iiab / iiab Goto Github PK

How are future upgrades going to be handled? Lets say going from 6.3 -> 6.4
The acid test for a clean upgrade path is git checkout -b <new_release> and a git pull origin <new_release>
Starting from a fresh clone:
git clone https://github.com/iiab/iiab -b 6.3-rc2 --depth 1
[root@box iiab]# cd iiab
[root@box iiab]# git branch

• 6.3-rc2
  [root@box iiab]# git checkout -b 6.4
  Switched to a new branch '6.4'

The end user should be able to switch from the current branch to any other release branch or master without issues.
Using master as an example
[root@box iiab]# git pull origin master
remote: Counting objects: 1366, done.
remote: Compressing objects: 100% (618/618), done.
remote: Total 1366 (delta 773), reused 1214 (delta 640), pack-reused 0
Receiving objects: 100% (1366/1366), 385.57 KiB | 0 bytes/s, done.
Resolving deltas: 100% (773/773), completed with 167 local objects.
From https://github.com/iiab/iiab

• branch master -> FETCH_HEAD
  Auto-merging vars/default_vars.yml
  CONFLICT (add/add): Merge conflict in vars/default_vars.yml
  Auto-merging runansible
  CONFLICT (add/add): Merge conflict in runansible
  Auto-merging roles/xovis/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/xovis/tasks/main.yml
  Auto-merging roles/wordpress/tasks/install.yml
  CONFLICT (add/add): Merge conflict in roles/wordpress/tasks/install.yml
  Auto-merging roles/teamviewer/tasks/install.yml
  CONFLICT (add/add): Merge conflict in roles/teamviewer/tasks/install.yml
  Auto-merging roles/sugarizer/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/sugarizer/tasks/main.yml
  Auto-merging roles/sugar-stats/tasks/statistics-consolidation.yml
  CONFLICT (add/add): Merge conflict in roles/sugar-stats/tasks/statistics-consolidation.yml
  Auto-merging roles/schooltool/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/schooltool/tasks/main.yml
  Auto-merging roles/postgresql/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/postgresql/tasks/main.yml
  Auto-merging roles/phpmyadmin/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/phpmyadmin/tasks/main.yml
  Auto-merging roles/pathagar/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/pathagar/tasks/main.yml
  Auto-merging roles/owncloud/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/owncloud/tasks/main.yml
  Auto-merging roles/owncloud/tasks/F18.yml
  CONFLICT (add/add): Merge conflict in roles/owncloud/tasks/F18.yml
  Auto-merging roles/osm/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/osm/tasks/main.yml
  Auto-merging roles/openvpn/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/openvpn/tasks/main.yml
  Auto-merging roles/nextcloud/tasks/nextcloud_enabled.yml
  CONFLICT (add/add): Merge conflict in roles/nextcloud/tasks/nextcloud_enabled.yml
  Auto-merging roles/nextcloud/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/nextcloud/tasks/main.yml
  Auto-merging roles/nextcloud/tasks/F18.yml
  CONFLICT (add/add): Merge conflict in roles/nextcloud/tasks/F18.yml
  Auto-merging roles/network/templates/squid/squid.sysconfig
  CONFLICT (add/add): Merge conflict in roles/network/templates/squid/squid.sysconfig
  Auto-merging roles/network/templates/named/named.j2
  CONFLICT (add/add): Merge conflict in roles/network/templates/named/named.j2
  Auto-merging roles/network/templates/named/named
  CONFLICT (add/add): Merge conflict in roles/network/templates/named/named
  Auto-merging roles/network/templates/dhcp/dhcpd-env.j2
  CONFLICT (add/add): Merge conflict in roles/network/templates/dhcp/dhcpd-env.j2
  Auto-merging roles/network/tasks/squid.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/squid.yml
  Auto-merging roles/network/tasks/rpi_debian.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/rpi_debian.yml
  Auto-merging roles/network/tasks/restart.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/restart.yml
  Auto-merging roles/network/tasks/named.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/named.yml
  Auto-merging roles/network/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/main.yml
  Auto-merging roles/network/tasks/ifcfg_mods.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/ifcfg_mods.yml
  Auto-merging roles/network/tasks/enable_services.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/enable_services.yml
  Auto-merging roles/network/tasks/dhcpd.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/dhcpd.yml
  Auto-merging roles/network/tasks/debian.yml
  CONFLICT (add/add): Merge conflict in roles/network/tasks/debian.yml
  Auto-merging roles/mysql/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/mysql/tasks/main.yml
  Auto-merging roles/moodle/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/moodle/tasks/main.yml
  Auto-merging roles/moodle-1.9/moodle/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/moodle-1.9/moodle/tasks/main.yml
  Auto-merging roles/monit/templates/postgresql
  CONFLICT (add/add): Merge conflict in roles/monit/templates/postgresql
  Auto-merging roles/monit/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/monit/tasks/main.yml
  Auto-merging roles/mongodb/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/mongodb/tasks/main.yml
  Auto-merging roles/kiwix/templates/iiab-make-kiwix-lib.py
  CONFLICT (add/add): Merge conflict in roles/kiwix/templates/iiab-make-kiwix-lib.py
  Auto-merging roles/kiwix/templates/iiab-make-apache-config.py
  CONFLICT (add/add): Merge conflict in roles/kiwix/templates/iiab-make-apache-config.py
  Auto-merging roles/kiwix/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/kiwix/tasks/main.yml
  Auto-merging roles/kiwix/tasks/kiwix_install.yml
  CONFLICT (add/add): Merge conflict in roles/kiwix/tasks/kiwix_install.yml
  Auto-merging roles/kalite/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/kalite/tasks/main.yml
  Auto-merging roles/kalite/tasks/install.yml
  CONFLICT (add/add): Merge conflict in roles/kalite/tasks/install.yml
  Auto-merging roles/kalite/tasks/install-f18.yml
  CONFLICT (add/add): Merge conflict in roles/kalite/tasks/install-f18.yml
  Auto-merging roles/httpd/templates/php.ini.j2
  CONFLICT (add/add): Merge conflict in roles/httpd/templates/php.ini.j2
  Auto-merging roles/httpd/tasks/html.yml
  CONFLICT (add/add): Merge conflict in roles/httpd/tasks/html.yml
  Auto-merging roles/gateway/README.rst
  CONFLICT (add/add): Merge conflict in roles/gateway/README.rst
  Auto-merging roles/elgg/templates/settings.php.j2
  CONFLICT (add/add): Merge conflict in roles/elgg/templates/settings.php.j2
  Auto-merging roles/elgg/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/elgg/tasks/main.yml
  Auto-merging roles/elgg/defaults/main.yml
  CONFLICT (add/add): Merge conflict in roles/elgg/defaults/main.yml
  Auto-merging roles/dokuwiki/tasks/install.yml
  CONFLICT (add/add): Merge conflict in roles/dokuwiki/tasks/install.yml
  Auto-merging roles/debian_schooltool/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/debian_schooltool/tasks/main.yml
  Auto-merging roles/cups/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/cups/tasks/main.yml
  Auto-merging roles/calibre/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/calibre/tasks/main.yml
  Auto-merging roles/awstats/tasks/install.yml
  CONFLICT (add/add): Merge conflict in roles/awstats/tasks/install.yml
  Auto-merging roles/authserver/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/authserver/tasks/main.yml
  Auto-merging roles/ajenti/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/ajenti/tasks/main.yml
  Auto-merging roles/ajenti/tasks/ajenti-wondershaper.yml
  CONFLICT (add/add): Merge conflict in roles/ajenti/tasks/ajenti-wondershaper.yml
  Auto-merging roles/4-server-options/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/4-server-options/tasks/main.yml
  Auto-merging roles/3-base-server/templates/profile_ssh_warn.sh
  CONFLICT (add/add): Merge conflict in roles/3-base-server/templates/profile_ssh_warn.sh
  Auto-merging roles/2-common/tasks/yum.yml
  CONFLICT (add/add): Merge conflict in roles/2-common/tasks/yum.yml
  Auto-merging roles/2-common/tasks/xo.yml
  CONFLICT (add/add): Merge conflict in roles/2-common/tasks/xo.yml
  Auto-merging roles/2-common/tasks/packages.yml
  CONFLICT (add/add): Merge conflict in roles/2-common/tasks/packages.yml
  Auto-merging roles/2-common/tasks/iiab_ini.yml
  CONFLICT (add/add): Merge conflict in roles/2-common/tasks/iiab_ini.yml
  Auto-merging roles/1-prep/templates/iiab.env.j2
  CONFLICT (add/add): Merge conflict in roles/1-prep/templates/iiab.env.j2
  Auto-merging roles/1-prep/tasks/prep.yml
  CONFLICT (add/add): Merge conflict in roles/1-prep/tasks/prep.yml
  Auto-merging roles/1-prep/tasks/main.yml
  CONFLICT (add/add): Merge conflict in roles/1-prep/tasks/main.yml
  Auto-merging roles/1-prep/tasks/iiab_ini.yml
  CONFLICT (add/add): Merge conflict in roles/1-prep/tasks/iiab_ini.yml
  Auto-merging roles/1-prep/tasks/detected_network.yml
  CONFLICT (add/add): Merge conflict in roles/1-prep/tasks/detected_network.yml
  Auto-merging roles/1-prep/tasks/computed_vars.yml
  CONFLICT (add/add): Merge conflict in roles/1-prep/tasks/computed_vars.yml
  Auto-merging roles/1-prep/defaults/main.yml
  CONFLICT (add/add): Merge conflict in roles/1-prep/defaults/main.yml
  Auto-merging iiab.yml
  CONFLICT (add/add): Merge conflict in iiab.yml
  Auto-merging iiab-network.yml
  CONFLICT (add/add): Merge conflict in iiab-network.yml
  Auto-merging iiab-from-console.yml
  CONFLICT (add/add): Merge conflict in iiab-from-console.yml
  Auto-merging iiab-base.yml
  CONFLICT (add/add): Merge conflict in iiab-base.yml
  Auto-merging ansible.cfg
  CONFLICT (add/add): Merge conflict in ansible.cfg
  Automatic merge failed; fix conflicts and then commit the result

