Merge pull request #3318 from holta/net_warn

/usr/local/sbin/netwarn pop-ups (if iiab-network needs to be run) on MATE & RasPiOS with desktop + roles/network refactoring

iiab-network

@@ -4,11 +4,14 @@
 CWD=`pwd`
 export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
 
-if [ ! -f iiab-network.yml ]; then
-    echo "iiab-network.yml not found in current directory."
-    echo "Please rerun this command from the top level of the git repo."
-    echo "Exiting."
+exit_error() {
+    echo -e "\nEXITING: "$@ | tee -a /opt/iiab/iiab/iiab-network.log
     exit 1
+}
+
+if [ ! -f iiab-network.yml ]; then
+    exit_error "iiab-network.yml not found in current directory." \
+               "Please rerun this command from the top level of the git repo."
 fi
 
 OS="unknown"   # will be overridden below, if /etc/iiab/iiab.env is legit
@@ -19,26 +22,21 @@ if [ -f /etc/iiab/iiab.env ]; then
     if grep -q STAGE= /etc/iiab/iiab.env ; then
         echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env"
         if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then
-            echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer"
-            exit 1
+            exit_error "STAGE (counter) value == ""$STAGE"" is non-integer"
         elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then
-            echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range"
-            exit 1
+            exit_error "STAGE (counter) value == ""$STAGE"" is out-of-range"
         elif [ "$STAGE" -lt 3 ]; then
-            echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"
-            echo -e "\nIIAB Stage 3 not complete."
-            echo -e "\nPlease run: ./iiab-install"
-            exit 1
+            exit_error "STAGE (counter) value == ""$STAGE" \
+                       "\nIIAB Stage 3 not complete." \
+                       "\nPlease run: ./iiab-install"
         fi
     else
-        echo -e "\nEXITING: STAGE (counter) not found"
-        echo -e "\nIIAB not installed."
-        echo -e "\nPlease run: ./iiab-install"
-        exit 1
+        exit_error "STAGE (counter) not found" \
+                   "\nIIAB not installed." \
+                   "\nPlease run: ./iiab-install"
     fi
 else
-    echo -e "\nEXITING: /etc/iiab/iiab.env not found"
-    exit 1
+    exit_error "/etc/iiab/iiab.env not found"
 fi
 
 echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log"

roles/network/tasks/avahi.yml

@@ -7,7 +7,7 @@
 
 - name: Install avahi announce config file /etc/avahi/services/schoolserver.service
   template:
-    src: avahi/schoolserver.service
+    src: roles/network/templates/avahi/schoolserver.service    # Invoked by 1-prep (so full path needed)
     dest: /etc/avahi/services/schoolserver.service
     owner: avahi
     group: avahi

roles/network/tasks/detected_network.yml

@@ -36,25 +36,22 @@
     device_gw: "{{ discovered_wan_iface }}"
   when: ansible_default_ipv4.gateway is defined
 
-- name: Figure out netplan file name
-  shell: ls /etc/netplan
-  register: netplan
-  ignore_errors: True # pre 17.10 doesn't use netplan
-  when: is_ubuntu
+# 2022-07-22: Moved to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!)
+# - name: Figure out netplan file name
+#   shell: ls /etc/netplan
+#   register: netplan
+#   ignore_errors: True # pre 17.10 doesn't use netplan
+#   when: is_ubuntu
 
 - name: Setting dhcpcd_test results
   set_fact:
     dhcpcd_result: "{{ ansible_local.local_facts.dhcpcd }}"
 
-- name: Setting systemd_networkd results
+# 2022-07-22: Copied to netplan.yml (REMOVE DUPLICATE CODE LATER?!)
+- name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms"
   set_fact:
     systemd_networkd_active: True
-  when: 'ansible_local.local_facts.systemd_networkd == "enabled"'
-
-- name: Setting systemd_networkd-2 results
-  set_fact:
-    systemd_networkd_active: True
-  when: 'ansible_local.local_facts.systemd_networkd == "enabled-runtime"'
+  when: ansible_local.local_facts.systemd_networkd == "enabled" or ansible_local.local_facts.systemd_networkd == "enabled-runtime"
 
 - name: Setting network_manager results
   set_fact:

roles/network/tasks/enable_services.yml

@@ -202,17 +202,6 @@
     # group: root
     mode: 0755
 
-- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default)
-  template:
-    src: "{{ item }}"
-    dest: /usr/bin/
-    # owner: root
-    # group: root
-    mode: 0755
-  with_items:
-    - gateway/iiab-internet-on
-    - gateway/iiab-internet-off
-
 
