Merge pull request #891 from holta/dnsmasq-pr870-cleanup

PR870 cleanup for understandability (dnsmasq, Captive Portal)

roles/network/defaults/main.yml

@@ -1,4 +1,3 @@
----
 # Defaults for network detection
 wireless_lan_present: False
 strict_networking: False
@@ -19,14 +18,14 @@ discovered_lan_iface: "none"
 discovered_wired_iface: "none"
 discovered_wireless_iface: "none"
 
-#Redhat
+# Red Hat
 #iiab_wired_lan_iface: "none"
 #iiab_wireless_lan_iface: "none"
 has_WAN: False
 has_ifcfg_gw: "none"
 has_wifi_gw: "none"
 
-#Debian
+# Debian
 dhcpcd_result: ""
 wan_in_interfaces: False
 network_manager_active: False
@@ -39,7 +38,7 @@ gui_desired_network_role: Gateway
 wondershaper_dspeed: "4096"
 wondershaper_upspeed: "1024"
 
-# WiFi
+# Wi-Fi
 host_ssid: IIAB
 hostapd_wait: 1
 host_wifi_mode: g
@@ -63,16 +62,18 @@ network_config_dir: /etc/network/interfaces.d
 dns_jail_enabled: False
 services_externally_visible: False
 
-# following variables set for old apache,dhcpd,named usage
+# Following variables set for old Apache, dhcpd, named usage
 dhcpd_install: True
 dhcpd_enabled: True
 named_install: True
 named_enabled: True
 dnsmasq_enabled: False
 dnsmasq_install: False
+
+# For @tim-moody's Nodogsplash approach to Captive Portal?  High experimental as of June 2018: github.com/iiab/iiab/issues/608
 captive_portal_enabled: False
 
-# for simple python captive portal
+# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
 py_captive_portal_install: True
 py_captive_portal_enabled: True
 py_captive_portal_port: "9090"

roles/network/tasks/captive_portal.yml

@@ -1,8 +1,10 @@
-- name: Create directory for captive portal script
-  file: path=/opt/iiab/captive-portal state=directory
+- name: Create directory for Captive Portal script
+  file:
+    path: /opt/iiab/captive-portal
+    state: directory
   when: py_captive_portal_install
 
-- name: Copy captive portal script
+- name: Copy Captive Portal script
   template:
     src: roles/network/templates/captive_portal/captive_portal.py.j2
     dest: /opt/iiab/captive-portal/captive_portal.py
@@ -11,7 +13,7 @@
     mode: 0740
   when: py_captive_portal_install
 
-- name: Copy captive portal service file
+- name: Copy Captive Portal service file
   template:
     src: roles/network/templates/captive_portal/captive_portal.service.j2
     dest: /etc/systemd/system/captive_portal.service
@@ -21,17 +23,25 @@
   when: py_captive_portal_install
 
 - name: Enable captive_portal after copying files
-  service: name=captive_portal.service enabled=yes
+  service:
+    name: captive_portal.service
+    enabled: yes
   when: py_captive_portal_install and py_captive_portal_enabled
 
 - name: Start captive_portal after copying files
-  service: name=captive_portal.service state=started
+  service:
+    name: captive_portal.service
+    state: started
   when: py_captive_portal_install and py_captive_portal_enabled
 
 - name: Disable captive_portal after copying files
-  service: name=captive_portal.service enabled=no
+  service:
+    name: captive_portal.service
+    enabled: no
   when: py_captive_portal_install and py_captive_portal_enabled
 
 - name: Stop captive_portal after copying files
-  service: name=captive_portal.service state=started
+  service:
+    name: captive_portal.service
+    state: started
   when: py_captive_portal_install and py_captive_portal_enabled

roles/network/tasks/enable_services.yml

@@ -1,157 +1,181 @@
 - name: Disable dhcpd service
-  service: name=dhcpd
-           enabled=no
+  service:
+    name: dhcpd
+    enabled: no
   when: not dhcpd_enabled and dhcpd_install
 
 # service is restarted with NM dispatcher.d script
 - name: Enable dhcpd service
-  service: name=dhcpd
-           enabled=yes
+  service:
+    name: dhcpd
+    enabled: yes
   when: dhcpd_enabled and dhcpd_install
 
 - name: Copy /etc/sysconfig/dhcpd file
-  template: src={{ item.src }}
-            dest={{ item.dest }}
-            owner=root
-            group=root
-            mode={{ item.mode }}
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
   with_items:
-   - { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
+   - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' }
    - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
   when: dhcpd_enabled and dhcpd_install
 
 - name: Copy named file
-  template: src={{ item.src }}
-            dest={{ item.dest }}
-            owner=root
-            group=root
-            mode={{ item.mode }}
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
   with_items:
-   - { src: 'named/named-iiab.conf.j2' , dest: '/etc/named-iiab.conf' , mode: '0644' }
-   - { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
-   - { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
+   - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' }
+   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }
+   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }
 
 - name: Enable named service
-  service: name={{ dns_service }}
-           enabled=yes
+  service:
+    name: "{{ dns_service }}"
+    enabled: yes
   when: named_enabled and named_install
 
 - name: Disable named service
-  service: name={{ dns_service }}
-           enabled=no
+  service:
+    name: "{{ dns_service }}"
+    enabled: no
   when: not named_enabled and named_install
 
 - name: Disable dnsmasq
-  service: name=dnsmasq
-           enabled=no
+  service:
+    name: dnsmasq
+    enabled: no
   when: not dnsmasq_enabled and dnsmasq_install
 
-- name: dnsmasq copy config file to /etc
-  template: src=network/dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
+- name: Copy dnsmasq.conf to /etc
+  template:
+    src: network/dnsmasq.conf.j2
+    dest: /etc/dnsmasq.conf
   when: dnsmasq_enabled and dnsmasq_install
 
 - name: Enable dnsmasq
-  service: name=dnsmasq
-           enabled=yes
+  service:
+    name: dnsmasq
+    enabled: yes
   when: dnsmasq_enabled and dnsmasq_install
 
 - name: Enable DansGuardian
-  service: name=dansguardian
-           enabled=yes
+  service:
+    name: dansguardian
+    enabled: yes
   when: dansguardian_enabled and dansguardian_install
 
 - name: Disable DansGuardian
-  service: name=dansguardian
-           enabled=no
+  service:
+    name: dansguardian
+    enabled: no
   when: not dansguardian_enabled and dansguardian_install
 
 - name: Create xs_httpcache flag
-  lineinfile: dest=/etc/iiab/iiab.env
-              regexp='^HTTPCACHE_ON=*'
-              line='HTTPCACHE_ON=True'
-              state=present
+  lineinfile:
+    dest: /etc/iiab/iiab.env
+    regexp: '^HTTPCACHE_ON=*'
+    line: 'HTTPCACHE_ON=True'
+    state: present
   when: squid_enabled and squid_install
 
 - name: Enable Squid service
-  service: name={{ proxy }}
-           enabled=yes
+  service:
+    name: "{{ proxy }}"
+    enabled: yes
   when: squid_enabled and squid_install
 
 - name: Copy init script and config file
-  template: src={{ item.src }}
-            dest={{ item.dest }}
-            owner={{ item.owner }}
-            group={{ item.group }}
-            mode={{ item.mode }}
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
   with_items:
-    - src: 'squid/squid-iiab.conf.j2'
-      dest: '/etc/{{ proxy }}/squid-iiab.conf'
-      owner: '{{ proxy_user }}'
-      group: '{{ proxy_user }}'
-      mode: '0644'
+    - src: squid/squid-iiab.conf.j2
+      dest: "/etc/{{ proxy }}/squid-iiab.conf"
+      owner: "{{ proxy_user }}"
+      group: "{{ proxy_user }}"
+      mode: 0644
   when: squid_enabled and squid_install
 
 - name: Point to Squid config file from startup file
-  lineinfile: regexp='^CONFIG'
-              line='CONFIG=/etc/{{ proxy }}/squid-iiab.conf'
-              dest=/etc/init.d/{{ proxy }}
+  lineinfile:
+    regexp: '^CONFIG'
+    line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
+    dest: "/etc/init.d/{{ proxy }}"
   when: squid_enabled and squid_install and is_debuntu
 