This routine has been hidden in developer land for too long and should be available for use freely by the enduser and be fully supported. Think anby needs docs on how to use runtags.

To go with that speed up theme how about some comments on this idea with individual commits and the same outcome but squashed commits.

apache_user is defined twice in some of the vars/OS.yml files.

fix in PR #81

I happened to use the June 13th nightly build of kiwix-server, but any version from the past week should likely works, given kiwix/kiwix-tools#38 was checked in back then.

Ok here's what worked for me on DR & Haiti machines: (If @tim-moody has time, hopefully he can turn this pseudocode into a real PR? Or possibly @georgejhunt if Tim's swamped with Lebanon/Debian issues?)

cd /opt/iiab/kiwix
mv bin bin.old
mkdir bin
wget http://download.kiwix.org/nightly/2017-06-13/kiwix-tools_armhf_2017-06-13.tar.gz
tar xvfz kiwix-tools_armhf_2017-06-13.tar.gz

cd /etc/systemd/system
cp -p kiwix-serve.service kiwix-serve.service.old
emacs kiwix-serve.service   //add "--nolibrarybutton" as a parameter to "kiwix-server" on line 7
systemctl daemon-reload
systemctl restart kiwix-serve    //or do http://box/admin -> Install Content -> Restart Kiwix Server ...or do "iiab-make-kiwix-lib" ?

PS don't forget to clear your browser cache to test any ZIM off of http://box:3000, looking carefully at the 2 buttons (no longer 3!) at the top of the page.

ansible run succeeded.
on login was presented with untrusted domain error
edited /opt/nextcloud/config/config.php:
'trusted_domains' =>
array (
0 => 'localhost',
1 => '192.168.0.11'
),
now can login
but Admin/changeme not accepted

From: http://iiab.io/t/iiab-sugardm-installation-former-topic-title-iiab-6-2-on-debian-9-installation-who-can-help/71

2017-06-13 21:47:51,201 p=2111 u=root | fatal: [127.0.0.1]: FAILED! => {"changed": false, "cmd": "cat /proc/net/wireless | grep -v -e Inter -e face | gawk -F: '{print $1}'", "delta": "0:00:00.013347", "end": "2017-06-13 21:47:51.138643", "failed": true, "rc": 127, "start": "2017-06-13 21:47:51.125296", "stderr": "/bin/sh: 1: gawk: not found", "stdout": "", "stdout_lines": [], "warnings": []}
2017-06-13 21:47:51,202 p=2111 u=root | ...ignoring
2017-06-13 21:47:51,301 p=2111 u=root | TASK [1-prep : Set the discovered wireless, if found]

While gawk is being installed later in packages.yml that is too late for this detection to work.

in config vars
gui_static_wan_gateway: "10.100.0.1"
gui_desired_network_role: "Appliance"
gui_static_wan_ip: "10.100.0.170"
gui_static_wan_nameserver: "10.100.0.1"
gui_static_wan_netmask: "255.255.255.0"

resultant address: 10.100.0.96

@georgejhunt I could use your help solving the following error reported by @floydianslips (and previously by @jvonau as well).

