Merge pull request #52 from iiab/master

sync from iiab/iiab

iiab-network

@@ -30,7 +30,7 @@ End=`date`
 
 
 # Record critical diagnostics to [/opt/iiab/iiab/]iiab-network.log
-echo "" >> iiab-network.log
+echo >> iiab-network.log
 
 # redhat path
 # Paul Armstrong's Shell Style Guide (https://google.github.io/styleguide/shell.xml)

roles/0-init/tasks/tz.yml

@@ -5,28 +5,28 @@
 
 - name: Set local and iiab TZ to UTC if /etc/localtime is not set
   set_fact:
-      local_tz: 'UTC'
-      iiab_TZ: 'UTC'
+    local_tz: 'UTC'
+    iiab_TZ: 'UTC'
   when: TZ_set.stdout == ""
 
 - name: Override ansible on timezone if TZ set
   set_fact:
-      local_tz: '{{ TZ_set.stdout }}'
+    local_tz: '{{ TZ_set.stdout }}'
   when: TZ_set.stdout != ""
 
 - name: Using iiab TZ for local TZ
   set_fact:
-      local_tz: '{{ iiab_TZ }}'
+    local_tz: '{{ iiab_TZ }}'
   when: iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
 
-- name: Set default Timezone from iiab TZ -  Debian
+- name: Set default Timezone from iiab TZ (debuntu)
   shell: timedatectl set-timezone {{ iiab_TZ }}
   when: is_debuntu and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
 
-- name: Set default Timezone from iiab TZ -  Redhat
+- name: Set default Timezone from iiab TZ (redhat)
   file:
-      path: /etc/localtime
-      src: /usr/share/zoneinfo/{{ iiab_TZ }}
-      force: yes
-      state: link
+    path: /etc/localtime
+    src: "/usr/share/zoneinfo/{{ iiab_TZ }}"
+    force: yes
+    state: link
   when: is_redhat and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"

roles/2-common/templates/iiab-startup.sh

@@ -4,5 +4,9 @@
 if [ ! -f /etc/iiab/uuid ]; then
    uuidgen > /etc/iiab/uuid
 fi
-exit 0
 
+# Experimental/Temporary workaround for WiFi "10SEC disease"
+# https://github.com/iiab/iiab/issues/638#issuecomment-355455454
+if grep -qi raspbian /etc/*release; then ip link set dev wlan0 promisc on; fi
+
+exit 0

roles/calibre/tasks/main.yml

@@ -1,12 +1,12 @@
 # 1. INSTALL THE LATEST CALIBRE 3.X+ (calibre-server etc) ON ALL OS'S
 
 # RUNS IF /usr/bin/calibre-uninstall DOES NOT ALEADY EXIST
-- name: Install Calibre via calibre-installer.py (OS's other than Raspbian)
+- name: Install Calibre via calibre-installer.py (redhat, ubuntu, debian if NOT calibre_debs_on_debian)
   include_tasks: py-installer.yml
   when: is_redhat or is_ubuntu or (is_debian and not calibre_debs_on_debian)
   #when: not is_rpi
 
-- name: Install Calibre via .debs (Raspbian)
+- name: Install Calibre via .debs (Raspbian, Debian if calibre_debs_on_debian)
   include_tasks: debs.yml
   when: is_rpi or (is_debian and calibre_debs_on_debian)
   #when: is_rpi or is_debian     # (is_debian also covers & includes is_rpi)

roles/network/defaults/main.yml

@@ -48,6 +48,13 @@ host_country_code: US
 hostapd_secure: True
 hostapd_password: "iiab2017"
 driver_name: nl80211
+hostapd_enabled: True
+# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is
+# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes
+# and content is downloaded, to enable the internal WiFi Access Point / AP!)
+reboot_to_AP: False
+# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above
+# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless.
 
 network_config_dir: /etc/network/interfaces.d
 #iiab_network_mode: "Gateway"

roles/network/tasks/detected_network.yml

@@ -121,19 +121,19 @@
 
 # Select an adapter that is not WAN and not wireless
 # if there is more than one the last one wins
-- name: Set discovered_wired_iface fact if present
+- name: Set discovered_wired_iface if present
   set_fact:
       discovered_wired_iface: "{{ item|trim }}"
   when: lan_list_result.stdout_lines is defined and item|trim != discovered_wireless_iface
   with_items:
       - "{{ lan_list_result.stdout_lines }}"
 