 - name: Add 'squid' variable values to {{ iiab_ini_file }} - if squid_installed is defined
   ini_file:

roles/network/tasks/hostapd.yml

@@ -1,14 +1,14 @@
-- name: Unmask the Access Point 'hostapd' service
-  systemd:
-    name: hostapd
-    enabled: no
-    masked: no
-
 - name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected
   set_fact:
     hostapd_enabled: False
   when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap
 
+- name: Disable the Access Point 'hostapd' service
+  systemd:
+    name: hostapd
+    enabled: no
+  when: not hostapd_enabled
+
 - name: Detect current Wifi channel
   shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2
   register: current_client_channel
@@ -22,10 +22,12 @@
 - name: Generate new random mac address for ap0
   shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/'
   register: ap0_mac
+  when: can_be_ap
 
 - name: Setting ap0 mac address for use in hostapd service file
   set_fact:
     ap0_mac_addr: "{{ ap0_mac.stdout }}"
+  when: can_be_ap
 
 - name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi"
   template:

roles/network/tasks/install.yml

@@ -1,7 +1,7 @@
 # 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop.
 
 - name: Install dnsmasq -- configure LATER in 'network', after Stage 9
-  include_tasks: roles/network/tasks/dnsmasq.yml
+  include_tasks: roles/network/tasks/dnsmasq.yml    # Invoked by 1-prep (so full path needed)
 
 - name: Install package networkd-dispatcher (OS's other than RasPiOS)
   package:
@@ -45,6 +45,14 @@
 #     dest: /etc/network/if-pre-up.d/iptables
 #     mode: '0755'
 
+- name: Unmask the Access Point 'hostapd' service
+  systemd:
+    name: hostapd
+    enabled: no
+    masked: no
+
+- name: Install Avahi (mDNS, Zeroconf/Bonjour)
+  include_tasks: roles/network/tasks/avahi.yml    # Invoked by 1-prep (so full path needed)
 
 # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
 - name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)"
@@ -61,21 +69,42 @@
     #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }         # BY ABOVE
 
 
-# UNMAINTAINED
+# UNUSED
 #- name: Install named / BIND
 #  include_tasks: roles/network/tasks/named.yml
 #  when: named_install is defined and named_install
 
-# UNMAINTAINED
+# UNUSED
 #- name: Install dhcpd
 #  include_tasks: roles/network/tasks/dhcpd.yml
 #  when: dhcpd_install is defined and dhcpd_install
 
 # LESS MAINTAINED
 - name: Install Squid
-  include_tasks: roles/network/tasks/squid.yml
+  include_tasks: roles/network/tasks/squid.yml    # Invoked by 1-prep (so full path needed)
   when: squid_install and squid_installed is undefined
 
+  #preprep for backends
+- name: Netplan in use on Ubuntu 18.04+
+  include_tasks: roles/network/tasks/netplan.yml    # Invoked by 1-prep (so full path needed)
+  when: is_ubuntu
+
+# all installs
+
+- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default)
+  template:
+    src: "{{ item }}"
+    dest: /usr/bin/
+    mode: 0755
+  with_items:
+    - roles/network/templates/gateway/iiab-internet-on     # Invoked by 1-prep (so full path needed)
+    - roles/network/templates/gateway/iiab-internet-off    # Invoked by 1-prep (so full path needed)
+
+- name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run'
+  include_tasks: roles/network/tasks/netwarn.yml    # Invoked by 1-prep (so full path needed)
+
+
+# RECORD Network AS INSTALLED
 
 - name: "Set 'network_installed: True'"
   set_fact:

roles/network/tasks/main.yml

@@ -21,52 +21,46 @@
 - name: computed_network
   include_tasks: computed_network.yml
 
+# 2022-07-22: @jvonau asks for this to be (1) BELOW computed_network.yml
+# (what goes into iiab-hotspot-on|off depends on can_be_ap and wifi_up_down)
+# AND (2) ABOVE install.yml for some reason?  REQUIREMENT: Admin Console reads
+# iiab_network_mode from /etc/iiab/iiab.ini + uses /usr/bin/iiab-hotspot-on|off
+- name: Install /usr/bin/iiab-hotspot-on|off from template (root:root by default)
+  template:
+    src: "{{ item }}"
+    dest: /usr/bin/
+    mode: 0755
+  with_items:
+    - hostapd/iiab-hotspot-on
+    - hostapd/iiab-hotspot-off
+
 - name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall)
   include_tasks: install.yml
   when: network_install and network_installed is undefined
 