TASK [httpd : generate the offline documents] **********************************
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["/usr/bin/iiab-refresh-wiki-docs"], "delta": "0:00:11.714198", "end": "2017-08-26 21:15:55.101332", "failed": true, "rc": 128, "start": "2017-08-26 21:15:43.387134", "stderr": "+ set -e\n+ source /etc/iiab/iiab.env\n++ XSCE_BASE_PATH=/opt/iiab\n++ XSCE_DIR=/opt/iiab/iiab\n++ OS=raspbian\n++ OS_VER=raspbian-9\n++ WWWROOT=/library/www/html\n+ REPONAME=iiab\n+ REPO=https://github.com/iiab\n+ WIKI=iiab-wiki\n+ TARGET_URL=/info\n+ WWWROOT=/library/www/html\n+ INPUT=/tmp/iiab-wiki\n+ OUTPUT=/tmp/iiab-wiki.out\n++ dirname /usr/bin/iiab-refresh-wiki-docs\n+ SCRIPTDIR=/usr/bin\n+ pushd /usr/bin\n+ rm -rf /tmp/iiab-wiki\n+ rm -rf /tmp/iiab-wiki.out\n+ mkdir -p /tmp/iiab-wiki\n+ mkdir -p /tmp/iiab-wiki.out\n+ mkdir -p /library/www/html/info/html\n+ git clone https://github.com/iiab/iiab.wiki.git /tmp/iiab-wiki\nCloning into '/tmp/iiab-wiki'...", "stdout": "/usr/bin /opt/iiab/iiab", "stdout_lines": ["/usr/bin /opt/iiab/iiab"], "warnings": []}

PS junking all offline docs (http://box/info) is interim workaround. As Jerry explained to Josh: insert "nodocs: True" into /opt/iiab/iiab/vars/local_vars.yml is the temporary workaround so that ./runansible completes on Raspbian Stretch.

Where does "tune2fs -m 1 /dev/mmcblk0p2" belong in our RPi scripts, so as to ensure all IIAB RPi installs start out with this new default, long before any minimize scripts are run? (For many reasons, min-sd is often not run at all!)

This tune2fs command can easily be added to http://download.iiab.io/6.4/rpi/load.txt and similar scripts if necessary, but a more general/upstream solution would be better!

Context: users of MicroSD cards inside Raspberry Pi-like computers in developing countries cannot afford to throw away 5% of their "disk" space, particularly when this means Gigabytes never used, and worse when this 5% offers a false sense of security to large numbers of people that have no Linux skills to deal with the situation when they do hit 5%.

So we are changing from ~5% to 1% reserve space on RPi for now, using "tune2fs -m 1 /dev/mmcblk02" to try this new default. A bit more backstory here: http://lists.laptop.org/pipermail/server-devel/2017-August/008193.html

This does not answer the underlying question of how to semi-automagically purge SD cards' stale ("LRU") Content Packs (and bloated log files if nec, etc) which is a UX-driven challenge we urgently need to face as we approach 2018+onwards !

I ran across this error while testing ansible 2.3.1 with no internet cable present, should be reproducible with ./runtags prep or a run of ansible under the console, addressed in PR #131 Possibly related upstream issue, and the fix in 2.3.1

TASK [1-prep : Find active gateway config based on macaddress] ****************************************
skipping: [127.0.0.1]

TASK [1-prep : Set has ifcfg gw based on on macaddress if found] **************************************
fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'dict object' has no attribute 'stdout'\n\nThe error appears to have been in '/opt/schoolserver/iiab/roles/1-prep/tasks/detected_network.yml': line 102, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Set has ifcfg gw based on on macaddress if found\n ^ here\n"}
to retry, use: --limit @/opt/schoolserver/iiab/iiab.retry

Can somebody else pull the internet plug and test as above to confirm or dismiss this issue.
On a positive note the playbooks that have *_install: True from http://download.iiab.io/6.3/rpi/local_vars.yml worked correctly, as in no ansible failures while offline. Functional testing not preformed, but proper service de/activation passed for the *_enabled part of the playbook.

/usr/bin/xs-handle
/usr/bin/xs-gen-iptables

@jvonau asks if a "schoolserver" reference that he spotted in Elgg's sql dump/log might be causing this?

Full Details in PR #179 (upgrade elgg from 1.12.12 to 1.12.16) and issue #145 (sudden loss of power locks elgg/mysql).

TASK [network : reset the eth0 interface] **************************************
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["ifdown", "etho"], "delta": "0:00:00.012559", "end": "2017-08-26 19:32:19.178094", "failed": true, "rc": 1, "start": "2017-08-26 19:32:19.165535", "stderr": "ifdown: unknown interface etho", "stdout": "", "stdout_lines": [], "warnings": []}
...ignoring

TASK [network : restart the networking service] ********************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to restart service networking: Job for networking.service failed because the control process exited with error code.\nSee "systemctl status networking.service" and "journalctl -xe" for details.\n"}
to retry, use: --limit @/opt/iiab/iiab/iiab.retry

N.B. cmd": ["ifdown", "etho"], unlikely was ever smoke tested.

The variable local_tz can be blank if TZ has not been exported to the environment first.

if the kiwix install fails after library.xml has been copied it will not be attempted again

Andreas Gros
Jun 18
The next issue I'm running into is that the downgrade of setuptools doesn't work.
Once the uninstallation is done, pip throws an error that pkg_resources isn't present anymore:
File "/bin/pip", line 5, in
from pkg_resources import load_entry_point

ImportError: No module named pkg_resources

https://github.com/iiab/iiab/blob/master/roles/kalite/tasks/install.yml
https://github.com/XSCE/xsce/blob/release-6.2/roles/kalite/tasks/install.yml

The use of ansible_lsb can cause a failure on CentOS or Fedora if the redhat-lsb-core rpm is not installed(1). This optional rpm(2) is not generally installed by default(3) on server class installs but can be drawn into the mix by other packages that still list it as a dependency(4). Now with the move to systemd replacing initscripts this is more of a backwards compatibility package like net-tools providing the legacy ifconfig command which has been replaced with the newer ip addr usage. If one wishes to ensure this ansible module is available adding this rpm as an ansible dependency to scripts/ansible makes sense unless one's goal is to be a x11 free install.

