The Big Merge

.gitignore

@@ -8,3 +8,7 @@ ci/inventory
 ghostdriver.log
 ci/terraform.tfstate*
 ansible/inventory
+makenewimage.sh
+ansible/inventory-*
+makenewimage.pl
+copyimagetosd.pl

README.md

@@ -1,5 +1,26 @@
+# --------------------------------
+# --------------------------------
+# --------------------------------
+# ABANDONED
+You can access the latest code: https://github.com/ConnectBox/connectbox-pi
+# --------------------------------
+
+
+
 [![Build Status](https://travis-ci.org/ConnectBox/connectbox-pi.svg?branch=master)](https://travis-ci.org/ConnectBox/connectbox-pi)
 
+# TheWell version of ConnectBox
+
+TheWell is a variant of ConnectBox that adds Moodle Learning Management System (v. 3.9.3), PHP (v. 7.4) and MySQL (MariaDB) (vv 10.3) to bring training system and learning content to the ConnectBox platform.
+
+Summary Of Changes:
+* ConnectBox Ansible roles are updated to build ConnectBox with Moodle, PHP and MySQL
+* TheWell is for Debian OS (Raspbian) on Raspberry Pi (with modifications) or other Linux host
+* Refer to Relay Trust Moodle Repo for Documentation Of Changes
+* Default Moodle MySQL database is located in this repo under ansible/roles/moodle/templates/
+* Legacy Connectbox File Serving is now at {{{hostname}}} such that Connectbox is http://thewell, Moodle is http://learn.thewell and Admin is http://thewell/admin
+* (There will be more as this gets built out)
+
 # ConnectBox
 
 ConnectBox is a media sharing device based on small form factor computers including the Raspberry Pi 3, Raspberry Pi Zero W, NanoPi NEO, Orange Pi Zero and Pine64.
@@ -8,6 +29,10 @@ ConnectBox is a media sharing device based on small form factor computers includ
 
 See [docs/deployment.md](docs/deployment.md)
 
+# Making a Connectbox on AWS
+
+See [docs/awsinstall.md](docs /docs/awsinstall.md)
+
 # Connectbox setup and administration
 
 See [docs/administration.md](docs/administration.md)
@@ -17,4 +42,4 @@ See [docs/administration.md](docs/administration.md)
 See [docs/development.md](docs/development.md)
 
 # MicroSD Card Images/Releases
-See [https://github.com/ConnectBox/connectbox-pi/releases/](https://github.com/ConnectBox/connectbox-pi/releases/)
+TBD

ansible/group_vars/all

@@ -43,13 +43,16 @@ connectbox_config_root: /etc/connectbox
 connectbox_usb_files_root: /media/usb0
 connectbox_admin_credentials: admin:$apr1$CBOX2018$RlXBoHRRoiG3vMC7PS07q.
 connectbox_default_hostname: connectbox
+connectbox_logo: connectbox_logo.png
 connectbox_log_dir: /var/log/connectbox
 connectbox_access_log: "{{ connectbox_log_dir }}/connectbox-access.log"
 connectbox_error_log:  "{{ connectbox_log_dir }}/connectbox-error.log"
 
 access_log_analyzer_repo: https://github.com/ConnectBox/access-log-analyzer.git
 connectbox_client_repo: https://github.com/ConnectBox/connectbox-react-icon-client.git
 connectbox_client_path: published/
+connectbox_system_password: "!1TheWell"
+build_moodle: False
 
 nginx_admin_block: |
       location /admin/api {

ansible/group_vars/raspbian

@@ -1,6 +1,6 @@
 ---
 connectbox_os: raspbian
-ansible_user: root
+ansible_user: pi
 
-client_facing_if: "wlan1"
-eth_facing_if: "wlan0"
+client_facing_if: "wlan0"
+eth_facing_if: "eth0"

