From 52989599dda1ade00bf46683a3c2e48c863da84c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 11:45:29 -0500 Subject: [PATCH 01/11] move iiab-internet-on|off - introduce netwarn --- roles/network/tasks/enable_services.yml | 11 ----------- roles/network/tasks/install.yml | 20 ++++++++++++++++++++ scripts/netwarn.sh | 8 ++++++++ 3 files changed, 28 insertions(+), 11 deletions(-) create mode 100644 scripts/netwarn.sh diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 2991a0c58..4566c00bb 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -202,17 +202,6 @@ # group: root mode: 0755 -- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) - template: - src: "{{ item }}" - dest: /usr/bin/ - # owner: root - # group: root - mode: 0755 - with_items: - - gateway/iiab-internet-on - - gateway/iiab-internet-off - - name: Add 'squid' variable values to {{ iiab_ini_file }} - if squid_installed is defined ini_file: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 08ddb9113..2a76b10c2 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -76,6 +76,26 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined +- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn + file: + src: "{{ iiab_dir }}/scripts/netwarn.sh" + dest: /usr/local/sbin/netwarn + mode: '0755' + state: link + +- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) + template: + src: "{{ item }}" + dest: /usr/bin/ + # owner: root + # group: root + mode: 0755 + with_items: + - gateway/iiab-internet-on + - gateway/iiab-internet-off + +# mate desktop detection based on 'register: nd_dir' + - name: "Set 'network_installed: True'" set_fact: diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh new file mode 100644 index 000000000..8524c22f8 --- /dev/null +++ b/scripts/netwarn.sh @@ -0,0 +1,8 @@ +if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then + zenity --question --text="You need to provision the network. Ensure you have your upstream internet active first if needed. You will be prompted for your password. You should REBOOT afterwards, do you want to Proceed?" + rc=$? + if [ $rc == "1" ]; then + exit 1 + fi + x-terminal-emulator -e /usr/local/bin/iiab-network +fi From 8d42038ad2c0dc80121ee429c097ee91640cdd08 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 12:16:09 -0500 Subject: [PATCH 02/11] introduce netwarn-iiab-network.desktop --- roles/network/tasks/install.yml | 21 ++++++++++++++++++++- scripts/netwarn-iiab-network.desktop | 10 ++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 scripts/netwarn-iiab-network.desktop diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 2a76b10c2..301b3ddc0 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -94,8 +94,27 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off -# mate desktop detection based on 'register: nd_dir' +# mate desktop detection based on 'register: nd_dir' in enable_services +- name: Check if /usr/share/mate/autostart/ exists + stat: + path: /usr/share/mate/autostart/ + register: mate_dir +- name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop + file: + src: "{{ iiab_dir }}/scripts/netwarn" + dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop + mode: '0755' + state: link + when: mate_dir.stat.exists and mate_dir.stat.isdir + +# RpiOS detection based on register: lx in pwd-warnings.yml +- name: Is /etc/xdg/lxsession/LXDE-pi a directory? + stat: + path: /etc/xdg/lxsession/LXDE-pi + register: lx + +# clairify usage - name: "Set 'network_installed: True'" set_fact: diff --git a/scripts/netwarn-iiab-network.desktop b/scripts/netwarn-iiab-network.desktop new file mode 100644 index 000000000..35547ee41 --- /dev/null +++ b/scripts/netwarn-iiab-network.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name[en_US]=iiab-network +Comment[en_US]=iiab-network +Name[en_CA]=iiab-network +Comment[en_CA]=iiab-network +Type=Application +Exec=/usr/local/sbin/netwarn +Hidden=false +Name=iiab-network +Comment=iiab-network From a3de7b389d3f6add35d748a13a63bddf85492dbe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 16 Jul 2022 12:47:30 -0500 Subject: [PATCH 03/11] also allow ICO to set the complete flag --- roles/network/tasks/main.yml | 6 ++++++ scripts/iiab-network | 4 ---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 8e225eb40..1fce28475 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -101,3 +101,9 @@ include_tasks: restart.yml # end block when: network_installed is defined and network_enabled + +- name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. + file: + path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" + state: touch + when: iiab_stage|int == 9 diff --git a/scripts/iiab-network b/scripts/iiab-network index 9e56350eb..c2d12056f 100644 --- a/scripts/iiab-network +++ b/scripts/iiab-network @@ -1,7 +1,3 @@ #!/bin/bash -e cd /opt/iiab/iiab sudo ./iiab-network -rc=$? -if [[ $rc == "0" ]]; then - sudo touch /etc/iiab/install-flags/iiab-network-complete -fi From e6155e6a864c9cc8d5710d889b008b57b0a706ee Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 17 Jul 2022 15:15:56 -0500 Subject: [PATCH 04/11] netwarn - with reboot question --- roles/network/tasks/install.yml | 2 +- scripts/netwarn.sh | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 301b3ddc0..592c1612c 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -80,7 +80,7 @@ file: src: "{{ iiab_dir }}/scripts/netwarn.sh" dest: /usr/local/sbin/netwarn - mode: '0755' + mode: 0755 state: link - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh index 8524c22f8..641d5ba81 100644 --- a/scripts/netwarn.sh +++ b/scripts/netwarn.sh @@ -1,8 +1,20 @@ +#!