1. v1v/ansible-role-chef-client#5
2. http://mirror.centos.org/centos/7/os/x86_64/repodata/d918936f5019be3fb66e9981a28cb2a41477a2963d741d454f79377a22214f43-c7-x86_64-comps.xml
3. https://serverfault.com/questions/821874/how-to-install-a-minimal-version-of-lsb-release-on-centos
4. https://blogs.wcode.org/2015/01/fake-lpr-or-how-to-install-redhat-lsb-core-without-cups-and-x11/

on #20 on rpi3 with raspbian lite

root@raspberrypi:/opt/iiab/iiab# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:28:e9:da brd ff:ff:ff:ff:ff:ff
inet 192.168.0.58/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether b8:27:eb:7d:bc:8f brd ff:ff:ff:ff:ff:ff

For the future consider using a http://download.iiab.io/6.3/x86/load.txt file. Including logic for os detection(/etc/*release) and automatically install as needed per distro, based on http://download.iiab.io/6.2/x86/, results with a unified starting point for all distros.

@georgejhunt you likely understand this better than anybody :) but here's documenting it better for all:

(1) "systemctl enable openvpn@xscenet" also doesn't work, but (the 1st time) responds with: "Created symlink from /etc/systemd/system/multi-user.target.wants/[email protected] to /lib/systemd/system/[email protected]."

Setting "openvpn_install: True" and "openvpn_enabled: True" within local_vars.yml then running "./runtags openvpn" doesn't work either.

(/etc/init.d/openvpn might possibly have flaws however, as enabling openvpn within local_vars.yml does not work ?)

(2) CLI commands "iiab-remote-on" and "iiab-remote-off" should be implemented as aliases or scripts so that telephone remote support to developing countries (etc!) is not excruciating:

systemctl enable openvpn@xscenet; systemctl start openvpn@xscenet

systemctl disable openvpn@xscenet; systemctl stop openvpn@xscenet

http://box/info does not show our great offline documentation on new installs.

That is until I manually run "cd /opt/schoolserver/iiab/scripts; ./refresh-wiki-docs.sh"

How should we enforce [programmatically, even if just socially for now?] that this is run during all installs?

PS box/info IT/Support docs originated in IIAB/XSCE 6.2. This issue is slightly exacerbated by Issue #8 (box and box.lan don't appear on many fresh installations, per #8) but really that is separate!

2017-06-28 11:59:30,491 p=831 u=root | skipping: [127.0.0.1]
2017-06-28 11:59:30,784 p=831 u=root | TASK [httpd : place the script to generate home pages] *************************
2017-06-28 11:59:35,202 p=831 u=root | changed: [127.0.0.1]
2017-06-28 11:59:35,484 p=831 u=root | TASK [httpd : generate the offline documents] **********************************
2017-06-28 11:59:55,036 p=831 u=root | fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["/usr/bin/iiab-refresh-wiki-docs"], "delta": "0:00:16.285471", "end": "2017-06-28 11:59:53.883553", "failed": true, "rc": 132, "start": "2017-06-28 11:59:37.598082", "stderr": "+ set -e\n+ source /etc/iiab/iiab.env\n++ XSCE_BASE_PATH=/opt/iiab\n++ XSCE_DIR=/opt/iiab/iiab\n++ OS=OLPC\n++ WWWROOT=/library/www/html\n+ REPONAME=iiab\n+ REPO=https://github.com/iiab\n+ WIKI=iiab-wiki\n+ TARGET_URL=/info\n+ WWWROOT=/library/www/html\n+ INPUT=/tmp/iiab-wiki\n+ OUTPUT=/tmp/iiab-wiki.out\n++ dirname /usr/bin/iiab-refresh-wiki-docs\n+ SCRIPTDIR=/usr/bin\n+ pushd /usr/bin\n+ rm -rf /tmp/iiab-wiki\n+ rm -rf /tmp/iiab-wiki.out\n+ mkdir -p /tmp/iiab-wiki\n+ mkdir -p /tmp/iiab-wiki.out\n+ mkdir -p /library/www/html/info/html\n+ git clone https://github.com/iiab/iiab.wiki.git /tmp/iiab-wiki\nCloning into '/tmp/iiab-wiki'...\n++ ls /tmp/iiab-wiki\n+ for f in 'ls /tmp/${WIKI}'\n+ FTRIMMED=Home\n+ '[' Home = Home ']'\n+ FTRIMMED=index\n+ pandoc -s /tmp/iiab-wiki/Home.md -o /tmp/iiab-wiki.out/index.html\n+ sed -i -r '/.#./ s|https://github.com/iiab/iiab/wiki/(.*)(#.*)\">|./\\1.html\\2\">|' /tmp/iiab-wiki.out/index.html\n+ sed -i -r '/.#./! s|https://github.com/iiab/iiab/wiki/(.*)\">|./\\1.html\">|' /tmp/iiab-wiki.out/index.html\n+ sed -i -e 's|http://schoolserver.org/faq|/info/html/FAQ.html|' /tmp/iiab-wiki.out/index.html\n+ sed -i -e 's|http://wiki.laptop.org/go/IIAB/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/index.html\n+ sed -i -e 's|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/index.html\n+ sed -i -e 's|http://FAQ.IIAB.IO|/info/html/FAQ.html|' /tmp/iiab-wiki.out/index.html\n+ sed -i -e 's|http://faq.iiab.io|/info/html/FAQ.html|' /tmp/iiab-wiki.out/index.html\n+ sed -i -e 's|https://github.com/xsce/xsce/blob/release-6.2/\\(.*\\)\\.md\">|./\\1.html\">|' /tmp/iiab-wiki.out/index.html\n+ sed -i -e 's|https://github.com/xsce/xsce/wiki/\\(.*\\)\">|./\\1.html\">|' /tmp/iiab-wiki.out/index.html\n+ for f in 'ls /tmp/${WIKI}'\n+ FTRIMMED=IIAB-6.3-Release-Notes\n+ '[' IIAB-6.3-Release-Notes = Home ']'\n+ pandoc -s /tmp/iiab-wiki/IIAB-6.3-Release-Notes.md -o /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -r '/.#./ s|https://github.com/iiab/iiab/wiki/(.*)(#.*)\">|./\\1.html\\2\">|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -r '/.#./! s|https://github.com/iiab/iiab/wiki/(.*)\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -e 's|http://schoolserver.org/faq|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -e 's|http://wiki.laptop.org/go/IIAB/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -e 's|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -e 's|http://FAQ.IIAB.IO|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -e 's|http://faq.iiab.io|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -e 's|https://github.com/xsce/xsce/blob/release-6.2/\\(.*\\)\\.md\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ sed -i -e 's|https://github.com/xsce/xsce/wiki/\\(.*\\)\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-6.3-Release-Notes.html\n+ for f in 'ls /tmp/${WIKI}'\n+ FTRIMMED=IIAB-Architecture\n+ '[' IIAB-Architecture = Home ']'\n+ pandoc -s /tmp/iiab-wiki/IIAB-Architecture.md -o /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -r '/.#./ s|https://github.com/iiab/iiab/wiki/(.*)(#.*)\">|./\\1.html\\2\">|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -r '/.#./! s|https://github.com/iiab/iiab/wiki/(.*)\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -e 's|http://schoolserver.org/faq|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -e 's|http://wiki.laptop.org/go/IIAB/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -e 's|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -e 's|http://FAQ.IIAB.IO|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -e 's|http://faq.iiab.io|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -e 's|https://github.com/xsce/xsce/blob/release-6.2/\\(.*\\)\\.md\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ sed -i -e 's|https://github.com/xsce/xsce/wiki/\\(.*\\)\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Architecture.html\n+ for f in 'ls /tmp/${WIKI}'\n+ FTRIMMED=IIAB-Installation\n+ '[' IIAB-Installation = Home ']'\n+ pandoc -s /tmp/iiab-wiki/IIAB-Installation.md -o /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -r '/.#./ s|https://github.com/iiab/iiab/wiki/(.*)(#.*)\">|./\\1.html\\2\">|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -r '/.#./! s|https://github.com/iiab/iiab/wiki/(.*)\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -e 's|http://schoolserver.org/faq|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -e 's|http://wiki.laptop.org/go/IIAB/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -e 's|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -e 's|http://FAQ.IIAB.IO|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -e 's|http://faq.iiab.io|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -e 's|https://github.com/xsce/xsce/blob/release-6.2/\\(.*\\)\\.md\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ sed -i -e 's|https://github.com/xsce/xsce/wiki/\\(.*\\)\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Installation.html\n+ for f in 'ls /tmp/${WIKI}'\n+ FTRIMMED=IIAB-Menuing\n+ '[' IIAB-Menuing = Home ']'\n+ pandoc -s /tmp/iiab-wiki/IIAB-Menuing.md -o /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -r '/.#./ s|https://github.com/iiab/iiab/wiki/(.*)(#.*)\">|./\\1.html\\2\">|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -r '/.#./! s|https://github.com/iiab/iiab/wiki/(.*)\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -e 's|http://schoolserver.org/faq|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -e 's|http://wiki.laptop.org/go/IIAB/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -e 's|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -e 's|http://FAQ.IIAB.IO|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -e 's|http://faq.iiab.io|/info/html/FAQ.html|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -e 's|https://github.com/xsce/xsce/blob/release-6.2/\\(.*\\)\\.md\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ sed -i -e 's|https://github.com/xsce/xsce/wiki/\\(.*\\)\">|./\\1.html\">|' /tmp/iiab-wiki.out/IIAB-Menuing.html\n+ for f in 'ls /tmp/${WIKI}'\n+ FTRIMMED=IIAB-Networking\n+ '[' IIAB-Networking = Home ']'\n+ pandoc -s /tmp/iiab-wiki/IIAB-Networking.md -o /tmp/iiab-wiki.out/IIAB-Networking.html\n/usr/bin/iiab-refresh-wiki-docs: line 26: 4946 Illegal instruction pandoc -s /tmp/${WIKI}/$f -o $OUTPUT/$FTRIMMED.html", "stdout": "/usr/bin /opt/iiab/iiab", "stdout_lines": ["/usr/bin /opt/iiab/iiab"], "warnings": []}
2017-06-28 11:59:55,063 p=831 u=root | to retry, use: --limit @/opt/iiab/iiab/iiab.retry

