mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 19:52:06 +00:00
158 lines
9.4 KiB
YAML
158 lines
9.4 KiB
YAML
# 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by
|
|
# www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF
|
|
# 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml
|
|
# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini
|
|
|
|
# 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini
|
|
# (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!)
|
|
|
|
|
|
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
|
|
set_fact:
|
|
postgresql_install: True
|
|
postgresql_enabled: True
|
|
|
|
- name: POSTGRESQL - run 'postgresql' role (attempt to install & enable PostgreSQL)
|
|
include_role:
|
|
name: postgresql
|
|
|
|
|
|
# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year:
|
|
# https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries
|
|
# https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml
|
|
- name: Install ghostscript + libsodium23 + poppler-utils + 8 PHP packages (run 'php -m' or 'php -i' to verify)
|
|
package:
|
|
name:
|
|
#- php-apcu # 2021-07-02: Experiment with fewer dependencies
|
|
- ghostscript # 2021-07-02: OPTIONAL -- but useful for annotation of PDF's / assignments
|
|
- libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
|
|
- poppler-utils # 2021-07-20: Convert PDF to PNG, with pathtopdftoppm set below (#2854)
|
|
#- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
|
#- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
|
|
- php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
|
- php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
|
- php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
|
|
- php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
|
- php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL
|
|
#- php{{ php_version }}-json # 2021-07-02: Not requested by Moodle's PHP doc above. Package baked into PHP 8+. FWIW with PHP < 8, phpX.Y-json is already auto-installed by phpX.Y-fpm in 3-base-server's nginx/tasks/install.yml
|
|
#- php{{ php_version }}-opcache # 2021-07-02: Experiment with fewer dependencies
|
|
#- php{{ php_version }}-readline # 2021-07-02: Experiment with fewer dependencies
|
|
- php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+
|
|
- php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
|
|
#- php{{ php_version }}-xmlrpc # 2021-07-02: Doesn't exist with PHP 8.0 -- officially required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc
|
|
- php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
|
state: present
|
|
|
|
- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~350MB initially, ~371MB later)
|
|
git:
|
|
repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle
|
|
dest: "{{ moodle_base }}" # /opt/iiab/moodle
|
|
depth: 1
|
|
version: "MOODLE_{{ moodle_version }}_STABLE"
|
|
#version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/
|
|
#ignore_errors: yes
|
|
|
|
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644)
|
|
file:
|
|
path: "{{ moodle_base }}"
|
|
owner: "{{ apache_user }}" # www-data
|
|
group: "{{ apache_user }}"
|
|
recurse: yes
|
|
|
|
- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}) (by default 755 = drwxr-xr-x initially, but moodle_installer sets drwxrwsrwx below)
|
|
file:
|
|
state: directory
|
|
path: "{{ moodle_data }}" # /library/moodle
|
|
owner: "{{ apache_user }}"
|
|
group: "{{ apache_user }}"
|
|
|
|
|
|
# /etc/systemd/system/postgresql-iiab.service
|
|
- name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB
|
|
systemd:
|
|
name: postgresql-iiab
|
|
state: started
|
|
|
|
- name: Create PostgreSQL db user {{ moodle_db_user }}/{{ moodle_db_pass }}
|
|
postgresql_user:
|
|
name: "{{ moodle_db_user }}" # Admin
|
|
password: "{{ moodle_db_pass }}" # changeme
|
|
encrypted: yes # Required by PostgreSQL 10+ e.g. Ubuntu 18.04's PostgreSQL 10.3+, see https://github.com/iiab/iiab/issues/759
|
|
role_attr_flags: NOSUPERUSER,NOCREATEROLE,NOCREATEDB
|
|
state: present
|
|
become: yes
|
|
become_user: postgres
|
|
|
|
- name: 'Create database: {{ moodle_db_name }}'
|
|
postgresql_db:
|
|
name: "{{ moodle_db_name }}"
|
|
encoding: utf8
|
|
owner: "{{ moodle_db_user }}"
|
|
template: template1
|
|
state: present
|
|
become: yes
|
|
become_user: postgres
|
|
|
|
- name: (Re)Start 'postgresql-iiab' systemd service
|
|
systemd:
|
|
name: postgresql-iiab
|
|
state: restarted
|
|
#enabled: yes # Service ends up enabled regardless
|
|
|
|
|
|
- name: Install {{ moodle_base }}/moodle_installer from template (0755)
|
|
template:
|
|
src: moodle_installer
|
|
dest: "{{ moodle_base }}"
|
|
mode: 0755
|
|
|
|
- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation
|
|
shell: "{{ moodle_base }}/moodle_installer"
|
|
args:
|
|
creates: "{{ moodle_base }}/config.php"
|
|
|
|
# 2021-07-05: For /opt/iiab/moodle, let's stick with default permissions from
|
|
# above (755 dirs & 644 files), and ownership (www-data:www-data), as we do in
|
|
# moodle/tasks/mathjax.yml
|
|
|
|
# 2021-07-05: Seems like a good idea but Moodle's permissions recommendations
|
|
# at https://docs.moodle.org/20/en/Creating_Moodle_site_data_directory don't
|
|
# actually mandate this:
|
|
#
|
|
# - name: chmod -R o-rwx {{ moodle_data }} e.g. drwxrwsrwx to drwxrws---
|
|
# file:
|
|
# path: "{{ moodle_data }}" # /library/moodle
|
|
# mode: o-rwx
|
|
# recurse: yes
|
|
|
|
# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect
|
|
# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287
|
|
- name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files"
|
|
lineinfile:
|
|
path: "{{ moodle_base }}/config.php"
|
|
line: '$CFG->{{ item.name }} = {{ item.value }};'
|
|
insertbefore: '^\$CFG->directorypermissions'
|
|
with_items:
|
|
#- { name: 'backuptempdir', value: "'{{ moodlebox_moodle_data_dir }}/backup'" }
|
|
- { name: 'xsendfile', value: "'X-Accel-Redirect'" }
|
|
- { name: 'xsendfilealiases', value: "array('/dataroot/' => $CFG->dataroot)" }
|
|
#- { name: 'customfiletypes', value: "array(\n (object)array(\n 'extension' => 'crt',\n 'icon' => 'sourcecode',\n 'type' => 'application/x-x509-ca-cert',\n 'customdescription' => 'X.509 CA certificate'\n )\n)"}
|
|
#- { name: 'showcampaigncontent', value: 'false' }
|
|
|
|
- include_tasks: mathjax.yml
|
|
|
|
- name: Run 'php {{ moodle_base }}/admin/cli/cfg.php --name=pathtopdftoppm --set=/usr/bin/pdftoppm' for converting PDF files to PNG (faster than Ghostscript, particularly for large files) -- works with apt package 'poppler-utils' installed above (#2854)
|
|
command: php "{{ moodle_base }}/admin/cli/cfg.php" --name=pathtopdftoppm --set=/usr/bin/pdftoppm
|
|
|
|
|
|
# RECORD Moodle AS INSTALLED
|
|
|
|
- name: "Set 'moodle_installed: True'"
|
|
set_fact:
|
|
moodle_installed: True
|
|
|
|
- name: "Add 'moodle_installed: True' to {{ iiab_state_file }}"
|
|
lineinfile:
|
|
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
|
|
regexp: '^moodle_installed'
|
|
line: 'moodle_installed: True'
|