-- name: Set discovered_wireless_lan_iface fact if present
+- name: Set iiab_wireless_lan_iface if present
   set_fact:
        iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
   when: discovered_wireless_iface is defined and discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface
 
-- name: Set variable discovered_wired_lan_iface if present
+- name: Set iiab_wired_lan_iface if present
   set_fact:
        iiab_wired_lan_iface: "{{ discovered_wired_iface }}"
   when: discovered_wired_iface is defined and discovered_wired_iface != "none" and discovered_wired_iface != iiab_wan_iface

roles/network/tasks/hostapd.yml

@@ -1,47 +1,55 @@
-- name: Create a config file for hostapd
-  template: src=hostapd/hostapd.conf.j2
-            dest=/etc/hostapd/hostapd.conf
-            owner=root
-            group=root
-            mode=0644
+- name: Create /etc/hostapd/hostapd.conf from template
+  template:
+    src: hostapd/hostapd.conf.j2
+    dest: /etc/hostapd/hostapd.conf
+    owner: root
+    group: root
+    mode: 0644
   when: iiab_wireless_lan_iface is defined
 
-- name: Create a config template for hostapd
-  template: src=hostapd/iiab-hostapd.conf.j2
-            dest=/etc/hostapd/hostapd.conf.iiab
-            owner=root
-            group=root
-            mode=0644
+- name: Create /etc/hostapd/hostapd.conf.iiab from template
+  template:
+    src: hostapd/iiab-hostapd.conf.j2
+    dest: /etc/hostapd/hostapd.conf.iiab
+    owner: root
+    group: root
+    mode: 0644
   when: discovered_wireless_iface is defined
 
 - name: Disable the Access Point 'hostapd' service
-  service: enabled=no
-           name=hostapd.service
+  service:
+    enabled: no
+    name: hostapd.service
   when: not hostapd_enabled
 
 - name: Use custom systemd unit file to start 'hostapd' service
-  template: src=hostapd/hostapd.service.j2
-            dest=/etc/systemd/system/hostapd.service
-            owner=root
-            group=root
-            mode=0644
+  template:
+    src: hostapd/hostapd.service.j2
+    dest: /etc/systemd/system/hostapd.service
+    owner: root
+    group: root
+    mode: 0644
   when: hostapd_enabled
 
-- name: Use custom iiab-hotspot-on
-  template: src=network/iiab-hotspot-on
-            dest=/usr/bin/iiab-hotspot-on
-            owner=root
-            group=root
-            mode=0755
+- name: Create /usr/bin/iiab-hotspot-on from template
+  template:
+    src: network/iiab-hotspot-on
+    dest: /usr/bin/iiab-hotspot-on
+    owner: root
+    group: root
+    mode: 0755
 
-- name: Use custom iiab-hotspot-off
-  template: src=network/iiab-hotspot-off
-            dest=/usr/bin/iiab-hotspot-off
-            owner=root
-            group=root
-            mode=0755
+- name: Create /usr/bin/iiab-hotspot-off from template
+  template:
+    src: network/iiab-hotspot-off
+    dest: /usr/bin/iiab-hotspot-off
+    owner: root
+    group: root
+    mode: 0755
 
-- name: Enable the Access Point 'hostapd' service
-  service: enabled=yes
-           name=hostapd.service
-  when: iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance" and hostapd_enabled
+- name: Enable/Restart the Access Point 'hostapd' service
+  service:
+    # enabled: yes
+    state: restarted
+    name: hostapd.service
+  when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance"

roles/network/tasks/main.yml

@@ -1,23 +1,30 @@
-
-#- include_vars: roles/network/defaults/main.yml
-#- include_vars: vars/local_vars.yml
-
 - include_tasks: detected_network.yml
-  when: not installing
+  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
   tags:
-    - network
+    - network            #REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ?
     - network-discover
 
-- name: RPi - reboot to AP post install - installed via wifi so the services are ready
+- name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY
   set_fact:
-      iiab_lan_iface: br0
-      iiab_wan_iface: "{{ discovered_wired_iface }}"
-      iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
-      iiab_wired_lan_iface: ""
-  when: is_rpi and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP
+    hostapd_enabled: False    # used in (1) hostapd.yml, (2) rpi_debian.yml +
+                              # (3) its dhcpcd.conf.j2, (4) restart.yml
+    no_net_restart: True      # used below in (1) sysd-netd-debian.yml,
+                              # (2) debian.yml, (3) rpi_debian.yml
+  when: discovered_wireless_iface == iiab_wan_iface and not reboot_to_AP
+# Idea, Not Without Risks: should WiFi-as-gateway detection logic
+# be encapsulated into roles/network/tasks/hostapd.yml in future?
+# Today "./runtags hostapd" doesn't exist & "./runtags AP" is at yr own risk.
+
+#- name: RPi - reboot to AP post install - installed via wifi so the services are ready
+#  set_fact:
+#    iiab_lan_iface: br0
+#    iiab_wan_iface: "{{ discovered_wired_iface }}"
+#    iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
+#    iiab_wired_lan_iface: ""
+#  when: is_rpi and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP
 
 - include_tasks: computed_network.yml
-  when: not installing
+  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
   tags:
     - network
     - network-discover
@@ -27,11 +34,11 @@
     - network
     - AP
 
-- name: RPi reboot to AP post install - installed via wifi - don't blow away current network
-  set_fact:
-      no_net_restart: True
-      hostapd_enabled: False
-  when: is_rpi and discovered_wireless_iface is defined and discovered_wired_iface != iiab_wan_iface
+#- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network
+#  set_fact:
+#    no_net_restart: True
+#    hostapd_enabled: False
+#  when: is_rpi and discovered_wireless_iface is defined and discovered_wired_iface != iiab_wan_iface
 
 ##### Start static ip address info for first run #####
 #- include_tasks: static.yml
@@ -47,7 +54,9 @@
 - name: Configuring wondershaper
   include_tasks: wondershaper.yml
   when: wondershaper_install
-  tags: wondershaper, network
+  tags:
+    - network
+    - wondershaper
 
 - name: (Re)Installing named
   include_tasks: named.yml
@@ -86,64 +95,67 @@
 #### Start network layout
 - name: Redhat networking
   include_tasks: ifcfg_mods.yml
+  when: is_redhat
+#and not installing
   tags:
-  - network
-  when: is_redhat and not installing
+    - network
 
 - name: NetworkManager in use
   include_tasks: NM-debian.yml
-  tags:
-  - network
   when: is_debuntu and network_manager_active
 #and not installing
+  tags:
+    - network
 
 - name: systemd-networkd in use
   include_tasks: sysd-netd-debian.yml
-  tags:
-  - network
   when: is_debuntu and systemd_networkd_active
 #and not installing
+  tags:
+    - network
 
 - name: RPi's have dhcpcd in use
   include_tasks: rpi_debian.yml
-  tags:
-  - network
   when: is_debuntu and is_rpi
 #and not installing
+  tags:
+    - network
 
 - name: Not RPi, Not NetworkManager, Not systemd-networkd in use
   include_tasks: debian.yml
-  tags:
-  - network
   when: not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu
 #and not installing
+  tags:
+    - network
 
 # this is moving
-- name: Record iiab_wan_device
-  lineinfile: dest=/etc/iiab/iiab.env
-              regexp='^IIAB_WAN_DEVICE=*'
-              line='IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
-              state=present
-  when: not installing
+- name: Record IIAB_WAN_DEVICE to /etc/iiab/iiab.env
+  lineinfile:
+    dest: /etc/iiab/iiab.env
+    regexp: '^IIAB_WAN_DEVICE=*'
+    line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
+    state: present
+  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
   tags:
-  - network
+    - network
 
-- name: Record iiab_lan_device
-  lineinfile: dest=/etc/iiab/iiab.env
-              regexp='^IIAB_LAN_DEVICE=*'
-              line='IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
-              state=present
-  when: not installing
+- name: Record IIAB_LAN_DEVICE to /etc/iiab/iiab.env
+  lineinfile:
+    dest: /etc/iiab/iiab.env
+    regexp: '^IIAB_LAN_DEVICE=*'
+    line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
+    state: present
+  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
   tags:
-  - network
+    - network
 
 #### end network layout
 - include_tasks: restart.yml
   when: not installing
   tags:
-  - network
-  - named
-  - dhcpd
-  - dnsmasq
-  - squid
-  - AP
+    - network
+    - named
+    - dhcpd
+    - dnsmasq
+    - squid
+    - AP

roles/network/tasks/restart.yml

@@ -3,44 +3,52 @@
 #  when: iiab_wireless_lan_iface is defined and hostapd_enabled
 
 - name: Start named service
-  service: name={{ dns_service }}
-           state=restarted
+  service:
+    name: "{{ dns_service }}"
+    state: restarted
   when: named_enabled and named_install
 
 - name: Stop Squid service
-  service: name={{ proxy }}
-           state=stopped
+  service:
+    name: "{{ proxy }}"
+    state: stopped
   async: 120
   when: squid_install
 
 - name: Stop DansGuardian
-  service: name=dansguardian
-           state=stopped
+  service:
+    name: dansguardian
+    state: stopped
   when: dansguardian_install
 
 - name: Restart DansGuardian - except Ubuntu which needs reboot to activate
-  service: name=dansguardian
-           state=restarted
+  service:
+    name: dansguardian
+    state: restarted
   when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 )
 
 # Squid get re-loaded with dispatcher.d
 - name: Restart Squid service
-  service: name={{ proxy }}
-           state=restarted
+  service:
+    name: "{{ proxy }}"
+    state: restarted
   when: squid_enabled and squid_install
 
 - name: Restart Wondershaper service
-  service: name=wondershaper
-           state=restarted
+  service:
+    name: wondershaper
+    state: restarted
   when: wondershaper_enabled
 
 - name: Restart avahi service
-  service: name=avahi-daemon
-           state=restarted
+  service:
+    name: avahi-daemon
+    state: restarted
 
 - name: Create gateway flag
   shell: echo 1 > /etc/sysconfig/olpc-scripts/setup.d/installed/gateway
-         creates=/etc/sysconfig/olpc-scripts/setup.d/installed/gateway
+  args:
+    creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway
   when: iiab_network_mode == "Gateway"
 
 - name: Waiting {{ hostapd_wait }} seconds for network to stabilize
@@ -51,15 +59,17 @@
 
 - name: Checking if WiFi slave is active
   shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l
-  when: iiab_wireless_lan_iface is defined and iiab_lan_iface == "br0" and hostapd_enabled
+  when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_lan_iface == "br0"
   register: wifi_slave
 
 - name: Restart hostapd if WiFi slave is inactive
-  service: name=hostapd.service
-           state=restarted
-  when: wifi_slave.stdout is defined and hostapd_enabled and wifi_slave.stdout == 0
+  service:
+    name: hostapd.service
+    state: restarted
+  when: hostapd_enabled and wifi_slave.stdout is defined and wifi_slave.stdout == 0
 
 - name: dhcp_server may be affected - starting - user choice
-  service: name={{ dhcp_service2 }}
-           state=restarted
+  service:
+    name: "{{ dhcp_service2 }}"
+    state: restarted
   when: iiab_network_mode != "Appliance"

roles/network/tasks/rpi_debian.yml

@@ -38,19 +38,19 @@
     name: dhcpcd
     state: restarted
 
-- name: Restart the networking service
+- name: Restart the networking service if appropriate
   service:
     name: networking
     enabled: yes
     state: restarted
   when: not nobridge is defined and not no_net_restart
 
-- name: Restart hostapd when WiFi is present
+- name: Restart hostapd if appropriate
   service:
     name: hostapd
     enabled: yes
     state: restarted
-  when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
+  when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance"
 
 #- name: dhcp_server may be affected - starting - user choice
 #  service: name={{ dhcp_service2 }} state=started

roles/network/templates/hostapd/hostapd.conf.j2

@@ -2,9 +2,10 @@
 
 interface={% if iiab_wireless_lan_iface is defined %}{{ iiab_wireless_lan_iface }}{% endif %}
 