2017-06-28 11:59:55,091 p=831 u=root | PLAY RECAP *********************************************************************
2017-06-28 11:59:55,107 p=831 u=root | 127.0.0.1 : ok=122 changed=36 unreachable=0 failed=1

Note: origin = iiab
Here is how I rebase:
Always do this first
git checkout <target_branch>
git checkout master

Always do this first
git pull origin <target_branch>
git pull origin master

git checkout <PR_branch>
git checkout php

git rebase <target_branch>
git rebase master

If you get rebase conflicts you did that to yourself fix them now.

git push --force <PR_branch>
git push --force jvonau php
I use --force here to suppress the need to do a git pull <your github> <PR_branch> first, as that removes the weird merging <PR_branch> <PR_branch> commit message, looks cleaner in the git history.

To keep WIP PR's current ,they could be rebased from time to time after any commits to the <target_branch> occurs.

Hope this helps.

So for "fun" I installed ansible 2.3 via pip and removed the ansible.cfg override revealing:

[WARNING]: when statements should not include jinja2 templating delimiters
such as {{ }} or {% %}. Found: not {{ use_cache }} and not {{ no_network }}

That means that all boolean variables should never be enclosed with {{ }}

should this have is_debian_9: True?

Can we please delete dokuwiki-2014-09-29 ?

Two (apparently identical) copies of the dokuwiki file tree within /library are plainly excessive~ no other package requires this!

PS Modifying https://github.com/iiab/iiab/blob/master/roles/dokuwiki/tasks/install.yml is likely the way to make this happen.

Context: @jvonau helped fix "python_path" in e426b10 but that wasn't quite enough, as ./runansible (on a clean IIAB 6.4 master, on Raspbian Lite) fails as follows:

TASK [osm : Copy the files] ****************************************************
fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "'osm_path' is undefined"}
to retry, use: --limit @/opt/iiab/iiab/iiab.retry

PLAY RECAP *********************************************************************
127.0.0.1 : ok=281 changed=187 unreachable=0 failed=1

The doing it from scratch routine does not allow end-user to edit local_vars prior to the install. The end-user has no way to override what is pre-selected to be installed. The common place to catch this would be in runansible, patch attached. The curl scripts would bypass this check as the local_vars files are present, but really should offer the user a chance to edit before install like curl-me has the ability to.
pause.txt

Other question is why are these curl scripts not under git version control somewhere? You can run them direct from github see my iiab repo for an example. Should you wish to retain a shorter url for the user to enter apache redirects are your friend, but I don't see why with copy and pasting the string is so easy.