-- name: Create /usr/bin/iiab-hotspot-on from template
-  template:
-    src: hostapd/iiab-hotspot-on
-    dest: /usr/bin/iiab-hotspot-on
-    owner: root
-    group: root
-    mode: 0755
-
-- name: Create /usr/bin/iiab-hotspot-off from template
-  template:
-    src: hostapd/iiab-hotspot-off
-    dest: /usr/bin/iiab-hotspot-off
-    owner: root
-    group: root
-    mode: 0755
 
 - name: Configuring Network if enabled
   block:
-  # - name: Configure wondershaper
-  #   include_tasks: wondershaper.yml
-  #   when: wondershaper_install or wondershaper_installed is defined
 
-#  - name: (Re)Install named
-#    include_tasks: named.yml
-#    when: named_install and FQDN_changed and iiab_stage|int == 9
+  # DEPRECATED
+  #- name: Configure wondershaper
+  #  include_tasks: wondershaper.yml
+  #  when: wondershaper_install or wondershaper_installed is defined
+  #
+  #- name: (Re)Install named
+  #  include_tasks: named.yml
+  #  when: named_install and FQDN_changed and iiab_stage|int == 9
+  #
+  #- name: (Re)Install dhcpd
+  #  include_tasks: dhcpd.yml
+  #  when: dhcpd_install and FQDN_changed and iiab_stage|int == 9
 
-#  - name: (Re)Install dhcpd
-#    include_tasks: dhcpd.yml
-#    when: dhcpd_install and FQDN_changed and iiab_stage|int == 9
-
-#  - name: (Re)Install Squid
-#    include_tasks: squid.yml
-#    when: squid_install and FQDN_changed and iiab_stage|int == 9
-
-  #preprep for backends
-  - name: Netplan in use on Ubuntu 18.04+
-    include_tasks: netplan.yml
-    when: is_ubuntu and not is_ubuntu_16
+  # 2022-07-22: Is './runrole --reinstall network' the new way to make this run?
+  #- name: (Re)Install Squid
+  #  include_tasks: squid.yml
+  #  when: squid_install and FQDN_changed and iiab_stage|int == 9
 
   #### Start services
-  - name: avahi
-    include_tasks: avahi.yml
   - name: hostapd
     include_tasks: hostapd.yml
   - name: computed_services
@@ -99,5 +93,13 @@
 
   - name: Restart services
     include_tasks: restart.yml
+
   # end block
   when: network_installed is defined and network_enabled
+
+
+- name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role.
+  file:
+    path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete"
+    state: touch
+  when: iiab_stage|int == 9

roles/network/tasks/netplan.yml

@@ -1,3 +1,16 @@
+# 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!)
+- name: Figure out netplan file name
+  shell: ls /etc/netplan
+  register: netplan
+  #ignore_errors: True # pre 17.10 doesn't use netplan
+
+# 2022-07-22: Copied from detected_network.yml (REMOVE DUPLICATE CODE LATER?!)
+- name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms"
+  set_fact:
+    systemd_networkd_active: True
+  when: ansible_local.local_facts.systemd_networkd == "enabled" or ansible_local.local_facts.systemd_networkd == "enabled-runtime"
+
+
 - name: Disable cloud-init the easy way
   shell: touch /etc/cloud/cloud-init.disabled
   when: item|trim == "50-cloud-init.yaml"

roles/network/tasks/netwarn.yml

@@ -0,0 +1,40 @@
+- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist?
+  stat:
+    path: /etc/xdg/lxsession/LXDE-pi/autostart
+  register: lxde_pi_autostart_present
+
+- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart
+  lineinfile:
+    path: /etc/xdg/lxsession/LXDE-pi/autostart
+    regexp: '^/usr/local/sbin/netwarn$'
+    line: '/usr/local/sbin/netwarn'
+  when: lxde_pi_autostart_present.stat.exists
+
+
+# mate desktop detection based on 'register: nd_dir' in enable_services
+- name: Does /usr/share/mate/autostart/ exist?
+  stat:
+    path: /usr/share/mate/autostart/
+  register: mate_dir
+
+# contents work with mate as of 'switch to using dash via sh'
+# 'text' is up for debate other structural changes I do not recommend JV
+
+- name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop'
+  template:
+    src: roles/network/templates/netwarn/netwarn-iiab-network.desktop    # Invoked by 1-prep (so full path needed)
+    dest: /usr/share/mate/autostart/
+  when: mate_dir.stat.exists and mate_dir.stat.isdir
+
+
+# 2022-07-21: Is autostart pop-up logic for Mint & stock Ubuntu much the same?
+
+# (Let's insert those here if so, and refine the 'when:' line below.)
+
+
+- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn'
+  template:
+    src: roles/network/templates/netwarn/netwarn    # Invoked by 1-prep (so full path needed)
+    dest: /usr/local/sbin/
+    mode: 0755
+  when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir)

