diff --git a/iiab-network b/iiab-network index 30c16b4f9..6ff4b5cd3 100755 --- a/iiab-network +++ b/iiab-network @@ -73,7 +73,7 @@ if [[ `command -v nmcli` ]]; then # "command -v" is POSIX compliant; it c fi ip r >> iiab-network.log -brctl show >> iiab-network.log +bridge -d link >> iiab-network.log echo >> iiab-network.log echo "iiab-network run start: $Start" >> iiab-network.log echo "iiab-network run end: $End" >> iiab-network.log @@ -88,7 +88,7 @@ if [[ `command -v nmcli` ]]; then nmcli c fi ip r -brctl show +bridge -d link echo echo "iiab-network run start: $Start" echo "iiab-network run end: $End" diff --git a/roles/2-common/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml deleted file mode 100644 index 94c1ff003..000000000 --- a/roles/2-common/tasks/iptables.yml +++ /dev/null @@ -1,54 +0,0 @@ -- name: Disable firewalld service (OS's other than debuntu) - service: - name: firewalld - enabled: no - when: not is_debuntu - -# Likely no longer nec as of 2019 -- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu) - shell: systemctl disable firewalld.service - when: not is_debuntu - -- name: Mask firewalld service (OS's other than debuntu) - shell: systemctl mask firewalld - ignore_errors: yes - when: not installing and not is_debuntu - -- name: Stop firewalld service (OS's other than debuntu) - service: - name: firewalld - state: stopped - ignore_errors: yes - when: not installing and not is_debuntu - -- name: Remove /etc/systemd/system/iptables.service - file: - path: /etc/systemd/system/iptables.service - state: absent - -- name: Install package iptables-persistent (debuntu) - package: - name: iptables-persistent - state: present - when: is_debuntu - -- name: Install package iptables-services (OS's other than debuntu) - package: - name: iptables-services - state: present - when: not is_debuntu - -- name: Install /etc/sysconfig/iptables-config from template - template: - src: iptables-config - dest: /etc/sysconfig/iptables-config - # owner: root - # group: root - # mode: '0644' - -- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu) - template: - src: iptables - dest: /etc/network/if-pre-up.d/iptables - mode: '0755' - when: is_debuntu diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 66fedacd4..e55d12c05 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -19,7 +19,7 @@ when: xo_model != "none" or osbuilder is defined - include_tasks: packages.yml -- include_tasks: iptables.yml +- include_tasks: network.yml # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: - name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml new file mode 100644 index 000000000..3056e98fb --- /dev/null +++ b/roles/2-common/tasks/network.yml @@ -0,0 +1,23 @@ +- name: Install package networkd-dispatcher (OS's other than RaspOS) + package: + name: networkd-dispatcher + state: present + when: not is_raspbian + +# used in the network role +- name: Install network related packages (debuntu) + package: + name: + - iproute2 + - iptables-persistent + - hostapd + - netmask + state: present + when: is_debuntu + +- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu) + template: + src: iptables + dest: /etc/network/if-pre-up.d/iptables + mode: '0755' + when: is_debuntu diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 4d38c665a..3b76d7beb 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -27,23 +27,21 @@ state: present when: is_debuntu -- name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 20 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # Daemon for ACPI (power mgmt) events - - bridge-utils # DEPRECATED according to https://wiki.linuxfoundation.org/networking/bridge SEE PR #2752 - bzip2 # 2021-04-26: Prob not used, but can't hurt? - curl # Used to install roles/nodejs and roles/nodered #- etckeeper # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 - gawk - - hostapd - htop - i2c-tools # Low-level bus/chip/register/EEPROM tools e.g. for RTC + - iproute2 - logrotate #- lynx # Installed by 1-prep's roles/iiab-admin/tasks/access.yml - make # 2021-04-26: What roles (if any) truly still use this? - mlocate - - netmask - net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - ntfs-3g # Possibly no longer nec, similar to exfat packages above? #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml diff --git a/roles/cups/tasks/enable-or-disable.yml b/roles/cups/tasks/enable-or-disable.yml index 866536c97..74a9ee702 100644 --- a/roles/cups/tasks/enable-or-disable.yml +++ b/roles/cups/tasks/enable-or-disable.yml @@ -1,11 +1,3 @@ -- name: Enable http://box/cups via Apache (MIGHT NOT WORK?) - command: a2ensite cups.conf - when: cups_enabled - -- name: Disable http://box/cups via Apache - command: a2dissite cups.conf - when: not cups_enabled - - name: systemd daemon-reload systemd: daemon_reload: yes diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index dd17420ba..15630862e 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -1,13 +1,3 @@ -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True - -- name: APACHE - run 'httpd' role - include_role: - name: httpd - - - name: Install 'cups' package package: name: cups @@ -18,12 +8,6 @@ src: cupsd.conf dest: /etc/cups/cupsd.conf -- name: Install /etc/{{ apache_conf_dir }}/cups.conf from template - template: - src: cups.conf - dest: "/etc/{{ apache_conf_dir }}/" - - # RECORD CUPS AS INSTALLED - name: "Set 'cups_installed: True'" diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index aaccc44e5..34258dd52 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -73,7 +73,7 @@ - option: name value: Lokole - option: description - value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night — for almost no cost at all — depending on mobile data plans in your country."' + value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."' #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' - option: lokole_run_directory value: "{{ lokole_run_directory }}" diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index