Does anyone know if this same incomplete installation occurs on Debian 9?

In any case, I've confirmed this across 2 different installations of http://download.iiab.io/6.4/rpi/load-vpn.txt on Raspbian Stretch Lite from 2017-08-16.

Here is what appears in browser when visiting http://box/nextcloud or http://192.168.0.x/nextcloud :

PHP module zip not installed.
Please ask your server administrator to install the module.

PHP module mb multibyte not installed.
Please ask your server administrator to install the module.

PHP modules have been installed, but they are still listed as missing?
Please ask your server administrator to restart the web server.

(1) These are Missing, even if URL's are capitalized as XCSE/xsce :

https://github.com/xsce/xsce/wiki/IIAB-6.2-Release-Notes
https://github.com/xsce/xsce/blob/release-6.2/ReleaseNotes6.1.md
https://github.com/xsce/xsce/blob/release-6.2/ReleaseNotes6.0.md

(2) http://box/info contains quite a lot of #anchor links like the following:
http://box/info/IIAB-Platforms#disk-partitioning.html

The correct (working) link should be:
http://box/info/IIAB-Platforms.html#disk-partitioning

(3) The new /usr/bin/iiab-refresh-docs (xs-refresh-wiki-docs for now, runs during online installs.o) should probably soon replace all references such as...

http://FAQ.IIAB.IO
http://schoolserver.org/FAQ
http://wiki.laptop.org/go/IIAB/FAQ
http://wiki.laptop.org/go/XS_Community_Edition/FAQ
With the following instead...
http://box/info/html/FAQ

These other 2 files aren't referenced nearly as much yet?
http://box/info/html/Security
http://box/info/html/local_vars.yml

Anchor tags (deep links) to content within the FAQ should begin to work automagically!

3. Can/should we changed these to iiab-* ?

   xs-check-activities xs-httpcache xs-regenerate-activities
   xs-gen-iptables xs-network-reset xs-vpn
   xs-handle xs-refresh-wiki-docs

PS Builds off 2 work in recent days beefing up http://box/info: #9 #31

http://box does not show up until forced thru local_vars.html or similar. Hence all documentations's is flawed, as all our documentation assumes newbies instantly have access to http://box/admin (etc).

So let's make sure "box" and "box.lan" work truly instantly, no matter what (on Raspbian especially :)

Currently medical clinics/practitioners cannot power off during the 1st few min after booting, as the following button fails:

http://box/iiab-menu/menu-files/services/power_off.php

Is there a workaround?

/etc/apache2/sites-available/nextcloud.conf has

Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168.0.0/255.255.255.0

to which must be added 10.8.0.0/255.255.255.0 (or we could ease the restriction)

(nextcloud config.php has '*' so it is already wide open)

Regardless of IIAB's host name (schoolserver.lan is deprecated in favor of box.lan, and can also be further customized beyond that) — and regardless of whether user is coming from the LAN or WAN of IIAB server — Moodle incorrectly redirects to http://schoolserver.lan/moodle in all conditions.

Crude Interim Fix:
Moodle could be hard-coded to redirect to http://box.lan/moodle/*

Improved Interim Fix:
Moodle could be hard-coded to redirect to http://172.18.96.1/moodle/*

Better Interim Fix:
Moodle could be redirected to http://<actual-server-host-name.lan>/moodle/*

Real Fix:
Moodle really should retain http://ip-address-OR-server-name-SPECIFIED-BY-THE-USER/moodle/* in all conditions, for WAN (campus) users as well as LAN (local hotspot) users.

2017-06-29 16:08:44,022 p=16960 u=root | ok: [127.0.0.1]
2017-06-29 16:08:44,052 p=16960 u=root | TASK [network : Grab clean copy of iiab-gen-iptables] **************************
2017-06-29 16:08:44,482 p=16960 u=root | ok: [127.0.0.1] => (item={0: u'gateway/iiab-gen-iptables', 1: u'/usr/bin/iiab-gen-iptables'})
2017-06-29 16:08:44,865 p=16960 u=root | ok: [127.0.0.1] => (item={0: u'gateway/check-LAN', 1: u'/usr/bin/check-LAN'})
2017-06-29 16:08:44,890 p=16960 u=root | TASK [network : Create link so that old invocation will work] ******************
2017-06-29 16:08:45,111 p=16960 u=root | fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "gid": 0, "group": "root", "mode": "0755", "msg": "refusing to convert between file and link for /usr/bin/xs-gen-iptables", "owner": "root", "path": "/usr/bin/xs-gen-iptables", "size": 3406, "state": "file", "uid": 0}
2017-06-29 16:08:45,114 p=16960 u=root | to retry, use: --limit @/opt/iiab/iiab/iiab-network.retry

remove the file before creating the symlink

Here is a typical popup on Ubuntu, when inserting a USB stick:

Unable to mount 32 GB Volume
Device /dev/sdb1 is already mounted at `/media/usb0'.

But the same occurs on other OS's, e.g. Raspbian Pixel and presumably all others?

Note: the USB stick is mounted successfully, and the content appears successfully off of http://box/usb (this is only a question of reducing the confusing clutter that we're currently placing in front of teachers -- would be tremendous to make this useless/erroneous popup go away, if not now, then in future!)

detection uses
"ansible_cmdline": {
"dwc_otg.lpm_enable": "0",
"console": "tty1",
"root": "PARTUUID=e00409af-02",
"bcm2708_fb.fbwidth": "656",
"rootwait": true,
"vc_mem.mem_size": "0x3f000000",
"8250.nr_uarts": "0",
"fsck.repair": "yes",
"elevator": "deadline",
"bcm2708_fb.fbheight": "416",
"vc_mem.mem_base": "0x3ea00000",
"bcm2708_fb.fbdepth": "16",
"rootfstype": "ext4",
"bcm2708_fb.fbswap": "1"
},

when: ansible_cmdline["bcm2709.serial"] is defined

but this may not be true for some rpi 3

Good News:
Raspbian(*) successfully warns that pi/raspberry is a published password, that needs to be changed, whenever you login on an attached LCD/console or over ssh.

Bad News:
Raspbian(*) no longer warns the operator that iiab-admin/g0adm1n (formerly xsce-admin/g0adm1n) is likewise a published password, that likewise needs to be changed.

(*) FYI this was on a clean install of IIAB 6.3 master, on the new Raspbian Lite (from June 21) earlier this afternoon. Pixel very likely has the same issue, and I can assist with testing on other OS's too as nec!