 - name: Disable Squid service
-  service: name={{ proxy }}
-           enabled=no
+  service:
+    name: "{{ proxy }}"
+    enabled: no
   when: not squid_enabled and squid_install
 
 - name: Remove xs_httpcache flag
-  lineinfile: dest=/etc/iiab/iiab.env
-              regexp='^HTTPCACHE_ON=*'
-              line='HTTPCACHE_ON=False'
-              state=present
+  lineinfile:
+    dest: /etc/iiab/iiab.env
+    regexp: '^HTTPCACHE_ON=*'
+    line: 'HTTPCACHE_ON=False'
+    state: present
   when: not squid_enabled
 
 - name: Enable Wondershaper service
-  service: name=wondershaper
-           enabled=yes
+  service:
+    name: wondershaper
+    enabled: yes
   when: wondershaper_enabled and wondershaper_install
 
 - name: Disable Wondershaper service
-  service: name=wondershaper
-           enabled=no
+  service:
+    name: wondershaper
+    enabled: no
   when: not wondershaper_enabled and wondershaper_install
 
 # check-LAN should be iptables.yml remove later
 - name: Grab clean copy of iiab-gen-iptables
-  template: src={{ item.0 }}
-            dest={{ item.1 }}
-            owner='root'
-            group='root'
-            mode='0755'
+  template:
+    src: "{{ item.0 }}"
+    dest: "{{ item.1 }}"
+    owner: root
+    group: root
+    mode: 0755
   with_items:
    - { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' }
 
-- name: Add 'squid' to service list
-  ini_file: dest='{{ service_filelist }}'
-            section=squid
-            option='{{ item.option }}'
-            value='{{ item.value }}'
+- name: Add 'squid' to list of services at /etc/iiab/iiab.ini
+  ini_file:
+    dest: "{{ service_filelist }}"
+    section: squid
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
     - option: enabled
       value: "{{ squid_enabled }}"
 
-- name: Add 'dansguardian' to service list
-  ini_file: dest='{{ service_filelist }}'
-            section=dansguardian
-            option='{{ item.option }}'
-            value='{{ item.value }}'
+- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
+  ini_file:
+    dest: "{{ service_filelist }}"
+    section: dansguardian
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
     - option: enabled
       value: "{{ dansguardian_enabled }}"
 
-- name: Add 'wondershaper' to service list
-  ini_file: dest='{{ service_filelist }}'
-            section=wondershaper
-            option='{{ item.option }}'
-            value='{{ item.value }}'
+- name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini
+  ini_file:
+    dest: "{{ service_filelist }}"
+    section: wondershaper
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
     - option: enabled
       value: "{{ wondershaper_enabled }}"

vars/default_vars.yml

@@ -52,8 +52,9 @@ local_tz: "{{ ansible_date_time.tz }}"
 # Read https://github.com/iiab/iiab/wiki/IIAB-Networking
 # Also readable offline @ http://box/info/IIAB-Networking.html
 
-# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 60 LINES, as enabled by Ansible's
-# NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS.
+# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 65 LINES, as enabled by Ansible's
+# NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS below.
+# SEE ALSO: /opt/iiab/iiab/roles/network/defaults/main.yml
 
 iiab_hostname: box
 iiab_domain: lan
@@ -103,18 +104,19 @@ dhcpd_enabled: False
 named_install: True
 named_enabled: True
 block_DNS: False
-# Captive Portal highly experimental as of July 2018: https://github.com/iiab/iiab/pull/870
-py_captive_portal_install: True
-py_captive_portal_enabled: False
 
 # dnsmasq
 dnsmasq_install: True
 dnsmasq_enabled: False
 
-# Captive Portal highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608
+# For @tim-moody's Nodogsplash approach to Captive Portal?  High experimental as of June 2018: github.com/iiab/iiab/issues/608
 captive_portal_install: False
 captive_portal_enabled: False
 
+# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
+py_captive_portal_install: True
+py_captive_portal_enabled: False
+
 # Squid
 squid_install: False
 squid_enabled: False