ece7fa8cd..8cf977c8a 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -70,9 +70,14 @@ mode: 0600 when: wan_ip != "dhcp" +- name: Use systemd-networkd to handle br0 + include_tasks: sysd-netd-debian.yml + when: iiab_lan_iface == "br0" and not systemd_networkd_active + - name: Reload systemd systemd: daemon_reload: yes + when: not iiab_lan_iface == "br0" - name: Restart the NetworkManager service systemd: diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index b103f3331..afa33c3ce 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -23,17 +23,19 @@ - systemd-networkd-wait-online when: systemd_networkd_active -- name: Unmask and enable the systemd-networkd service for br0 - systemd: - name: systemd-networkd - enabled: yes - masked: no - when: network_manager_active and iiab_lan_iface == "br0" +# Moved to NM-debian.yml 2020-12-07 +#- name: Unmask and enable the systemd-networkd service for br0 +# systemd: +# name: systemd-networkd +# enabled: yes +# masked: no +# when: network_manager_active and iiab_lan_iface == "br0" -- name: Ensure systemd-networkd gets enabled for br0 - set_fact: - systemd_networkd_active: True - when: network_manager_active and iiab_lan_iface == "br0" +# Moved to NM-debian.yml 2020-12-07 +#- name: Ensure systemd-networkd gets enabled for br0 +# set_fact: +# systemd_networkd_active: True +# when: network_manager_active and iiab_lan_iface == "br0" # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 3c1e1c793..d1573dd5e 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -65,7 +65,7 @@ command: /usr/bin/iiab-gen-iptables - name: Checking if WiFi slave is active - shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l + shell: bridge -d link | grep {{ iiab_wireless_lan_iface }} | wc -l # when: hostapd_enabled and discovered_wireless_iface != iiab_wan_iface and iiab_lan_iface == "br0" when: hostapd_enabled and iiab_lan_iface == "br0" register: wifi_slave diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index c334d6688..622663462 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -57,10 +57,19 @@ state: started when: wifi_up_down and discovered_wireless_iface != "none" -- name: Restart the systemd-networkd service +- name: Enable & Restart systemd-networkd.service systemd: name: systemd-networkd state: restarted + enabled: yes + masked: no + +- name: Enable & Restart networkd-dispatcher.service + systemd: + name: networkd-dispatcher + state: restarted + enabled: yes + masked: no - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: diff --git a/roles/network/templates/network/br0.j2 b/roles/network/templates/network/br0.j2.deprecated similarity index 100% rename from roles/network/templates/network/br0.j2 rename to roles/network/templates/network/br0.j2.deprecated diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 79f62cfcb..d3d462628 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -34,7 +34,6 @@ * wordpress 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache. - * cups [*, shim not yet in place.] * elgg * lokole * moodle @@ -43,6 +42,7 @@ 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) * bluetooth * calibre (menu goes directly to port 8080) + * cups [(available on port 631) * shim not yet in place.] * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*] * kalite (menu goes directly to ports 8006-8008) * minetest diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 9c9573037..cdf6dc8fb 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -9,8 +9,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -sugarizer_dir_version: sugarizer-1.4.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0 -sugarizer_git_version: v1.4.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0 +sugarizer_dir_version: sugarizer-1.5.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0 +sugarizer_git_version: v1.5.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases sugarizer_server_dir_version: sugarizer-server-1.3.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0 diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index b986ca304..e1cafdb4b 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -29,7 +29,7 @@ # 2. DOWNLOAD+LINK /opt/iiab/sugarizer -- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~710 MB) +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB) git: repo: https://github.com/llaske/sugarizer dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}" diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 25b671f06..3304a0f16 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,6 +76,11 @@ line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' path: /etc/usbmount/usbmount.conf +- name: Remove /etc/usbmount/mount.d/00_create_model_symlink + file: + path: /etc/usbmount/mount.d/00_create_model_symlink + state: absent + # 2021-03-25: Consider removing this stanza & all of this role's Apache logic! - name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template template: diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index da1bd6c12..02a1f7882 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -64,6 +64,11 @@ include_tasks: nginx.yml when: nginx_enabled +# 2021-04-29: Clean up here to catch the already installed users, remove for the next release (PR #2760) +- name: Remove /etc/usbmount/mount.d/00_create_model_symlink + file: + path: /etc/usbmount/mount.d/00_create_model_symlink + state: absent - name: Put variable in iiab.env that enables display of content at root of USB lineinfile: diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 242fc8b60..35b4965b2 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -189,7 +189,7 @@ cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' cat_cmd 'netstat -rn' 'Routing table (old view)' -cat_cmd 'brctl show' 'Bridge for LAN side' +cat_cmd 'bridge -d link' 'Bridge for LAN side' cat_cmd 'sudo netstat -natp' 'Ports/Services in use' cat_cmd 'systemctl status dnsmasq' 'Is dnsmasq running?' cat_cmd 'sudo journalctl -b 0 -u dnsmasq' 'dnsmasq log'