CONTEXT: serious/increasing security threats exist both offline as well as online. There is a legit argument to be made that offline security threats are in fact possibly more pervasive, due to the diversity of infected laptops, USB sticks, phones (etc) that are so difficult to update in the field.

Thanks everyone for helping me document security best practices @ http://wiki.laptop.org/go/IIAB/Security !

Fixed by doing:
sudo rm /etc/ssh/ssh_host*
sudo dpkg-reconfigure openssh-server

Not sure this is just my image. Or we might need to put it temporarily in playbook

Example:

Haitians and others need 2 (or 3) KA Lite languages on IIAB 6.3, with videos/lessons direct-linked from http://box

They do this on ports 8006 for French and 8008 for English, as explained at the bottom of FAQ #22:
http://wiki.laptop.org/go/IIAB/FAQ#KA_Lite_Administration:_What_tips_.26_tricks_exist.3F

But they need precise instructions how to maintain this, so they can ./runansible on occasion, remaining full+active members of the IIAB community, so these ports are encoded into iiab-gen-iptables in an agreed-upon / recoverable way.

Trying to install IIAB following the build from the scratch instructions. The machine is pristine Ubuntu LTS, however the install fails while running the ansible section with the following error.

Error

Running local playbooks!

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [127.0.0.1]

TASK [1-prep : Set flag for fedora 18] *****************************************
skipping: [127.0.0.1]

TASK [1-prep : abort if the OS is not supported] *******************************
ok: [127.0.0.1] => {
"failed": false,
"failed_when_result": false,
"msg": "ubuntu Operating System is not supported"
}

on laptop with debian using http://download.iiab.io/6.3/rpi/load.txt

TASK [kiwix : Set kiwix source file name x86_64] *******************************
ok: [127.0.0.1]

TASK [kiwix : Set kiwix source file name armv7l] *******************************
skipping: [127.0.0.1]

TASK [kiwix : Get the kiwix software] ******************************************
changed: [127.0.0.1]

TASK [kiwix : Create various directories for zims] *****************************
ok: [127.0.0.1] => (item=/library/zims)
ok: [127.0.0.1] => (item=/library/zims/content)
ok: [127.0.0.1] => (item=/library/zims/index)

TASK [kiwix : Copy kiwix library file if needed] *******************************
ok: [127.0.0.1] => (item=library.xml)

TASK [kiwix : Set kiwix first pass] ********************************************
skipping: [127.0.0.1]

TASK [kiwix : debug] ***********************************************************
ok: [127.0.0.1] => {
"kiwix_first_pass_test": {
"changed": false,
"msg": "All items completed",
"results": [
{
"_ansible_item_result": true,
"_ansible_no_log": false,
"_ansible_parsed": true,
"changed": false,
"diff": {
"after": {
"path": "/library/zims/library.xml"
},
"before": {
"path": "/library/zims/library.xml"
}
},
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"backup": null,
"content": null,
"delimiter": null,
"dest": "/library/zims/library.xml",
"diff_peek": null,
"directory_mode": null,
"follow": true,
"force": false,
"group": "root",
"mode": "0644",
"original_basename": "library.xml",
"owner": "root",
"path": "/library/zims/library.xml",
"recurse": false,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": null,
"unsafe_writes": null,
"validate": null
}
},
"item": "library.xml",
"mode": "0644",
"owner": "root",
"path": "/library/zims/library.xml",
"size": 70260,
"state": "file",
"uid": 0
}
]
}
}

TASK [kiwix : debug] ***********************************************************
ok: [127.0.0.1] => {
"kiwix_first_pass": false
}

TASK [kiwix : Copy test.zim file] **********************************************
skipping: [127.0.0.1]

TASK [kiwix : Unarchive it to permanent location - not bin_only] ***************
skipping: [127.0.0.1]

TASK [kiwix : Create directory for kiwix bin] **********************************
changed: [127.0.0.1]

TASK [kiwix : enable the mods which permit apache to proxy] ********************
ok: [127.0.0.1] => (item=proxy)
ok: [127.0.0.1] => (item=proxy_html)
ok: [127.0.0.1] => (item=rewrite)

TASK [kiwix : Unarchive it to permanent location - bin only] *******************
skipping: [127.0.0.1]

TASK [kiwix : Set kiwix ownership] *********************************************
changed: [127.0.0.1]
[WARNING]: Consider using file module with owner rather than running chown

TASK [kiwix : Make an entry in crontab to restart every hour] ******************
ok: [127.0.0.1]

TASK [kiwix : Make an entry in crontab to restart every hour] ******************
skipping: [127.0.0.1]

TASK [kiwix : Create kiwix-serve service] **************************************
ok: [127.0.0.1] => (item={u'dest': u'/etc/systemd/system/kiwix-serve.service', u'src': u'kiwix-serve.service.j2', u'mode': u'0655'})
ok: [127.0.0.1] => (item={u'dest': u'/usr/bin/iiab-make-kiwix-lib', u'src': u'iiab-make-kiwix-lib', u'mode': u'0755'})
ok: [127.0.0.1] => (item={u'dest': u'/usr/bin/iiab-make-kiwix-lib.py', u'src': u'iiab-make-kiwix-lib.py', u'mode': u'0755'})
ok: [127.0.0.1] => (item={u'dest': u'/usr/bin/iiab-make-apache-config.py', u'src': u'iiab-make-apache-config.py', u'mode': u'0755'})

TASK [kiwix : add kiwix to service list] ***************************************
ok: [127.0.0.1] => (item={u'option': u'name', u'value': u'kiwix-serve'})
ok: [127.0.0.1] => (item={u'option': u'description', u'value': u'"kiwix-serve is a web server for zim files"'})
ok: [127.0.0.1] => (item={u'option': u'kiwix_url', u'value': u'/kiwix'})
ok: [127.0.0.1] => (item={u'option': u'kiwix_path', u'value': u'/opt/iiab/kiwix'})
ok: [127.0.0.1] => (item={u'option': u'kiwix_port', u'value': 3000})
ok: [127.0.0.1] => (item={u'option': u'iiab_zim_path', u'value': u'/library/zims'})
ok: [127.0.0.1] => (item={u'option': u'kiwix_library_xml', u'value': u'/library/zims/library.xml'})
ok: [127.0.0.1] => (item={u'option': u'kiwix_content_path', u'value': u'/library/zims/content'})
ok: [127.0.0.1] => (item={u'option': u'enabled', u'value': True})