/bin/bash if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then - zenity --question --text="You need to provision the network. Ensure you have your upstream internet active first if needed. You will be prompted for your password. You should REBOOT afterwards, do you want to Proceed?" + zenity --question --width=200 --text="You need to provision the network. Ensure you have your upstream internet active first. You might be prompted for your password. Should you not want to provision the network at this time just click NO" rc=$? if [ $rc == "1" ]; then - exit 1 + exit 0 fi x-terminal-emulator -e /usr/local/bin/iiab-network + rc=$? + if [ $rc == "1" ]; then + zenity --question --width=200 --text="Network exited with error, please review /opt/iiab/iiab/iiab-network.log" + exit 1 + fi + zenity --question --width=200 --text="A REBOOT is recommended, would you like to REBOOT now?" + rc=$? + if [ $rc == "1" ]; then + exit 0 + fi + x-terminal-emulator -e /usr/sbin/reboot fi From 700cdc9a07d421eda9390267ebc6bf646f98e678 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 20:33:08 -0500 Subject: [PATCH 05/11] switch to using dash via sh --- scripts/netwarn.sh | 47 +++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh index 641d5ba81..457152b37 100644 --- a/scripts/netwarn.sh +++ b/scripts/netwarn.sh @@ -1,20 +1,29 @@ -#!/bin/bash -if ! [ -f /etc/iiab/install-flags/iiab-network-complete ]; then - zenity --question --width=200 --text="You need to provision the network. Ensure you have your upstream internet active first. You might be prompted for your password. Should you not want to provision the network at this time just click NO" - rc=$? - if [ $rc == "1" ]; then - exit 0 - fi - x-terminal-emulator -e /usr/local/bin/iiab-network - rc=$? - if [ $rc == "1" ]; then - zenity --question --width=200 --text="Network exited with error, please review /opt/iiab/iiab/iiab-network.log" - exit 1 - fi - zenity --question --width=200 --text="A REBOOT is recommended, would you like to REBOOT now?" - rc=$? - if [ $rc == "1" ]; then - exit 0 - fi - x-terminal-emulator -e /usr/sbin/reboot +#!/bin/sh +if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then + exit +fi + +zenity --question --width=350 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue?" +case $? in + -1|5) + exit 1 + ;; + + 1) + exit 0 + ;; + + 0) + x-terminal-emulator -e /usr/local/bin/iiab-network + ;; +esac + +if [ "$?" = "1" ]; then + zenity --warning --width=350 --text="iiab-network exited with error.\n\nPlease review /opt/iiab/iiab/iiab-network.log" + exit 1 +fi + +zenity --question --width=350 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" +if [ "$?" = "0" ]; then + x-terminal-emulator -e "sudo reboot" fi From a5c8dcc904e1c9c1426f5d8580e5560479d2e421 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 22:53:41 -0500 Subject: [PATCH 06/11] rework --- roles/network/tasks/install.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 592c1612c..20c6f279b 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -76,13 +76,7 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined -- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn - file: - src: "{{ iiab_dir }}/scripts/netwarn.sh" - dest: /usr/local/sbin/netwarn - mode: 0755 - state: link - +# all installs - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) template: src: "{{ item }}" @@ -100,11 +94,21 @@ path: /usr/share/mate/autostart/ register: mate_dir +# contents work with mate as of 'switch to using dash via sh' +# 'text' is up for debate other structural changes I do not recommend JV +# if need be cut a second version for RasPiOS + +- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn + file: + src: "{{ iiab_dir }}/scripts/netwarn.sh" + dest: /usr/local/sbin/netwarn + state: link + when: mate_dir.stat.exists and mate_dir.stat.isdir + - name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop file: - src: "{{ iiab_dir }}/scripts/netwarn" + src: "{{ iiab_dir }}/scripts/netwarn-iiab-network.desktop" dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop - mode: '0755' state: link when: mate_dir.stat.exists and mate_dir.stat.isdir From ad3d4f2ea913b27f184833ae203be4ba5a606e8d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:22:11 -0500 Subject: [PATCH 07/11] speedup - ssh ports are not changing --- roles/network/tasks/install.yml | 7 +++++-- roles/network/tasks/main.yml | 2 -- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 20c6f279b..330d6bd38 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -61,12 +61,12 @@ #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE -# UNMAINTAINED +# UNUSED #- name: Install named / BIND # include_tasks: roles/network/tasks/named.yml # when: named_install is defined and named_install -# UNMAINTAINED +# UNUSED #- name: Install dhcpd # include_tasks: roles/network/tasks/dhcpd.yml # when: dhcpd_install is defined and dhcpd_install @@ -88,6 +88,9 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off +- name: avahi + include_tasks: avahi.yml + # mate desktop detection based on 'register: nd_dir' in enable_services - name: Check if /usr/share/mate/autostart/ exists stat: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 1fce28475..aecbc5d7e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -65,8 +65,6 @@ when: is_ubuntu and not is_ubuntu_16 #### Start services - - name: avahi - include_tasks: avahi.yml - name: hostapd include_tasks: hostapd.yml - name: computed_services From 9bc9f3aeee0c95b92cd0bf890d88409e229f961b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:49:25 -0500 Subject: [PATCH 08/11] fedora files --- .../templates/network/{ifcfg-WAN.j2 => ifcfg-WAN.j2.unsued} | 0 .../templates/network/{ifcfg-slave.j2 => ifcfg-slave.j2.unused} | 0 roles/network/templates/network/{ifcfg.j2 => ifcfg.j2.usused} | 0 .../network/{sysconfig.network.j2 => sysconfig.network.j2.unused} | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename roles/network/templates/network/{ifcfg-WAN.j2 => ifcfg-WAN.j2.unsued} (100%) rename roles/network/templates/network/{ifcfg-slave.j2 => ifcfg-slave.j2.unused} (100%) rename roles/network/templates/network/{ifcfg.j2 => ifcfg.j2.usused} (100%) rename roles/network/templates/network/{sysconfig.network.j2 => sysconfig.network.j2.unused} (100%) diff --git a/roles/network/templates/network/ifcfg-WAN.j2 b/roles/network/templates/network/ifcfg-WAN.j2.unsued similarity index 100% rename from roles/network/templates/network/ifcfg-WAN.j2 rename to roles/network/templates/network/ifcfg-WAN.j2.unsued diff --git a/roles/network/templates/network/ifcfg-slave.j2 b/roles/network/templates/network/ifcfg-slave.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg-slave.j2 rename to roles/network/templates/network/ifcfg-slave.j2.unused diff --git a/roles/network/templates/network/ifcfg.j2 b/roles/network/templates/network/ifcfg.j2.usused similarity index 100% rename from roles/network/templates/network/ifcfg.j2 rename to roles/network/templates/network/ifcfg.j2.usused diff --git a/roles/network/templates/network/sysconfig.network.j2 b/roles/network/templates/network/sysconfig.network.j2.unused similarity index 100% rename from roles/network/templates/network/sysconfig.network.j2 rename to roles/network/templates/network/sysconfig.network.j2.unused From ce25ac3cdc3232c24905240b79bee71693b64757 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Jul 2022 23:44:19 -0500 Subject: [PATCH 09/11] netplan setup is one time and may not even be needed --- roles/network/tasks/install.yml | 10 +++++++--- roles/network/tasks/main.yml | 5 ----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 330d6bd38..15ec9331c 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -45,6 +45,8 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' +- name: avahi + include_tasks: avahi.yml # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: - name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" @@ -76,6 +78,11 @@ include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined + #preprep for backends +- name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu + # all installs - name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) template: @@ -88,9 +95,6 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off -- name: avahi - include_tasks: avahi.yml - # mate desktop detection based on 'register: nd_dir' in enable_services - name: Check if /usr/share/mate/autostart/ exists stat: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index aecbc5d7e..579bf64e9 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -59,11 +59,6 @@ # include_tasks: squid.yml # when: squid_install and FQDN_changed and iiab_stage|int == 9 - #preprep for backends - - name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 - #### Start services - name: hostapd include_tasks: hostapd.yml From 85a5f8fd985d000ec1ddea47b0538e29d40cddd8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Jul 2022 00:05:34 -0500 Subject: [PATCH 10/11] unmask hostapd once --- roles/network/tasks/hostapd.yml | 3 +-- roles/network/tasks/install.yml | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 0bae7b20f..520567a66 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,8 +1,7 @@ -- name: Unmask the Access Point 'hostapd' service +- name: Disable the Access Point 'hostapd' service systemd: name: hostapd enabled: no - masked: no - name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected set_fact: diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 15ec9331c..4272cd627 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -45,6 +45,12 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' +-- name: Unmask the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + masked: no + - name: avahi include_tasks: avahi.yml From 861652f141282ef212022e62a177aaabd4a4378e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Jul 2022 00:49:28 -0500 Subject: [PATCH 11/11] hostapd refinement --- roles/network/tasks/hostapd.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 520567a66..99fb6cf41 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,13 +1,14 @@ -- name: Disable the Access Point 'hostapd' service - systemd: - name: hostapd - enabled: no - - name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected set_fact: hostapd_enabled: False when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap +- name: Disable the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + when: not hostapd_enabled + - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 register: current_client_channel @@ -21,10 +22,12 @@ - name: Generate new random mac address for ap0 shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' register: ap0_mac + when: can_be_ap - name: Setting ap0 mac address for use in hostapd service file set_fact: ap0_mac_addr: "{{ ap0_mac.stdout }}" + when: can_be_ap - name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi" template: