diff --git a/iiab-network b/iiab-network index 3b3b634f1..65c77b55a 100755 --- a/iiab-network +++ b/iiab-network @@ -30,7 +30,7 @@ End=`date` # Record critical diagnostics to [/opt/iiab/iiab/]iiab-network.log -echo "" >> iiab-network.log +echo >> iiab-network.log # redhat path # Paul Armstrong's Shell Style Guide (https://google.github.io/styleguide/shell.xml) diff --git a/roles/0-init/tasks/tz.yml b/roles/0-init/tasks/tz.yml index d2e0f4991..5263c23d0 100644 --- a/roles/0-init/tasks/tz.yml +++ b/roles/0-init/tasks/tz.yml @@ -5,28 +5,28 @@ - name: Set local and iiab TZ to UTC if /etc/localtime is not set set_fact: - local_tz: 'UTC' - iiab_TZ: 'UTC' + local_tz: 'UTC' + iiab_TZ: 'UTC' when: TZ_set.stdout == "" - name: Override ansible on timezone if TZ set set_fact: - local_tz: '{{ TZ_set.stdout }}' + local_tz: '{{ TZ_set.stdout }}' when: TZ_set.stdout != "" - name: Using iiab TZ for local TZ set_fact: - local_tz: '{{ iiab_TZ }}' + local_tz: '{{ iiab_TZ }}' when: iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout" -- name: Set default Timezone from iiab TZ - Debian +- name: Set default Timezone from iiab TZ (debuntu) shell: timedatectl set-timezone {{ iiab_TZ }} when: is_debuntu and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout" -- name: Set default Timezone from iiab TZ - Redhat +- name: Set default Timezone from iiab TZ (redhat) file: - path: /etc/localtime - src: /usr/share/zoneinfo/{{ iiab_TZ }} - force: yes - state: link + path: /etc/localtime + src: "/usr/share/zoneinfo/{{ iiab_TZ }}" + force: yes + state: link when: is_redhat and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout" diff --git a/roles/2-common/templates/iiab-startup.sh b/roles/2-common/templates/iiab-startup.sh index afb2c1d98..012a32746 100644 --- a/roles/2-common/templates/iiab-startup.sh +++ b/roles/2-common/templates/iiab-startup.sh @@ -4,5 +4,9 @@ if [ ! -f /etc/iiab/uuid ]; then uuidgen > /etc/iiab/uuid fi -exit 0 +# Experimental/Temporary workaround for WiFi "10SEC disease" +# https://github.com/iiab/iiab/issues/638#issuecomment-355455454 +if grep -qi raspbian /etc/*release; then ip link set dev wlan0 promisc on; fi + +exit 0 diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index 556ead031..097e7b044 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -1,12 +1,12 @@ # 1. INSTALL THE LATEST CALIBRE 3.X+ (calibre-server etc) ON ALL OS'S # RUNS IF /usr/bin/calibre-uninstall DOES NOT ALEADY EXIST -- name: Install Calibre via calibre-installer.py (OS's other than Raspbian) +- name: Install Calibre via calibre-installer.py (redhat, ubuntu, debian if NOT calibre_debs_on_debian) include_tasks: py-installer.yml when: is_redhat or is_ubuntu or (is_debian and not calibre_debs_on_debian) #when: not is_rpi -- name: Install Calibre via .debs (Raspbian) +- name: Install Calibre via .debs (Raspbian, Debian if calibre_debs_on_debian) include_tasks: debs.yml when: is_rpi or (is_debian and calibre_debs_on_debian) #when: is_rpi or is_debian # (is_debian also covers & includes is_rpi) diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 8c2c66c58..cc6862dee 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -48,6 +48,13 @@ host_country_code: US hostapd_secure: True hostapd_password: "iiab2017" driver_name: nl80211 +hostapd_enabled: True +# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is +# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes +# and content is downloaded, to enable the internal WiFi Access Point / AP!) +reboot_to_AP: False +# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above +# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless. network_config_dir: /etc/network/interfaces.d #iiab_network_mode: "Gateway" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index d8d6c0e95..490db8c72 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -121,19 +121,19 @@ # Select an adapter that is not WAN and not wireless # if there is more than one the last one wins -- name: Set discovered_wired_iface fact if present +- name: Set discovered_wired_iface if present set_fact: discovered_wired_iface: "{{ item|trim }}" when: lan_list_result.stdout_lines is defined and item|trim != discovered_wireless_iface with_items: - "{{ lan_list_result.stdout_lines }}" -- name: Set discovered_wireless_lan_iface fact if present +- name: Set iiab_wireless_lan_iface if present set_fact: iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" when: discovered_wireless_iface is defined and discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface -- name: Set variable discovered_wired_lan_iface if present +- name: Set iiab_wired_lan_iface if present set_fact: iiab_wired_lan_iface: "{{ discovered_wired_iface }}" when: discovered_wired_iface is defined and discovered_wired_iface != "none" and discovered_wired_iface != iiab_wan_iface diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 9a815591a..e5d744d5e 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,47 +1,55 @@ -- name: Create a config file for hostapd - template: src=hostapd/hostapd.conf.j2 - dest=/etc/hostapd/hostapd.conf - owner=root - group=root - mode=0644 +- name: Create /etc/hostapd/hostapd.conf from template + template: + src: hostapd/hostapd.conf.j2 + dest: /etc/hostapd/hostapd.conf + owner: root + group: root + mode: 0644 when: iiab_wireless_lan_iface is defined -- name: Create a config template for hostapd - template: src=hostapd/iiab-hostapd.conf.j2 - dest=/etc/hostapd/hostapd.conf.iiab - owner=root - group=root - mode=0644 +- name: Create /etc/hostapd/hostapd.conf.iiab from template + template: + src: hostapd/iiab-hostapd.conf.j2 + dest: /etc/hostapd/hostapd.conf.iiab + owner: root + group: root + mode: 0644 when: discovered_wireless_iface is defined - name: Disable the Access Point 'hostapd' service - service: enabled=no - name=hostapd.service + service: + enabled: no + name: hostapd.service when: not hostapd_enabled - name: Use custom systemd unit file to start 'hostapd' service - template: src=hostapd/hostapd.service.j2 - dest=/etc/systemd/system/hostapd.service - owner=root - group=root - mode=0644 + template: + src: hostapd/hostapd.service.j2 + dest: /etc/systemd/system/hostapd.service + owner: root + group: root + mode: 0644 when: hostapd_enabled -- name: Use custom iiab-hotspot-on - template: src=network/iiab-hotspot-on - dest=/usr/bin/iiab-hotspot-on - owner=root - group=root - mode=0755 +- name: Create /usr/bin/iiab-hotspot-on from template + template: + src: network/iiab-hotspot-on + dest: /usr/bin/iiab-hotspot-on + owner: root + group: root + mode: 0755 -- name: Use custom iiab-hotspot-off - template: src=network/iiab-hotspot-off - dest=/usr/bin/iiab-hotspot-off - owner=root - group=root - mode=0755 +- name: Create /usr/bin/iiab-hotspot-off from template + template: + src: network/iiab-hotspot-off + dest: /usr/bin/iiab-hotspot-off + owner: root + group: root + mode: 0755 -- name: Enable the Access Point 'hostapd' service - service: enabled=yes - name=hostapd.service - when: iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance" and hostapd_enabled +- name: Enable/Restart the Access Point 'hostapd' service + service: + # enabled: yes + state: restarted + name: hostapd.service + when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance" diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 95981e1eb..98dc85c29 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,23 +1,30 @@ - -#- include_vars: roles/network/defaults/main.yml -#- include_vars: vars/local_vars.yml - - include_tasks: detected_network.yml - when: not installing + when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml tags: - - network + - network #REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ? - network-discover -- name: RPi - reboot to AP post install - installed via wifi so the services are ready +- name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY set_fact: - iiab_lan_iface: br0 - iiab_wan_iface: "{{ discovered_wired_iface }}" - iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" - iiab_wired_lan_iface: "" - when: is_rpi and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP + hostapd_enabled: False # used in (1) hostapd.yml, (2) rpi_debian.yml + + # (3) its dhcpcd.conf.j2, (4) restart.yml + no_net_restart: True # used below in (1) sysd-netd-debian.yml, + # (2) debian.yml, (3) rpi_debian.yml + when: discovered_wireless_iface == iiab_wan_iface and not reboot_to_AP +# Idea, Not Without Risks: should WiFi-as-gateway detection logic +# be encapsulated into roles/network/tasks/hostapd.yml in future? +# Today "./runtags hostapd" doesn't exist & "./runtags AP" is at yr own risk. + +#- name: RPi - reboot to AP post install - installed via wifi so the services are ready +# set_fact: +# iiab_lan_iface: br0 +# iiab_wan_iface: "{{ discovered_wired_iface }}" +# iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" +# iiab_wired_lan_iface: "" +# when: is_rpi and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP - include_tasks: computed_network.yml - when: not installing + when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml tags: - network - network-discover @@ -27,11 +34,11 @@ - network - AP -- name: RPi reboot to AP post install - installed via wifi - don't blow away current network - set_fact: - no_net_restart: True - hostapd_enabled: False - when: is_rpi and discovered_wireless_iface is defined and discovered_wired_iface != iiab_wan_iface +#- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network +# set_fact: +# no_net_restart: True +# hostapd_enabled: False +# when: is_rpi and discovered_wireless_iface is defined and discovered_wired_iface != iiab_wan_iface ##### Start static ip address info for first run ##### #- include_tasks: static.yml @@ -47,7 +54,9 @@ - name: Configuring wondershaper include_tasks: wondershaper.yml when: wondershaper_install - tags: wondershaper, network + tags: + - network + - wondershaper - name: (Re)Installing named include_tasks: named.yml @@ -86,64 +95,67 @@ #### Start network layout - name: Redhat networking include_tasks: ifcfg_mods.yml + when: is_redhat +#and not installing tags: - - network - when: is_redhat and not installing + - network - name: NetworkManager in use include_tasks: NM-debian.yml - tags: - - network when: is_debuntu and network_manager_active #and not installing + tags: + - network - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml - tags: - - network when: is_debuntu and systemd_networkd_active #and not installing + tags: + - network - name: RPi's have dhcpcd in use include_tasks: rpi_debian.yml - tags: - - network when: is_debuntu and is_rpi #and not installing + tags: + - network - name: Not RPi, Not NetworkManager, Not systemd-networkd in use include_tasks: debian.yml - tags: - - network when: not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu #and not installing + tags: + - network # this is moving -- name: Record iiab_wan_device - lineinfile: dest=/etc/iiab/iiab.env - regexp='^IIAB_WAN_DEVICE=*' - line='IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"' - state=present - when: not installing +- name: Record IIAB_WAN_DEVICE to /etc/iiab/iiab.env + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^IIAB_WAN_DEVICE=*' + line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"' + state: present + when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml tags: - - network + - network -- name: Record iiab_lan_device - lineinfile: dest=/etc/iiab/iiab.env - regexp='^IIAB_LAN_DEVICE=*' - line='IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"' - state=present - when: not installing +- name: Record IIAB_LAN_DEVICE to /etc/iiab/iiab.env + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^IIAB_LAN_DEVICE=*' + line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"' + state: present + when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml tags: - - network + - network #### end network layout - include_tasks: restart.yml when: not installing tags: - - network - - named - - dhcpd - - dnsmasq - - squid - - AP + - network + - named + - dhcpd + - dnsmasq + - squid + - AP diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index a8c22c727..98fc09114 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -3,44 +3,52 @@ # when: iiab_wireless_lan_iface is defined and hostapd_enabled - name: Start named service - service: name={{ dns_service }} - state=restarted + service: + name: "{{ dns_service }}" + state: restarted when: named_enabled and named_install - name: Stop Squid service - service: name={{ proxy }} - state=stopped + service: + name: "{{ proxy }}" + state: stopped async: 120 when: squid_install - name: Stop DansGuardian - service: name=dansguardian - state=stopped + service: + name: dansguardian + state: stopped when: dansguardian_install - name: Restart DansGuardian - except Ubuntu which needs reboot to activate - service: name=dansguardian - state=restarted + service: + name: dansguardian + state: restarted when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 ) # Squid get re-loaded with dispatcher.d - name: Restart Squid service - service: name={{ proxy }} - state=restarted + service: + name: "{{ proxy }}" + state: restarted when: squid_enabled and squid_install - name: Restart Wondershaper service - service: name=wondershaper - state=restarted + service: + name: wondershaper + state: restarted when: wondershaper_enabled - name: Restart avahi service - service: name=avahi-daemon - state=restarted + service: + name: avahi-daemon + state: restarted - name: Create gateway flag shell: echo 1 > /etc/sysconfig/olpc-scripts/setup.d/installed/gateway - creates=/etc/sysconfig/olpc-scripts/setup.d/installed/gateway + args: + creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway when: iiab_network_mode == "Gateway" - name: Waiting {{ hostapd_wait }} seconds for network to stabilize @@ -51,15 +59,17 @@ - name: Checking if WiFi slave is active shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l - when: iiab_wireless_lan_iface is defined and iiab_lan_iface == "br0" and hostapd_enabled + when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_lan_iface == "br0" register: wifi_slave - name: Restart hostapd if WiFi slave is inactive - service: name=hostapd.service - state=restarted - when: wifi_slave.stdout is defined and hostapd_enabled and wifi_slave.stdout == 0 + service: + name: hostapd.service + state: restarted + when: hostapd_enabled and wifi_slave.stdout is defined and wifi_slave.stdout == 0 - name: dhcp_server may be affected - starting - user choice - service: name={{ dhcp_service2 }} - state=restarted + service: + name: "{{ dhcp_service2 }}" + state: restarted when: iiab_network_mode != "Appliance" diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index d44ce6ea5..25390091b 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -38,19 +38,19 @@ name: dhcpcd state: restarted -- name: Restart the networking service +- name: Restart the networking service if appropriate service: name: networking enabled: yes state: restarted when: not nobridge is defined and not no_net_restart -- name: Restart hostapd when WiFi is present +- name: Restart hostapd if appropriate service: name: hostapd enabled: yes state: restarted - when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" + when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance" #- name: dhcp_server may be affected - starting - user choice # service: name={{ dhcp_service2 }} state=started diff --git a/roles/network/templates/hostapd/hostapd.conf.j2 b/roles/network/templates/hostapd/hostapd.conf.j2 index 1eb39a8c1..9e38ace62 100644 --- a/roles/network/templates/hostapd/hostapd.conf.j2 +++ b/roles/network/templates/hostapd/hostapd.conf.j2 @@ -2,9 +2,10 @@ interface={% if iiab_wireless_lan_iface is defined %}{{ iiab_wireless_lan_iface }}{% endif %} + ssid={{ host_ssid }} channel={{ host_channel }} -{%if iiab_lan_iface == "br0" %} +{%if iiab_lan_iface == "br0" %} bridge=br0 {% endif %} diff --git a/roles/network/templates/hostapd/iiab-hostapd.conf.j2 b/roles/network/templates/hostapd/iiab-hostapd.conf.j2 index 5ee541281..3cfffc69e 100644 --- a/roles/network/templates/hostapd/iiab-hostapd.conf.j2 +++ b/roles/network/templates/hostapd/iiab-hostapd.conf.j2 @@ -4,7 +4,7 @@ interface={{ discovered_wireless_iface }} ssid={{ host_ssid }} channel={{ host_channel }} -{%if iiab_lan_iface == "br0" %} +{%if iiab_lan_iface == "br0" %} bridge=br0 {% endif %} diff --git a/roles/network/templates/network/dhcpcd.conf.j2 b/roles/network/templates/network/dhcpcd.conf.j2 index 63918be98..181d16aaf 100644 --- a/roles/network/templates/network/dhcpcd.conf.j2 +++ b/roles/network/templates/network/dhcpcd.conf.j2 @@ -38,9 +38,17 @@ require dhcp_server_identifier slaac private # IIAB -denyinterfaces {% if iiab_wireless_lan_iface is defined %} {{ iiab_wireless_lan_iface }} {% endif %} {% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }} {% endif %} -#{% if iiab_lan_iface != "br0" %} {{ iiab_lan_iface }} {% endif %} +# always support Ethernet-to-Internet on RPi (avoid "denyinterfaces eth0") +{% if is_rpi and hostapd_enabled %} +denyinterfaces {% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }} {% endif %} +{% elif is_rpi %} +#denyinterfaces {% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }} {% endif %} +{% else %} +denyinterfaces {% if iiab_wireless_lan_iface is defined %} {{ iiab_wireless_lan_iface }} {% endif %} {% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }} {% endif %} +{% endif %} + +{# {% if iiab_lan_iface != "br0" %} {{ iiab_lan_iface }} {% endif %} #} {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %} interface {{ iiab_lan_iface }} diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index d14cc6038..9e0027d6f 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -7,3 +7,7 @@ systemctl stop dhcpd systemctl daemon-reload systemctl restart dhcpcd systemctl restart networking + +# Experimental/Temporary workaround for WiFi "10SEC disease" +# https://github.com/iiab/iiab/issues/638#issuecomment-355455454 +if grep -qi raspbian /etc/*release; then ip link set dev wlan0 promisc on; fi diff --git a/scripts/calibre-install-latest.sh b/scripts/calibre-install-latest.sh index 69f2e4d43..77730fa4b 100755 --- a/scripts/calibre-install-latest.sh +++ b/scripts/calibre-install-latest.sh @@ -7,7 +7,7 @@ export DEBIAN_FRONTEND=noninteractive # Drags in stock desktop dependencies without too much from testing below apt -y install calibre-bin dirmngr -# Updates calibre-bin to version 3.10 from testing +# Updates calibre-bin to version 3.10 or 3.14 or ... from testing (SEE http://archive.raspbian.org/raspbian/pool/main/c/calibre/ ?) apt-key adv --recv-key --keyserver keyserver.ubuntu.com 7638D0442B90D010 echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list.d/debian-testing.list apt update @@ -15,7 +15,7 @@ apt -y install libqt5core5a python-lxml calibre # Remove last line, safer than: rm /etc/apt/sources.list.d/debian-testing.list sed -i '$ d' /etc/apt/sources.list.d/debian-testing.list -# Updates to calibre & calibre-bin to 3.12 from unstable +# Updates to calibre & calibre-bin to "very latest" 3.x from unstable echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list.d/debian-unstable.list apt update apt -y install calibre diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e3a6d2aba..4bc5cb105 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -63,16 +63,18 @@ lan_netmask: 255.255.224.0 # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled # The platform variable adapts install to specific hardware (raspberry pi=rpi2) -hostapd_enabled: True host_ssid: "Internet in a Box" host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme -# For those installing IIAB over WiFi: "reboot_to_AP: True" makes the internal -# WiFi Access active after the next reboot. This is equivalent to manually -# running "iiab-hotspot-on". Note this variable only works with RPi's for now. +hostapd_enabled: True +# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is +# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes +# and content is downloaded, to enable the internal WiFi Access Point / AP!) reboot_to_AP: False +# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above +# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless. # Gateway mode iiab_lan_enabled: True