TASK [kiwix : Enable kiwix-serve service] **************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to restart service kiwix-serve: Job for kiwix-serve.service failed. See 'systemctl status kiwix-serve.service' and 'journalctl -xn' for details.\n"}
to retry, use: --limit @/opt/iiab/iiab/iiab.retry

PLAY RECAP *********************************************************************
127.0.0.1 : ok=436 changed=115 unreachable=0 failed=1

root@box:/tmp# tar xzf /opt/schoolserver/downloads/sugarizer-0.8.tar.gz
tar: Skipping to next header
tar: A lone zero block at 543329
tar: Exiting with failure status due to previous errors

In 92-rtc-i2c.rules the program being called is hwclock which is part of the util-linux package. The chrony and ntp packages are intended to be server packages but function as clients also(1). Both, more or less, do the same thing but are mutually exclusive to each other as servers. The ntpdate package is a client only package but you have to add ntp-pool files, while systemd provides timedatectl which uses chrony under the hood.(2) I'll bet timedatectl is already present in raspbian and other distros but requires configuring before timedatectl will work correctly.

Record rtc time in UTC: timedatectl set-local-rtc 0 This sets the third line of /etc/adjtime to UTC
Set the local timezone: timedatectl set-timezone 'local TZ' This sets up /etc/localtime to be a symlink to /usr/share/zoneinfo/'local TZ' Need if /etc/localtime does not exist.
Enable updating upon reboot: systemctl enable systemd-timedated
For immediate updating: systemctl start systemd-timedated

1. https://chrony.tuxfamily.org/comparison.html
2. https://manpages.debian.org/jessie/systemd/timedatectl.1.en.html

rtc_id: ds3231

must be in local_vars.yml or clock not setup

from /var/log/mariadb/mariadb.log

170718 05:40:07 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
170718 5:40:07 [Note] /usr/libexec/mysqld (mysqld 10.0.23-MariaDB) starting as process 1345 ...
170718 5:40:07 [Note] InnoDB: Using mutexes to ref count buffer pool pages
170718 5:40:07 [Note] InnoDB: The InnoDB memory heap is disabled
170718 5:40:07 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
170718 5:40:07 [Note] InnoDB: Memory barrier is not used
170718 5:40:07 [Note] InnoDB: Compressed tables use zlib 1.2.8
170718 5:40:07 [Note] InnoDB: Using Linux native AIO
170718 5:40:07 [Note] InnoDB: Using CPU crc32 instructions
170718 5:40:07 [Note] InnoDB: Initializing buffer pool, size = 128.0M
170718 5:40:07 [Note] InnoDB: Completed initialization of buffer pool
170718 5:40:07 [Note] InnoDB: Highest supported file format is Barracuda.
170718 5:40:07 [Note] InnoDB: The log sequence numbers 2175716 and 2175716 in ibdata files do not match the log sequence number 2802427 in the ib_logfiles!
170718 5:40:07 [Note] InnoDB: Database was not shutdown normally!
170718 5:40:07 [Note] InnoDB: Starting crash recovery.
170718 5:40:07 [Note] InnoDB: Reading tablespace information from the .ibd files...
170718 5:40:08 [Note] InnoDB: Restoring possible half-written data pages
170718 5:40:08 [Note] InnoDB: from the doublewrite buffer...
170718 5:40:08 [Note] InnoDB: 128 rollback segment(s) are active.
170718 5:40:08 [Note] InnoDB: Waiting for purge to start
170718 5:40:08 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.26-76.0 started; log sequence number 2802427
170718 5:40:08 [Note] Plugin 'FEEDBACK' is disabled.
170718 5:40:08 [Note] Server socket created on IP: '::'.
170718 5:40:08 [ERROR] mysqld: Table './mysql/user' is marked as crashed and should be repaired
170718 5:40:08 [Warning] Checking table: './mysql/user'
170718 5:40:08 [ERROR] mysql.user: 1 client is using or hasn't closed the table properly
170718 5:40:08 [ERROR] mysqld: Table './mysql/db' is marked as crashed and should be repaired
170718 5:40:08 [Warning] Checking table: './mysql/db'
170718 5:40:08 [ERROR] mysql.db: 1 client is using or hasn't closed the table properly
170718 5:40:08 [Note] /usr/libexec/mysqld: ready for connections.
Version: '10.0.23-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Server
170720 8:15:32 [ERROR] mysqld: Table './elggdb/elgg_users_sessions' is marked as crashed and should be repaired
170720 8:15:32 [Warning] Checking table: './elggdb/elgg_users_sessions'
170720 8:25:54 [ERROR] mysqld: Table './elggdb/elgg_users_entity' is marked as crashed and should be repaired
170720 8:25:54 [Warning] Checking table: './elggdb/elgg_users_entity'
170720 8:25:54 [ERROR] mysqld: Table './elggdb/elgg_system_log' is marked as crashed and should be repaired

and after restarting mariadb

[root@box iiab]# systemctl restart mariadb
[root@box iiab]# tail -f /var/log/mariadb/*
170720 8:37:14 [Note] InnoDB: Initializing buffer pool, size = 128.0M
170720 8:37:14 [Note] InnoDB: Completed initialization of buffer pool
170720 8:37:14 [Note] InnoDB: Highest supported file format is Barracuda.
170720 8:37:14 [Note] InnoDB: 128 rollback segment(s) are active.
170720 8:37:14 [Note] InnoDB: Waiting for purge to start
170720 8:37:14 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.26-76.0 started; log sequence number 2802437
170720 8:37:14 [Note] Plugin 'FEEDBACK' is disabled.
170720 8:37:14 [Note] Server socket created on IP: '::'.
170720 8:37:14 [Note] /usr/libexec/mysqld: ready for connections.
Version: '10.0.23-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Server
170720 8:37:41 [ERROR] mysqld: Table './elggdb/elgg_system_log' is marked as crashed and should be repaired

Also the directory itself ("services") does not appear. Confirmed on a clean install of IIAB 6.3 on Raspbian Lite when following the instructions at http://FAQ.iiab.io number 16 here: http://wiki.laptop.org/go/IIAB/FAQ#Is_a_.22Rapid_Power_Off.22_button_possible_for_low-electricity_environments.3F

i.e. "allow_apache_sudo: True" was correctly placed into local_vars.yml prior to ./runansible

PS as a temporary workaround, one can do:

mkdir /library/www/html/services
cp /opt/iiab/iiab/roles/httpd/files/html/services/power_off.php /library/www/html/services

OS.yml var files have both apache user and apache data. what is the difference

for debian data is www-data and user is apache