iiab/roles/network/tasks/enable_services.yml

- name: Disable dhcpd service
  service:
    name: dhcpd
    enabled: no
  when: not dhcpd_enabled and dhcpd_install

# service is restarted with NM dispatcher.d script
- name: Enable dhcpd service
  service:
    name: dhcpd
    enabled: yes
  when: dhcpd_enabled and dhcpd_install

- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  with_items:
   - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' }
   - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
  when: dhcpd_enabled and dhcpd_install

- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  with_items:
   - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' }
   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }
   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }
  when: named_enabled and named_install

- name: Enable named service ({{ dns_service }}) if named_enabled
  systemd:
    name: "{{ dns_service }}"
    enabled: yes
  when: named_enabled and named_install

- name: Disable named service ({{ dns_service }}) if not named_enabled
  systemd:
    name: "{{ dns_service }}"
    enabled: no
  when: not named_enabled and named_install

- name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance
  template:
    src: network/dnsmasq.conf.j2
    dest: /etc/dnsmasq.d/iiab.conf
  when: dnsmasq_enabled and dnsmasq_install and (iiab_network_mode != "Appliance")

- name: Copy script to restart dnsmasq whenever br0 comes up
  template: 
    src: "roles/network/templates/network/dnsmasq.sh.j2"
    dest: "/etc/networkd-dispatcher/routable.d/dnsmasq.sh"
    mode: "0755"
    owner: root
    group: root
  when: dnsmasq_enabled and dnsmasq_install and (iiab_network_mode != "Appliance") and (not is_rpi)

- name: Remove /etc/dnsmasq.d/iiab.conf, when not dnsmasq_enabled or is Appliance
  file:
    path: /etc/dnsmasq.d/iiab.conf
    state: absent
  when: (not dnsmasq_enabled) or (iiab_network_mode == "Appliance")

- name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled
  systemd:
    name: iiab-dnsmasq
    enabled: yes
  when: dnsmasq_enabled and dnsmasq_install

- name: Disable iiab-dnsmasq, if not dnsmasq_enabled
  systemd:
    name: iiab-dnsmasq
    enabled: no
  when: not dnsmasq_enabled and dnsmasq_install

- name: Enable DansGuardian systemd service, if dansguardian_enabled
  systemd:
    name: dansguardian
    enabled: yes
  when: dansguardian_enabled and dansguardian_install

- name: Disable DansGuardian, if not dansguardian_enabled
  systemd:
    name: dansguardian
    enabled: no
  when: not dansguardian_enabled and dansguardian_install

- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
  lineinfile:
    path: "{{ iiab_env_file }}"
    regexp: '^HTTPCACHE_ON=*'
    line: 'HTTPCACHE_ON=True'
    state: present
  when: squid_enabled and squid_install

- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
  systemd:
    name: "{{ proxy }}"
    enabled: yes
  when: squid_enabled and squid_install

- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  with_items:
    - src: squid/squid-iiab.conf.j2
      dest: "/etc/{{ proxy }}/squid-iiab.conf"
      owner: "{{ proxy_user }}"
      group: "{{ proxy_user }}"
      mode: 0644
  when: squid_enabled and squid_install

- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
  lineinfile:
    regexp: '^CONFIG'
    line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
    path: "/etc/init.d/{{ proxy }}"
  when: squid_enabled and squid_install and is_debuntu

- name: Disable Squid service, if not squid_enabled
  systemd:
    name: "{{ proxy }}"
    enabled: no
  when: not squid_enabled and squid_install

- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
  lineinfile:
    dest: "{{ iiab_env_file }}"
    regexp: '^HTTPCACHE_ON=*'
    line: 'HTTPCACHE_ON=False'
    state: present
  when: not squid_enabled

- name: Enable Wondershaper service, if wondershaper_enabled
  systemd:
    name: wondershaper
    enabled: yes
  when: wondershaper_enabled and wondershaper_install

- name: Disable Wondershaper service, if not wondershaper_enabled
  systemd:
    name: wondershaper
    enabled: no
  when: not wondershaper_enabled and wondershaper_install

# check-LAN should be iptables.yml remove later
- name: Install clean copy of /usr/bin/iiab-gen-iptables from template
  template:
    src: gateway/iiab-gen-iptables
    dest: /usr/bin/iiab-gen-iptables
    owner: root
    group: root
    mode: 0755

- name: Add 'squid' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: squid
    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: enabled
      value: "{{ squid_enabled }}"

- name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: dansguardian
    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: enabled
      value: "{{ dansguardian_enabled }}"