ansible/roles/ansible-postgresql/README.md

@@ -0,0 +1,182 @@
+PostgreSQL
+==========
+
+An [Ansible][ansible] role for installing and managing [PostgreSQL][postgresql] servers. This role works with both
+Debian and RedHat based systems, and provides backup scripts for [PostgreSQL Continuous Archiving and Point-in-Time
+Recovery][postgresql_pitr].
+
+On RedHat-based platforms, the [PostgreSQL Global Development Group (PGDG) packages][pgdg_yum] packages will be
+installed. On Debian-based platforms, you can choose from the distribution's packages (from APT) or the [PGDG
+packages][pgdg_apt].
+
+[ansible]: http://www.ansible.com/
+[postgresql]: http://www.postgresql.org/
+[postgresql_pitr]: http://www.postgresql.org/docs/9.4/static/continuous-archiving.html
+[pgdg_yum]: http://yum.postgresql.org/
+[pgdg_apt]: http://apt.postgresql.org/
+
+**Changes that require a restart will not be applied unless you manually restart PostgreSQL.** This role will reload the
+server for those configuration changes that can be updated with only a reload because reloading is a non-intrusive
+operation, but options that require a full restart will not cause the server to restart.
+
+Requirements
+------------
+
+This role requires Ansible 2.4+
+
+Role Variables
+--------------
+
+### All variables are optional ###
+
+- `postgresql_user_name`: System username to be used for PostgreSQL (default: `postgres`).
+
+- `postgresql_version`: PostgreSQL version to install. On Debian-based platforms, the default is whatever version is
+  pointed to by the `postgresql` metapackage). On RedHat-based platforms, the default is `10`.
+
+- `postgresql_flavor`: On Debian-based platforms, this specifies whether you want to use PostgreSQL packages from pgdg
+  or the distribution's apt repositories. Possible values: `apt`, `pgdg` (default: `apt`).
+
+- `postgresql_conf`: A list of hashes (dictionaries) of `postgresql.conf` options (keys) and values. These options are
+  not added to `postgresql.conf` directly - the role adds a `conf.d` subdirectory in the configuration directory and an
+  include statement for that directory to `postgresql.conf`. Options set in `postgresql_conf` are then set in
+  `conf.d/25ansible_postgresql.conf`. For legacy reasons, this can also be a single hash, but the list syntax is
+  preferred because it preserves order.
+
+  Due to YAML parsing, you must take care when defining values in
+  `postgresql_conf` to ensure they are properly written to the config file. For
+  example:
+
+  ```yaml
+  postgresql_conf:
+    - max_connections: 250
+    - archive_mode: "off"
+    - work_mem: "'8MB'"
+  ```
+
+  Becomes the following in `25ansible_postgresql.conf`:
+
+  ```
+  max_connections = 250
+  archive_mode = off
+  work_mem: '8MB'
+  ```
+
+- `postgresql_pg_hba_conf`: A list of lines to add to `pg_hba.conf`
+
+- `postgresql_pg_hba_local_postgres_user`: If set to `false`, this will remove the `postgres` user's entry from
+  `pg_hba.conf` that is preconfigured on Debian-based PostgreSQL installations. You probably do not want to do this
+  unless you know what you're doing.
+
+- `postgresql_pg_hba_local_socket`: If set to `false`, this will remove the `local` entry from `pg_hba.conf` that is
+  preconfigured by the PostgreSQL package.
+
+- `postgresql_pg_hba_local_ipv4`: If set to `false`, this will remove the `host ... 127.0.0.1/32` entry from
+  `pg_hba.conf` that is preconfigured by the PostgreSQL package.
+
+- `postgresql_pg_hba_local_ipv6`: If set to `false`, this will remove the `host ... ::1/128` entry from `pg_hba.conf`
+  that is preconfigured by the PostgreSQL package.
+
+- `postgresql_pgdata`: Only set this if you have changed the `$PGDATA` directory from the package default. Note this
+  does not configure PostgreSQL to actually use a different directory, you will need to do that yourself, it just allows
+  the role to properly locate the directory.
+
+- `postgresql_conf_dir`: As with `postgresql_pgdata` except for the configuration directory.
+
+### Backups ###
+
+- `postgresql_backup_dir`: If set, enables [PITR][postgresql_pitr] backups. Set this to a directory where your database
+  will be backed up (this can be any format supported by rsync, e.g. `user@host:/path`). The most recent backup will be
+  in a subdirectory named `current`.
+
+- `postgresql_backup_rotate`: Boolean, defaults to `true`, which will cause the `current` directory to be renamed prior
+  to creating a new backup. If set to `false`, `current` will be deleted (this is useful if you are using snapshots or
+  some other means to archive previous backups).
+
+- `postgresql_backup_local_dir`: Filesystem path on the PostgreSQL server where backup scripts will be placed and
+  working WALs will be written prior to a WAL archive.
+
+- `postgresql_backup_[hour|minute]`: Controls what time the cron job will run to perform a full backup. Defaults to 1:00
+  AM.
+
+- `postgresql_backup_[day|month|weekday]`: Additional cron controls for when the full backup is performed (default:
+  `*`).
+
+- `postgresql_backup_mail_recipient`: User or address that should receive mail from the backup scripts.
+
+- `postgresql_backup_remote_rsync_path`: Path to `rsync` on the remote system.
+
+- `postgresql_backup_post_command`: Arbitrary command to run after successful completion of a scheduled backup.
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+Standard install: Default `postgresql.conf`, `pg_hba.conf` and default version for the OS:
+
+```yaml
+---
+
+- hosts: dbservers
+  remote_user: root
+  roles:
+    - postgresql
+```
+
+Use the pgdg packages on a Debian-based host:
+
+```yaml
+---
+
+- hosts: dbservers
+  remote_user: root
+  vars:
+    postgresql_flavor: pgdg
+  roles:
+    - postgresql
+```
+
+Use the PostgreSQL 9.5 packages and set some `postgresql.conf` options and `pg_hba.conf` entries:
+
+```yaml
+---
+
+- hosts: dbservers
+  remote_user: root
+  vars:
+    postgresql_version: 9.5
+    postgresql_conf:
+      - listen_addresses: "''"    # disable network listening (listen on unix socket only)
+      - max_connections: 50       # decrease connection limit
+    postgresql_pg_hba_conf:
+      - host all all 10.0.0.0/8 md5
+  roles:
+    - postgresql
+```
+
+Enable backups to /archive
+
+```yaml
+- hosts: all
+  remote_user: root
+  vars:
+    postgresql_backup_dir: /archive
+  roles:
+    - postgresql
+```
+
+License
+-------
+
+[Academic Free License ("AFL") v. 3.0][afl]
+
+[afl]: http://opensource.org/licenses/AFL-3.0
+
+Author Information
+------------------
+
+[Nate Coraor](https://github.com/natefoo)  

