Merge pull request #488 from iiab/master

Sync from iiab/iiab:master

iiab-network

@@ -73,7 +73,7 @@ if [[ `command -v nmcli` ]]; then        # "command -v" is POSIX compliant; it c
 fi
 
 ip r >> iiab-network.log
-brctl show >> iiab-network.log
+bridge -d link >> iiab-network.log
 echo >> iiab-network.log
 echo "iiab-network run start: $Start" >> iiab-network.log
 echo "iiab-network run end: $End" >> iiab-network.log
@@ -88,7 +88,7 @@ if [[ `command -v nmcli` ]]; then
     nmcli c
 fi
 ip r
-brctl show
+bridge -d link
 echo
 echo "iiab-network run start: $Start"
 echo "iiab-network run end: $End"

roles/2-common/tasks/iptables.yml

@@ -1,54 +0,0 @@
-- name: Disable firewalld service (OS's other than debuntu)
-  service:
-    name: firewalld
-    enabled: no
-  when: not is_debuntu
-
-# Likely no longer nec as of 2019
-- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
-  shell: systemctl disable firewalld.service
-  when: not is_debuntu
-
-- name: Mask firewalld service (OS's other than debuntu)
-  shell: systemctl mask firewalld
-  ignore_errors: yes
-  when: not installing and not is_debuntu
-
-- name: Stop firewalld service (OS's other than debuntu)
-  service:
-    name: firewalld
-    state: stopped
-  ignore_errors: yes
-  when: not installing and not is_debuntu
-
-- name: Remove /etc/systemd/system/iptables.service
-  file:
-    path: /etc/systemd/system/iptables.service
-    state: absent
-
-- name: Install package iptables-persistent (debuntu)
-  package:
-    name: iptables-persistent
-    state: present
-  when: is_debuntu
-
-- name: Install package iptables-services (OS's other than debuntu)
-  package:
-    name: iptables-services
-    state: present
-  when: not is_debuntu
-
-- name: Install /etc/sysconfig/iptables-config from template
-  template:
-    src: iptables-config
-    dest: /etc/sysconfig/iptables-config
-    # owner: root
-    # group: root
-    # mode: '0644'
-
-- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
-  template:
-    src: iptables
-    dest: /etc/network/if-pre-up.d/iptables
-    mode: '0755'
-  when: is_debuntu

roles/2-common/tasks/main.yml

@@ -19,7 +19,7 @@
   when: xo_model != "none" or osbuilder is defined
 
 - include_tasks: packages.yml
-- include_tasks: iptables.yml
+- include_tasks: network.yml
 
 # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
 - name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible

roles/2-common/tasks/network.yml

@@ -0,0 +1,23 @@
+- name: Install package networkd-dispatcher (OS's other than RaspOS)
+  package:
+    name: networkd-dispatcher
+    state: present
+  when: not is_raspbian
+
+# used in the network role
+- name: Install network related packages (debuntu)
+  package:
+    name:
+      - iproute2
+      - iptables-persistent
+      - hostapd
+      - netmask
+    state: present
+  when: is_debuntu
+
+- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
+  template:
+    src: iptables
+    dest: /etc/network/if-pre-up.d/iptables
+    mode: '0755'
+  when: is_debuntu

roles/2-common/tasks/packages.yml

@@ -27,23 +27,21 @@
     state: present
   when: is_debuntu
 
-- name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
+- name: "Install 20 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
   package:
     name:
       - acpid         # Daemon for ACPI (power mgmt) events
-      - bridge-utils    # DEPRECATED according to https://wiki.linuxfoundation.org/networking/bridge SEE PR #2752
       - bzip2         # 2021-04-26: Prob not used, but can't hurt?
       - curl          # Used to install roles/nodejs and roles/nodered
       #- etckeeper    # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
       - gawk
-      - hostapd
       - htop
       - i2c-tools     # Low-level bus/chip/register/EEPROM tools e.g. for RTC
+      - iproute2
       - logrotate
       #- lynx         # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
       - make          # 2021-04-26: What roles (if any) truly still use this?
       - mlocate
-      - netmask
       - net-tools     # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
       - ntfs-3g       # Possibly no longer nec, similar to exfat packages above?
       #- openssh-server    # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml

roles/cups/tasks/enable-or-disable.yml

@@ -1,11 +1,3 @@
-- name: Enable http://box/cups via Apache (MIGHT NOT WORK?)
-  command: a2ensite cups.conf
-  when: cups_enabled
-
-- name: Disable http://box/cups via Apache
-  command: a2dissite cups.conf
-  when: not cups_enabled
-
 - name: systemd daemon-reload
   systemd:
     daemon_reload: yes

roles/cups/tasks/install.yml

@@ -1,13 +1,3 @@
-- name: "Set 'apache_install: True' and 'apache_enabled: True'"
-  set_fact:
-    apache_install: True
-    apache_enabled: True
-
-- name: APACHE - run 'httpd' role
-  include_role:
-    name: httpd
-
-
 - name: Install 'cups' package
   package:
     name: cups
@@ -18,12 +8,6 @@
     src: cupsd.conf
     dest: /etc/cups/cupsd.conf
 
-- name: Install /etc/{{ apache_conf_dir }}/cups.conf from template
-  template:
-    src: cups.conf
-    dest: "/etc/{{ apache_conf_dir }}/"
-
-
 # RECORD CUPS AS INSTALLED
 
 - name: "Set 'cups_installed: True'"

roles/lokole/tasks/main.yml

@@ -73,7 +73,7 @@
     - option: name
       value: Lokole
     - option: description
-      value: '"Lokole is an email service that works offline, for rural communities.  With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night — for almost no cost at all — depending on mobile data plans in your country."'
+      value: '"Lokole is an email service that works offline, for rural communities.  With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."'
       #value: '"Lokole is an email service that works offline, for rural communities.  In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."'
     - option: lokole_run_directory
       value: "{{ lokole_run_directory }}"

roles/network/tasks/NM-debian.yml

@@ -70,9 +70,14 @@
     mode: 0600
   when: wan_ip != "dhcp"
 
+- name: Use systemd-networkd to handle br0
+  include_tasks: sysd-netd-debian.yml
+  when: iiab_lan_iface == "br0" and not systemd_networkd_active
+
 - name: Reload systemd
   systemd:
     daemon_reload: yes
+  when: not iiab_lan_iface == "br0"
 
 - name: Restart the NetworkManager service
   systemd:

roles/network/tasks/netplan.yml

@@ -23,17 +23,19 @@
     - systemd-networkd-wait-online
   when: systemd_networkd_active
 
-- name: Unmask and enable the systemd-networkd service for br0
-  systemd:
-    name: systemd-networkd
-    enabled: yes
-    masked: no
-  when: network_manager_active and iiab_lan_iface == "br0"
+# Moved to NM-debian.yml 2020-12-07
+#- name: Unmask and enable the systemd-networkd service for br0
+#  systemd:
+#    name: systemd-networkd
+#    enabled: yes
+#    masked: no
+#  when: network_manager_active and iiab_lan_iface == "br0"
 
-- name: Ensure systemd-networkd gets enabled for br0
-  set_fact:
-    systemd_networkd_active: True
-  when: network_manager_active and iiab_lan_iface == "br0"
+# Moved to NM-debian.yml 2020-12-07
+#- name: Ensure systemd-networkd gets enabled for br0
+#  set_fact:
+#    systemd_networkd_active: True
+#  when: network_manager_active and iiab_lan_iface == "br0"
 