+
 ssid={{ host_ssid }}
 channel={{ host_channel }}
-{%if iiab_lan_iface  == "br0" %}
+{%if iiab_lan_iface == "br0" %}
 bridge=br0
 {% endif %}
 

roles/network/templates/hostapd/iiab-hostapd.conf.j2

@@ -4,7 +4,7 @@ interface={{ discovered_wireless_iface }}
 
 ssid={{ host_ssid }}
 channel={{ host_channel }}
-{%if iiab_lan_iface  == "br0" %}
+{%if iiab_lan_iface == "br0" %}
 bridge=br0
 {% endif %}
 

roles/network/templates/network/dhcpcd.conf.j2

@@ -38,9 +38,17 @@ require dhcp_server_identifier
 slaac private
 
 # IIAB
-denyinterfaces {% if iiab_wireless_lan_iface is defined %} {{ iiab_wireless_lan_iface }} {% endif %} {% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }} {% endif %}
 
-#{% if iiab_lan_iface != "br0" %} {{ iiab_lan_iface }} {% endif %}
+# always support Ethernet-to-Internet on RPi (avoid "denyinterfaces eth0")
+{% if is_rpi and hostapd_enabled %}
+denyinterfaces {% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }} {% endif %}
+{% elif is_rpi %}
+#denyinterfaces {% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }} {% endif %}
+{% else %}
+denyinterfaces {% if iiab_wireless_lan_iface is defined %} {{ iiab_wireless_lan_iface }} {% endif %} {% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }} {% endif %}
+{% endif %}
+
+{# {% if iiab_lan_iface != "br0" %} {{ iiab_lan_iface }} {% endif %} #}
 
 {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %}
 interface {{ iiab_lan_iface }}

roles/network/templates/network/iiab-hotspot-off

@@ -7,3 +7,7 @@ systemctl stop dhcpd
 systemctl daemon-reload
 systemctl restart dhcpcd
 systemctl restart networking
+
+# Experimental/Temporary workaround for WiFi "10SEC disease"
+# https://github.com/iiab/iiab/issues/638#issuecomment-355455454
+if grep -qi raspbian /etc/*release; then ip link set dev wlan0 promisc on; fi

scripts/calibre-install-latest.sh

@@ -7,7 +7,7 @@ export DEBIAN_FRONTEND=noninteractive
 # Drags in stock desktop dependencies without too much from testing below
 apt -y install calibre-bin dirmngr
 
-# Updates calibre-bin to version 3.10 from testing
+# Updates calibre-bin to version 3.10 or 3.14 or ... from testing (SEE http://archive.raspbian.org/raspbian/pool/main/c/calibre/ ?)
 apt-key adv --recv-key --keyserver keyserver.ubuntu.com 7638D0442B90D010
 echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list.d/debian-testing.list
 apt update
@@ -15,7 +15,7 @@ apt -y install libqt5core5a python-lxml calibre
 # Remove last line, safer than: rm /etc/apt/sources.list.d/debian-testing.list
 sed -i '$ d' /etc/apt/sources.list.d/debian-testing.list
 
-# Updates to calibre & calibre-bin to 3.12 from unstable
+# Updates to calibre & calibre-bin to "very latest" 3.x from unstable
 echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list.d/debian-unstable.list
 apt update
 apt -y install calibre

vars/default_vars.yml

@@ -63,16 +63,18 @@ lan_netmask: 255.255.224.0
 # Internal Wi-Fi Access Point
 # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled
 # The platform variable adapts install to specific hardware (raspberry pi=rpi2)
-hostapd_enabled: True
 host_ssid: "Internet in a Box"
 host_wifi_mode: g
 host_channel: 6
 hostapd_secure: False
 hostapd_password: changeme
-# For those installing IIAB over WiFi: "reboot_to_AP: True" makes the internal
-# WiFi Access active after the next reboot.  This is equivalent to manually
-# running "iiab-hotspot-on".  Note this variable only works with RPi's for now.
+hostapd_enabled: True
+# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is
+# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes
+# and content is downloaded, to enable the internal WiFi Access Point / AP!)
 reboot_to_AP: False
+# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above
+# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless.
 
 # Gateway mode
 iiab_lan_enabled: True