roles/network/tasks/restart.yml

@@ -1,3 +1,11 @@
+# 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!)
+# - name: Figure out netplan file name
+#   shell: ls /etc/netplan
+#   register: netplan
+#   #ignore_errors: True # pre 17.10 doesn't use netplan
+#   when: is_ubuntu
+
+
 - name: Restart wpa_supplicant service
   systemd:
     name: "{{ item }}"
@@ -25,9 +33,13 @@
     daemon_reload: yes
   when: hostapd_enabled and (wifi_up_down or not no_net_restart)
 
-- name: Reload netplan for Wifi gateway on Ubuntu 18+
-  shell: netplan apply
-  when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1
+# 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch
+# any of the config files... netplan.yml renames one file if it's a container
+# build like on MATE, could possibly skip netplan.yml in future or toss that in
+# the mix now and see what shakes up" [ok, but keep netplan.yml as is for now]
+# - name: Reload netplan for Wifi gateway on Ubuntu 18+
+#   shell: netplan apply
+#   when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1
 
 #- name: Start named service
 #  systemd:

roles/network/templates/netwarn/netwarn

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then
+    exit
+fi
+
+zenity --question --width=360 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue?  (This can take 2-3 minutes)"
+rc=$?
+if [[ $rc != "0" ]]; then
+    exit $rc
+fi
+
+# mate-terminal always returns 255 w/ autostart, so intercept/record return code
+x-terminal-emulator -e "bash -c '/usr/local/bin/iiab-network; echo \"\$?\" > /tmp/iiab-network.rc'"
+rc=$(cat /tmp/iiab-network.rc)
+if [[ $rc != "0" ]]; then
+    zenity --warning --width=360 --text="iiab-network exited with error: $rc\n\nPlease review /opt/iiab/iiab/iiab-network.log"
+    exit $rc
+fi
+
+zenity --question --width=360 --text="iiab-network complete.\n\nWould you like to REBOOT now?  (Recommended)"
+if [[ $? == "0" ]]; then
+    x-terminal-emulator -e "sudo reboot"
+fi

roles/network/templates/netwarn/netwarn-iiab-network.desktop

@@ -0,0 +1,10 @@
+[Desktop Entry]
+Name[en_US]=iiab-network
+Comment[en_US]=iiab-network
+Name[en_CA]=iiab-network
+Comment[en_CA]=iiab-network
+Type=Application
+Exec=/usr/local/sbin/netwarn
+Hidden=false
+Name=iiab-network
+Comment=iiab-network

roles/www_options/tasks/main.yml

@@ -23,29 +23,29 @@
   when: nginx_installed is defined
   #when: nginx_install
 
-- name: Make home page autostart on localhost (the server's console) if session manager is LXDE (rpi)
+- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box.lan IIAB home page)
   stat:
     path: /etc/xdg/lxsession/LXDE-pi/autostart
-  register: lxde_present
+  register: lxde_pi_autostart_present
 
-- name: Check for Chromium name change
+- name: Does /usr/bin/chromium exist? (check for browser filename change)
   stat:
     path: /usr/bin/chromium
   register: chromium_present
 
-- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE
+- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart
   lineinfile:
     path: /etc/xdg/lxsession/LXDE-pi/autostart
     regexp: '^/usr/bin/chromium-browser'
-    line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' 
-  when: lxde_present.stat.exists and not chromium_present.stat.exists
+    line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home'
+  when: lxde_pi_autostart_present.stat.exists and not chromium_present.stat.exists
 
-- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE
+- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart
   lineinfile:
     path: /etc/xdg/lxsession/LXDE-pi/autostart
     regexp: '^/usr/bin/chromium'
-    line: '/usr/bin/chromium --disable-restore-session-state http://box/home' 
-  when: lxde_present.stat.exists and chromium_present.stat.exists
+    line: '/usr/bin/chromium --disable-restore-session-state http://box/home'
+  when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists
 
 
 - debug:

scripts/iiab-network

@@ -1,7 +1,3 @@
 #!/bin/bash -e
 cd /opt/iiab/iiab
 sudo ./iiab-network
-rc=$?
-if [[ $rc == "0" ]]; then
-    sudo touch /etc/iiab/install-flags/iiab-network-complete
-fi