 # ICO will always set gui_static_wan_ip away from the default of 'unset' while
 # gui_static_wan turns dhcp on/off through wan_ip in computed_network and

roles/network/tasks/restart.yml

@@ -65,7 +65,7 @@
   command: /usr/bin/iiab-gen-iptables
 
 - name: Checking if WiFi slave is active
-  shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l
+  shell: bridge -d link | grep {{ iiab_wireless_lan_iface }} | wc -l
 #  when: hostapd_enabled and discovered_wireless_iface != iiab_wan_iface and iiab_lan_iface == "br0"
   when: hostapd_enabled and iiab_lan_iface == "br0"
   register: wifi_slave

roles/network/tasks/sysd-netd-debian.yml

@@ -57,10 +57,19 @@
     state: started
   when: wifi_up_down and discovered_wireless_iface != "none"
 
-- name: Restart the systemd-networkd service
+- name: Enable & Restart systemd-networkd.service
   systemd:
     name: systemd-networkd
     state: restarted
+    enabled: yes
+    masked: no
+
+- name: Enable & Restart networkd-dispatcher.service
+  systemd:
+    name: networkd-dispatcher
+    state: restarted
+    enabled: yes
+    masked: no
 
 - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False
   systemd:

roles/nginx/README.md

@@ -34,7 +34,6 @@
       * wordpress
 
    3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache.
-      * cups [*, shim not yet in place.]
       * elgg
       * lokole
       * moodle
@@ -43,6 +42,7 @@
    4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations).  In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
       * bluetooth
       * calibre (menu goes directly to port 8080)
+      * cups [(available on port 631) * shim not yet in place.]
       * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*]
       * kalite (menu goes directly to ports 8006-8008)
       * minetest

roles/sugarizer/defaults/main.yml

@@ -9,8 +9,8 @@
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 
-sugarizer_dir_version: sugarizer-1.4.0    # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0
-sugarizer_git_version: v1.4.0             # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0
+sugarizer_dir_version: sugarizer-1.5.0    # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0
+sugarizer_git_version: v1.5.0             # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0
 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases
 
 sugarizer_server_dir_version: sugarizer-server-1.3.0    # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0

roles/sugarizer/tasks/install.yml

@@ -29,7 +29,7 @@
 
 # 2. DOWNLOAD+LINK /opt/iiab/sugarizer
 
-- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~710 MB)
+- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB)
   git:
     repo: https://github.com/llaske/sugarizer
     dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}"

roles/usb_lib/tasks/install.yml

@@ -76,6 +76,11 @@
     line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
     path: /etc/usbmount/usbmount.conf
 
+- name: Remove /etc/usbmount/mount.d/00_create_model_symlink
+  file:
+    path: /etc/usbmount/mount.d/00_create_model_symlink
+    state: absent
+
 # 2021-03-25: Consider removing this stanza & all of this role's Apache logic!
 - name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
   template:

roles/usb_lib/tasks/main.yml

@@ -64,6 +64,11 @@
   include_tasks: nginx.yml
   when: nginx_enabled
 
+# 2021-04-29: Clean up here to catch the already installed users, remove for the next release (PR #2760)
+- name: Remove /etc/usbmount/mount.d/00_create_model_symlink
+  file:
+    path: /etc/usbmount/mount.d/00_create_model_symlink
+    state: absent
 
 - name: Put variable in iiab.env that enables display of content at root of USB
   lineinfile:

scripts/iiab-diagnostics

@@ -189,7 +189,7 @@ cat_cmd 'ip addr' 'Network interfaces'
 cat_cmd 'ifconfig' 'Network interfaces (old view)'
 cat_cmd 'ip route' 'Routing table'
 cat_cmd 'netstat -rn' 'Routing table (old view)'
-cat_cmd 'brctl show' 'Bridge for LAN side'
+cat_cmd 'bridge -d link' 'Bridge for LAN side'
 cat_cmd 'sudo netstat -natp' 'Ports/Services in use'
 cat_cmd 'systemctl status dnsmasq' 'Is dnsmasq running?'
 cat_cmd 'sudo journalctl -b 0 -u dnsmasq' 'dnsmasq log'