ansible/roles/ansible-postgresql/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+
+postgresql_backup_local_dir: ~postgres/backup
+postgresql_backup_active_dir: "{{ postgresql_backup_local_dir }}/active"
+postgresql_backup_mail_recipient: postgres
+postgresql_backup_rotate: true
+postgresql_user_name: postgres
+postgresql_user_password: mypassword
+
+postgresql_archive_wal_rsync_args: '--ignore-existing -ptg --info=skip1'

ansible/roles/ansible-postgresql/files/get_repo_rpm_release.py

@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+"""
+Determine the latest version of the yum repository package.
+
+usage: get_repo_rpm_version.py url distribution
+
+e.g.:
+
+get_repo_rpm_version.py http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/ centos
+"""
+
+import re
+import sys
+import urllib2
+
+url, dist = sys.argv[1:]
+
+try:
+    repo = urllib2.urlopen(url)
+except urllib2.HTTPError, e:
+    print >>sys.stderr, "Failed to fetch directory list from %s" % url
+    raise
+
+pg_version = url.split('/')[3]
+if pg_version[0] == "8" and dist != "sl":
+    re_pattern = 'href=[\'"](pgdg-%s-%s-[\d+].noarch.rpm)[\'"]' % (dist, pg_version)
+else:
+    re_pattern = 'href=[\'"](pgdg-%s%s-%s-[\d+].noarch.rpm)[\'"]' % (dist, pg_version.replace('.', ''), pg_version)
+match = re.findall(re_pattern, repo.read(), flags=re.I)
+
+assert match, "No matching %s pgdg repository packages found for version %s at %s" % (dist, pg_version, url)
+
+print match[0]
+
+sys.exit(0)

ansible/roles/ansible-postgresql/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: Reload PostgreSQL
+  service: name={{ postgresql_service_name }} state=reloaded

ansible/roles/ansible-postgresql/meta/main.yml

@@ -0,0 +1,26 @@
+---
+galaxy_info:
+  author: The Galaxy Project
+  description: Install and manage a PostgreSQL (http://www.postgresql.org/) server.
+  company: The Galaxy Project
+  license: AFL v3.0
+  min_ansible_version: 2.4
+  platforms:
+  - name: EL
+    versions:
+    - all
+  - name: Fedora
+    versions:
+    - all
+  - name: Ubuntu
+    versions:
+    - all
+  - name: Debian
+    versions:
+    - all
+  galaxy_tags:
+  - database
+  - sql
+  - postgres
+  - postgresql
+dependencies: []

ansible/roles/ansible-postgresql/tasks/backup.yml

@@ -0,0 +1,56 @@
+---
+
+- name: Create backup directories
+  file:
+    owner: postgres
+    group: postgres
+    mode: 0750
+    state: directory
+    path: "{{ item }}"
+  with_items:
+    - "{{ postgresql_backup_local_dir }}"
+    - "{{ postgresql_backup_local_dir }}/bin"
+    - "{{ postgresql_backup_active_dir }}"
+
+- name: Install backup scripts
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ postgresql_backup_local_dir }}/bin/{{ item }}"
+    owner: postgres
+    group: postgres
+    mode: 0750
+  with_items:
+    - backup_working_wal.sh
+    - archive_wal.sh
+    - scheduled_backup.sh
+
+- name: Set WAL archive config options
+  template:
+    src: 20ansible_backup.conf.j2
+    dest: "{{ postgresql_conf_dir }}/conf.d/20ansible_backup.conf"
+    owner: postgres
+    group: postgres
+    backup: yes
+  notify: Reload PostgreSQL
+
+- name: Schedule backups
+  cron:
+    name: "PostgreSQL Backup"
+    cron_file: ansible_postgresql_backup
+    user: postgres
+    hour: "{{ postgresql_backup_hour | default(1) }}"
+    minute: "{{ postgresql_backup_minute | default(0) }}"
+    day: "{{ postgresql_backup_day | default(omit) }}"
+    month: "{{ postgresql_backup_month | default(omit) }}"
+    weekday: "{{ postgresql_backup_weekday | default(omit) }}"
+    job: >-
+      {{ postgresql_backup_local_dir }}/bin/scheduled_backup.sh{{
+        ' && ' ~ postgresql_backup_post_command if postgresql_backup_post_command is defined else ''
+      }}
+
+- name: Schedule PostgreSQL working WAL backup
+  cron:
+    name: "PostgreSQL WAL Backup"
+    cron_file: ansible_postgresql_walbackup
+    user: postgres
+    job: "{{ postgresql_backup_local_dir }}/bin/backup_working_wal.sh"