- name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: wondershaper
    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: enabled
      value: "{{ wondershaper_enabled }}"
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- name: Disable dhcpd service`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`service:`
			`name: dhcpd`
			`enabled: no`
port dnsmasq over from nginx-rebase-eth0 - rebased edits 2017-09-13 11:07:25 +00:00			`when: not dhcpd_enabled and dhcpd_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
			`# service is restarted with NM dispatcher.d script`
			`- name: Enable dhcpd service`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`service:`
			`name: dhcpd`
			`enabled: yes`
port dnsmasq over from nginx-rebase-eth0 - rebased edits 2017-09-13 11:07:25 +00:00			`when: dhcpd_enabled and dhcpd_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`template:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`owner: root`
			`group: root`
			`mode: "{{ item.mode }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`- { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' }`
move network package install - double check after rebase 2017-10-31 09:10:46 +00:00			`- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }`
port dnsmasq over from nginx-rebase-eth0 - rebased edits 2017-09-13 11:07:25 +00:00			`when: dhcpd_enabled and dhcpd_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`template:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`owner: root`
			`group: root`
			`mode: "{{ item.mode }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
Update enable_services.yml 2018-07-12 17:51:59 +00:00			`- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' }`
			`- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }`
			`- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }`
move dnsmasq config file to /etc/dnsmasq.d/ Bugfix don't supply named/bind files when not enabled. 2019-01-17 16:41:48 +00:00			`when: named_enabled and named_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Enable named service ({{ dns_service }}) if named_enabled`
			`systemd:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`name: "{{ dns_service }}"`
			`enabled: yes`
port dnsmasq over from nginx-rebase-eth0 - rebased edits 2017-09-13 11:07:25 +00:00			`when: named_enabled and named_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Disable named service ({{ dns_service }}) if not named_enabled`
			`systemd:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`name: "{{ dns_service }}"`
			`enabled: no`
port dnsmasq over from nginx-rebase-eth0 - rebased edits 2017-09-13 11:07:25 +00:00			`when: not named_enabled and named_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2019-01-17 20:03:12 +00:00			`- name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`template:`
			`src: network/dnsmasq.conf.j2`
move dnsmasq config file to /etc/dnsmasq.d/ Bugfix don't supply named/bind files when not enabled. 2019-01-17 16:41:48 +00:00			`dest: /etc/dnsmasq.d/iiab.conf`
as requested in chat 2019-01-17 18:43:50 +00:00			`when: dnsmasq_enabled and dnsmasq_install and (iiab_network_mode != "Appliance")`
reorder dhcpcd networking services - rebased edits looks weird on redhat add systemd reload 2017-09-09 21:12:05 +00:00
Move the dnsmasq-restarter script from dnsmasq.yml to enable_services.yml 2019-06-23 07:57:19 +00:00			`- name: Copy script to restart dnsmasq whenever br0 comes up`
			`template:`
			`src: "roles/network/templates/network/dnsmasq.sh.j2"`
			`dest: "/etc/networkd-dispatcher/routable.d/dnsmasq.sh"`
			`mode: "0755"`
			`owner: root`
			`group: root`
do not copy dnsmasq restart script if we are on rpi 2019-06-23 11:43:45 +00:00			`when: dnsmasq_enabled and dnsmasq_install and (iiab_network_mode != "Appliance") and (not is_rpi)`
Move the dnsmasq-restarter script from dnsmasq.yml to enable_services.yml 2019-06-23 07:57:19 +00:00
Update enable_services.yml 2019-01-17 20:03:12 +00:00			`- name: Remove /etc/dnsmasq.d/iiab.conf, when not dnsmasq_enabled or is Appliance`
move dnsmasq config file to /etc/dnsmasq.d/ Bugfix don't supply named/bind files when not enabled. 2019-01-17 16:41:48 +00:00			`file:`
			`path: /etc/dnsmasq.d/iiab.conf`
			`state: absent`
			`when: (not dnsmasq_enabled) or (iiab_network_mode == "Appliance")`

use iiab-dnsmasq.service everywhere 2018-12-16 13:52:50 +00:00			`- name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled`
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`systemd:`
use iiab-dnsmasq.service everywhere 2018-12-16 13:52:50 +00:00			`name: iiab-dnsmasq`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`enabled: yes`
port dnsmasq over from nginx-rebase-eth0 - rebased edits 2017-09-13 11:07:25 +00:00			`when: dnsmasq_enabled and dnsmasq_install`
reorder dhcpcd networking services - rebased edits looks weird on redhat add systemd reload 2017-09-09 21:12:05 +00:00
use iiab-dnsmasq.service everywhere 2018-12-16 13:52:50 +00:00			`- name: Disable iiab-dnsmasq, if not dnsmasq_enabled`
			`systemd:`
			`name: iiab-dnsmasq`
			`enabled: no`
			`when: not dnsmasq_enabled and dnsmasq_install`

Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Enable DansGuardian systemd service, if dansguardian_enabled`
			`systemd:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`name: dansguardian`
			`enabled: yes`
make DG and squid respect *_install and default dansguardian_install to False 2017-08-09 05:29:40 +00:00			`when: dansguardian_enabled and dansguardian_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Disable DansGuardian, if not dansguardian_enabled`
			`systemd:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`name: dansguardian`
			`enabled: no`
make DG and squid respect *_install and default dansguardian_install to False 2017-08-09 05:29:40 +00:00			`when: not dansguardian_enabled and dansguardian_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`lineinfile:`
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`path: "{{ iiab_env_file }}"`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`regexp: '^HTTPCACHE_ON=*'`
			`line: 'HTTPCACHE_ON=True'`
			`state: present`
fix proper runtags support 2017-09-16 04:43:15 +00:00			`when: squid_enabled and squid_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled`
			`systemd:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`name: "{{ proxy }}"`
			`enabled: yes`
cover bad selection of install False enabled True by enduser 2017-09-19 23:35:00 +00:00			`when: squid_enabled and squid_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`template:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`owner: "{{ item.owner }}"`
			`group: "{{ item.group }}"`
			`mode: "{{ item.mode }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`- src: squid/squid-iiab.conf.j2`
Update enable_services.yml 2018-07-12 18:04:52 +00:00			`dest: "/etc/{{ proxy }}/squid-iiab.conf"`
			`owner: "{{ proxy_user }}"`
			`group: "{{ proxy_user }}"`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`mode: 0644`
cover bad selection of install False enabled True by enduser 2017-09-19 23:35:00 +00:00			`when: squid_enabled and squid_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Point to Squid config file from startup file, if squid_enabled (debuntu)`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`lineinfile:`
			`regexp: '^CONFIG'`
Update enable_services.yml 2018-07-12 18:04:52 +00:00			`line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"`
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`path: "/etc/init.d/{{ proxy }}"`
cover bad selection of install False enabled True by enduser 2017-09-19 23:35:00 +00:00			`when: squid_enabled and squid_install and is_debuntu`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Disable Squid service, if not squid_enabled`
			`systemd:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`name: "{{ proxy }}"`
			`enabled: no`
make DG and squid respect *_install and default dansguardian_install to False 2017-08-09 05:29:40 +00:00			`when: not squid_enabled and squid_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`lineinfile:`
iiab_env_file -> {{ iiab_env_file }} or "{{ iiab_env_file }}" 2018-10-15 10:41:58 +00:00			`dest: "{{ iiab_env_file }}"`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`regexp: '^HTTPCACHE_ON=*'`
			`line: 'HTTPCACHE_ON=False'`
			`state: present`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`when: not squid_enabled`

Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Enable Wondershaper service, if wondershaper_enabled`
			`systemd:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`name: wondershaper`
			`enabled: yes`
cover bad selection of install False enabled True by enduser 2017-09-19 23:35:00 +00:00			`when: wondershaper_enabled and wondershaper_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Disable Wondershaper service, if not wondershaper_enabled`
			`systemd:`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`name: wondershaper`
			`enabled: no`
cover bad selection of install False enabled True by enduser 2017-09-19 23:35:00 +00:00			`when: not wondershaper_enabled and wondershaper_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Misc Fixes: Clean up whitespace warnings 2017-10-19 06:33:02 +00:00			`# check-LAN should be iptables.yml remove later`
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Install clean copy of /usr/bin/iiab-gen-iptables from template`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`template:`
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`src: gateway/iiab-gen-iptables`
			`dest: /usr/bin/iiab-gen-iptables`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`owner: root`
			`group: root`
			`mode: 0755`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Add 'squid' variable values to {{ iiab_ini_file }}`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`ini_file:`
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`path: "{{ iiab_ini_file }}"`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`section: squid`
			`option: "{{ item.option }}"`
			`value: "{{ item.value }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
			`- option: enabled`
			`value: "{{ squid_enabled }}"`

Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Add 'dansguardian' variable values to {{ iiab_ini_file }}`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`ini_file:`
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`path: "{{ iiab_ini_file }}"`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`section: dansguardian`
			`option: "{{ item.option }}"`
			`value: "{{ item.value }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
			`- option: enabled`
			`value: "{{ dansguardian_enabled }}"`

Update enable_services.yml 2018-10-31 07:58:55 +00:00			`- name: Add 'wondershaper' variable values to {{ iiab_ini_file }}`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`ini_file:`
Update enable_services.yml 2018-10-31 07:58:55 +00:00			`path: "{{ iiab_ini_file }}"`
modern Ansible syntax/style for readability 2018-07-12 17:50:32 +00:00			`section: wondershaper`
			`option: "{{ item.option }}"`
			`value: "{{ item.value }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
			`- option: enabled`
			`value: "{{ wondershaper_enabled }}"`