil" - package: - name: python3-psutil - state: present +# 2025-02-16 +#- name: "Install package: python3-psutil" +# package: +# name: python3-psutil +# state: present - name: Remove previous virtual environment {{ jupyterhub_venv }} file: From bbdd45365d1c457f709e30bbac47f397b3f809a1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Feb 2025 12:36:27 -0600 Subject: [PATCH 368/380] update ansible.cfg for use with python3.13 --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index 4030a931e..deb5328ed 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -5,4 +5,4 @@ # Disallowed by Ansible 2.11+ -- see https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.7.html#using-a-loop-on-a-package-module-via-squash-actions #squash_actions = apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper, package [defaults] -interpreter_python=/usr/bin/python3 +interpreter_python=/usr/local/ansible/bin/python3 From f16bd2a6b5674027f9262a100a639cccc2aed5d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 16 Feb 2025 15:02:50 -0500 Subject: [PATCH 369/380] jupyterhub/tasks/install.yml touchup: Comment out `virtualenv_site_packages: no` as tested on PR #3948 --- roles/jupyterhub/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index d55fdf696..b6f6c4c83 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -50,7 +50,7 @@ - wheel - jupyterhub virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) @@ -68,7 +68,7 @@ - jupyterhub-systemdspawner - ipywidgets virtualenv: "{{ jupyterhub_venv }}" - virtualenv_site_packages: no + #virtualenv_site_packages: no virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16 #virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 From d1dd071c814f560e5bee73784a2b45e7c893372f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 16 Feb 2025 22:02:54 -0500 Subject: [PATCH 370/380] jupyterhub/tasks/install.yml: Mention disk footprint is ~316 MB --- roles/jupyterhub/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index b6f6c4c83..57a503014 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -43,7 +43,7 @@ global: yes state: latest -- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~326 MB total, after 2 Ansible calls)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~316 MB total, after 2 Ansible calls)" pip: name: - pip From 957a89d67ca182ce0c2660b0ce14d8aa32527a1d Mon Sep 17 00:00:00 2001 From: root Date: Mon, 17 Feb 2025 01:59:15 -0500 Subject: [PATCH 371/380] pip install {pymysql,psycopg,passlib} to Ansible venv, on demand --- roles/munin/tasks/install.yml | 10 ++++++++-- roles/mysql/tasks/install.yml | 10 ++++++++-- roles/postgresql/tasks/install.yml | 10 ++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 3895b7bf9..89fe254cf 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -9,7 +9,7 @@ name: net.ipv6.conf.all.disable_ipv6 value: 0 -- name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib" +- name: "Install 4 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra" package: name: #- libapache2-mod-fcgid @@ -17,9 +17,15 @@ - munin - munin-node - munin-plugins-extra - - python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below + #- python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below state: present +- name: pip install 'passlib' into venv /usr/local/ansible -- for Ansible module 'htpasswd' in Ansible collection community.general -- used just below + pip: + name: passlib + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + # SEE ALSO roles/network/tasks/install.yml - name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434 sysctl: diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 87bcd9c1a..5bcfbb9bd 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -3,16 +3,22 @@ register: df1 -- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql' +- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql' package: name: - mariadb-server - mariadb-client #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx.yml, wordpress/tasks/install.yml - - python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} + #- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} state: present +- name: pip install 'pymysql' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} + pip: + name: pymysql + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + # 2020-07-11: 10 PHP package installs moved to roles/www_base/tasks/main.yml # php{{ php_version }}-sqlite3 install moved to roles/osm-vector-maps/tasks/install.yml diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index f07cf943d..04c6c41d2 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -3,14 +3,20 @@ register: df1 -- name: 'Install packages: postgresql, postgresql-client, python3-psycopg2' +- name: 'Install packages: postgresql, postgresql-client' package: name: - postgresql - postgresql-client - - python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml + #- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present +- name: pip install 'psycopg' into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml + pip: + name: psycopg + virtualenv: /usr/local/ansible + extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 + - name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s) shell: pg_config --version | sed 's/^[^0-9]*//; s/[^0-9].*//' register: pg_config_version From 36e43227752d9d013a6f2a04f36dee2fe9d27ff3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 17 Feb 2025 03:56:40 -0500 Subject: [PATCH 372/380] mysql/tasks/install.yml: Respect original typography 'PyMySQL' --- roles/mysql/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 5bcfbb9bd..1b8a04388 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -13,9 +13,9 @@ #- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx} state: present -- name: pip install 'pymysql' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} +- name: pip install 'PyMySQL' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx} pip: - name: pymysql + name: PyMySQL virtualenv: /usr/local/ansible extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560 From 96324233d8b33afcf03ef93b219d755472113f29 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 17 Feb 2025 04:21:44 -0500 Subject: [PATCH 373/380] Clarify PR #3950: 'pip install psycopg' is NEW "Psycopg 3" for PostgreSQL --- roles/postgresql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index 04c6c41d2..ce14600c5 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -11,7 +11,7 @@ #- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml state: present -- name: pip install 'psycopg' into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml +- name: pip install 'psycopg' (NEW Psycopg 3) into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml pip: name: psycopg virtualenv: /usr/local/ansible From 1308fb86708c00b4f7ac49c24e8cd1f515dfc4dd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Feb 2025 15:21:00 -0500 Subject: [PATCH 374/380] Update Nextcloud 30.0.6 disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index d0588aac9..2fae98551 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~180 MB) to {{ nextcloud_root_dir }} (~687 MB initially, sometimes ~721 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~183 MB) to {{ nextcloud_root_dir }} (~707 MB initially, sometimes ~741 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 6d5fcdbcc288c68da89821441253393f869ed0aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 Feb 2025 18:25:07 -0600 Subject: [PATCH 375/380] Recommend ansible-core 2.18.3 --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index c5ab3e074..22c8cbacd 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.2] -GOOD_VER=2.18.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.3] +GOOD_VER=2.18.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments From 89b1487dc2849dd70fd01e7bf68067a4c777e5e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 Feb 2025 15:40:39 -0500 Subject: [PATCH 376/380] Update Nextcloud 31.0.0 disk footprint sizes --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 2fae98551..37429ea0e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -131,7 +131,7 @@ # nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2 # when: php_version is version('8.0', '<') -- name: Unarchive {{ nextcloud_dl_url }} (~183 MB) to {{ nextcloud_root_dir }} (~707 MB initially, sometimes ~741 MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~216 MB) to {{ nextcloud_root_dir }} (~844 MB initially, sometimes ~878 MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 2461a8fde39fcf4d399f40c6ef342d34d0ceb6c4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Mar 2025 11:41:34 -0500 Subject: [PATCH 377/380] iiab-diagnostics: Also record /etc/locale.conf --- scripts/iiab-diagnostics | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 51a7d6797..383f714e9 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -173,7 +173,8 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image -cat_file /etc/default/locale +cat_file /etc/default/locale 'e.g. on Debian 12' +cat_file /etc/locale.conf 'e.g. on Debian 13' cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env From ac12c6db0b2da14247bde6d2859a4ca6347b73d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Mar 2025 11:42:37 -0500 Subject: [PATCH 378/380] iiab-diagnostics.README.md: Update line number --- scripts/iiab-diagnostics.README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index d11c13720..7c064b757 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -66,4 +66,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-272 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 135-273 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From cb42942699f2b4cfe6485ea5a0bbc8c853abd412 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Mar 2025 11:46:21 -0500 Subject: [PATCH 379/380] iiab-diagnostics: Clarify that Ubuntu too uses /etc/locale.conf --- scripts/iiab-diagnostics | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 383f714e9..ae7376648 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -174,7 +174,7 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image cat_file /etc/default/locale 'e.g. on Debian 12' -cat_file /etc/locale.conf 'e.g. on Debian 13' +cat_file /etc/locale.conf 'e.g. on Debian 13+ and Ubuntu' cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env From 96ddd6620d8601c54d0d729c7d07c9725b2442d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Mar 2025 11:51:09 -0500 Subject: [PATCH 380/380] iiab-diagnostics: Fix comments --- scripts/iiab-diagnostics | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index ae7376648..193ba4fc7 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -173,13 +173,13 @@ echo -e "\n\n\n2. REGULAR FILES ETC\n" >> $outfile #cat_file /tmp/empty-file # Empty file test #cat_file /usr/bin/iiab-support-on # Symlink test cat_file /.iiab-image -cat_file /etc/default/locale 'e.g. on Debian 12' -cat_file /etc/locale.conf 'e.g. on Debian 13+ and Ubuntu' +cat_file /etc/default/locale # e.g. on Debian 12 +cat_file /etc/locale.conf # e.g. on Debian 13+ and Ubuntu cat_cmd 'localectl' 'Locale settings' cat_cmd 'locale -a' 'Available locales' cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini -cat_file /etc/iiab/local_vars.yml # Redacts most passwords above +cat_file /etc/iiab/local_vars.yml # Redacts most passwords above cat_file /etc/iiab/iiab_state.yml cat_file /etc/resolv.conf cat_file /etc/network/interfaces