Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-15 04:32:11 +00:00

178 lines
11 KiB

# 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by
# www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF
# 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml
# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini
# 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini
# (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!)
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
postgresql_install: True
postgresql_enabled: True
- name: POSTGRESQL - run 'postgresql' role (attempt to install & enable PostgreSQL)
name: postgresql
# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year:
# https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries
# https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml
- name: Install ghostscript + libsodium23 + poppler-utils + 8 PHP packages (run 'php -m' or 'php -i' to verify)
#- php-apcu # 2021-07-02: Experiment with fewer dependencies
- ghostscript # 2021-07-02: OPTIONAL -- but useful for annotation of PDF's / assignments
- libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
- poppler-utils # 2021-07-20: Convert PDF to PNG, with pathtopdftoppm set below (#2854)
#- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
#- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
- php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-exif # 2022-11-27: Recommended by Moodle 4.1, required by Moodle 4.2 (for image metadata, rotation, etc?) apt package(s) NOT REQUIRED as it's somehow already installed with PHP's core, as confirmed by 'php -m' & 'php -i' on Ubuntu 22.04 and RasPiOS.
- php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL
#- php{{ php_version }}-json # 2021-07-02: Not requested by Moodle's PHP doc above. Package baked into PHP 8+. FWIW with PHP < 8, phpX.Y-json is already auto-installed by phpX.Y-fpm in 3-base-server's nginx/tasks/install.yml
#- php{{ php_version }}-opcache # 2021-07-02: Experiment with fewer dependencies
#- php{{ php_version }}-readline # 2021-07-02: Experiment with fewer dependencies
- php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+
- php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
#- php{{ php_version }}-xmlrpc # 2021-07-02: Doesn't exist with PHP 8.0 -- officially required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc
- php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
state: present
- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: True' by default"
include_tasks: roles/www_options/tasks/php-settings.yml
when: php_settings_done is undefined
- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3"
repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle
dest: "{{ moodle_base }}" # /opt/iiab/moodle
depth: 1
version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022)
when: php_version is version('8.3', '>=')
- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3
repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle
dest: "{{ moodle_base }}" # /opt/iiab/moodle
depth: 1
version: "{{ moodle_version }}" # e.g. MOODLE_401_STABLE (Moodle 4.1)
when: php_version is version('8.3', '<')
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644)
path: "{{ moodle_base }}"
owner: "{{ apache_user }}" # www-data
group: "{{ apache_user }}"
recurse: yes
- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}) (by default 755 = drwxr-xr-x initially, but moodle_installer sets drwxrwsrwx below)
state: directory
path: "{{ moodle_data }}" # /library/moodle
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
# /etc/systemd/system/postgresql-iiab.service
- name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB
name: postgresql-iiab
state: started
- name: Create PostgreSQL db user {{ moodle_db_user }}/{{ moodle_db_pass }}
name: "{{ moodle_db_user }}" # Admin
password: "{{ moodle_db_pass }}" # changeme
encrypted: yes # Required by PostgreSQL 10+ e.g. Ubuntu 18.04's PostgreSQL 10.3+, see https://github.com/iiab/iiab/issues/759
state: present
become: yes
become_user: postgres
- name: 'Create database: {{ moodle_db_name }}'
name: "{{ moodle_db_name }}"
encoding: utf8
owner: "{{ moodle_db_user }}"
template: template1
state: present
become: yes
become_user: postgres
- name: (Re)Start 'postgresql-iiab' systemd service
name: postgresql-iiab
state: restarted
#enabled: yes # Service ends up enabled regardless
- name: Install {{ moodle_base }}/moodle_installer from template (0755)
src: moodle_installer
dest: "{{ moodle_base }}"
mode: 0755
- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini IF PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER ON Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation
shell: "{{ moodle_base }}/moodle_installer"
creates: "{{ moodle_base }}/config.php"
# 2021-07-05: For /opt/iiab/moodle, let's stick with default permissions from
# above (755 dirs & 644 files), and ownership (www-data:www-data), as we do in
# moodle/tasks/mathjax.yml
# 2021-07-05: Seems like a good idea but Moodle's permissions recommendations
# at https://docs.moodle.org/20/en/Creating_Moodle_site_data_directory don't
# actually mandate this:
# - name: chmod -R o-rwx {{ moodle_data }} e.g. drwxrwsrwx to drwxrws---
# file:
# path: "{{ moodle_data }}" # /library/moodle
# mode: o-rwx
# recurse: yes
# 2021-11-19: Resolves Moodle error https://github.com/iiab/iiab/issues/3024
- name: Set cron job to run /opt/iiab/moodle/admin/cli/cron.php every minute (* * * * *) in /var/spool/cron/crontabs/www-data -- per https://docs.moodle.org/310/en/Cron
name: https://docs.moodle.org/310/en/Cron
user: www-data
job: "/usr/bin/php /opt/iiab/moodle/admin/cli/cron.php >/dev/null"
# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect
# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287
- name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files"
path: "{{ moodle_base }}/config.php"
line: '$CFG->{{ item.name }} = {{ item.value }};'
insertbefore: '^\$CFG->directorypermissions'
#- { name: 'backuptempdir', value: "'{{ moodlebox_moodle_data_dir }}/backup'" }
- { name: 'xsendfile', value: "'X-Accel-Redirect'" }
- { name: 'xsendfilealiases', value: "array('/dataroot/' => $CFG->dataroot)" }
#- { name: 'customfiletypes', value: "array(\n (object)array(\n 'extension' => 'crt',\n 'icon' => 'sourcecode',\n 'type' => 'application/x-x509-ca-cert',\n 'customdescription' => 'X.509 CA certificate'\n )\n)"}
#- { name: 'showcampaigncontent', value: 'false' }
- include_tasks: mathjax.yml
- name: Run 'php {{ moodle_base }}/admin/cli/cfg.php --name=pathtopdftoppm --set=/usr/bin/pdftoppm' for converting PDF files to PNG (faster than Ghostscript, particularly for large files) -- works with apt package 'poppler-utils' installed above (#2854)
command: php "{{ moodle_base }}/admin/cli/cfg.php" --name=pathtopdftoppm --set=/usr/bin/pdftoppm
- name: "Set 'moodle_installed: True'"
moodle_installed: True
- name: "Add 'moodle_installed: True' to {{ iiab_state_file }}"
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^moodle_installed'
line: 'moodle_installed: True'