external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-13 19:52:06 +00:00
Code Issues Releases Wiki Activity

Merge pull request #25 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2017-11-08 00:53:46 -05:00 committed by GitHub
commit 485ca013c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
79 changed files with 1270 additions and 725 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

88
iiab-install Executable file
View file

@ -0,0 +1,88 @@
#!/bin/bash -e
# running from a git repo
# Add cmdline options for passing to ansible
# todo add proper shift to gobble up --debug --reinstall
ARGS=""
OLD_RPI_KERN="4.9.41-v7+"
PLAYBOOK="iiab-stages.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
OS=`grep ^ID= /etc/*release|cut -d= -f2`
OS=${OS//\"/}
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f $PLAYBOOK ]; then
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit 1
fi
if [ $OS = "raspbian" ]; then
echo "Found Raspbian"
ABORT=`uname -a | grep $OLD_RPI_KERN | wc -l`
if [ "$ABORT" == 1 ]; then
echo "Kernel "$OLD_RPI_KERN" is obsolete. Before running './iiab-install' you first need"
echo "to update your system with 'apt update' then 'apt dist-upgrade' then reboot."
echo "INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation"
exit 1
else
echo "Kernel looks ok - continuing"
fi
fi
if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then
mkdir -p /etc/ansible/facts.d
fi
cp ./scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact
STAGE=""
if [ ! -f /etc/iiab/iiab.env ]; then
mkdir -p /etc/iiab
./scripts/ansible
else
OLD=`grep XSCE /etc/iiab/iiab.env | wc -l`
if [ "$OLD" != 0 ] || [ "$1" = "--reinstall" ]; then
echo "Found old XSCE install - re-installing from scratch"
rm /etc/iiab/iiab.env
# check ansible version here and force ansible upgrade if needed
else
source /etc/iiab/iiab.env
if [ "$1" = "--debug" ]; then
echo "Entering debug mode"
sed -i -e 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env
elif [ ! $STAGE == 9 ]; then
echo "Restarting *after* STAGE $STAGE..as soon as Stage 0 completes. Stage 9 comes last."
elif [ $STAGE == 9 ]; then
# place keeper add read response
# "offer 'Y' or stage number dialog box option to override"
echo "'iiab-install' has already been completed"
echo "use --debug to override "
#echo "In demo mode not preventing second run"
echo "Exiting."
exit 1
fi
fi
fi
# if vars/local_vars.yml is missing, put a default one in place - First Run
if [ ! -f ./vars/local_vars.yml ]; then
case $OS in
OLPC | fedora)
cp ./vars/olpc.localvars ./vars/local_vars.yml
;;
centos | debian | ubuntu | raspbian)
cp ./vars/medium.localvars ./vars/local_vars.yml
;;
*)
echo "IIAB supports raspbian, debian, ubuntu, centos, and OLPC - exiting now..."
exit 1
;;
esac
fi
echo "Running local playbooks! "
ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null
ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local

31
iiab-network
View file

@ -1,15 +1,8 @@
#!/bin/bash
if [ -f /etc/iiab/iiab.env ]
then
. /etc/iiab/iiab.env
cd $IIAB_DIR
else
echo /etc/iiab/iiab.env is missing. Playbook has not been run.
exit 1
fi
# running from a git repo
# ansible files exist
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
if [ ! -f iiab-network.yml ]
then
@ -24,16 +17,24 @@ then
touch /etc/iiab/config_vars.yml
fi
export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
Start=`date`
ansible-playbook -i ansible_hosts iiab-network.yml --connection=local
End=`date`
echo "" >> iiab-network.log
ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log
if [ ! "OS" == "debian" ]; then
ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log
nmcli d >> iiab-network.log
nmcli c >> iiab-network.log
fi
brctl show >> iiab-network.log
echo "run on:" >> iiab-network.log
date >> iiab-network.log
echo "" >> iiab-network.log
ip r >> iiab-network.log
echo "" >> iiab-network.log
brctl show br0>> iiab-network.log
echo "run start: $Start" >> iiab-network.log
echo "run end: $End" >> iiab-network.log
echo "" >> iiab-network.log
echo "" >> iiab-network.log
ip r
brctl show br0
echo "run start:$Start"
echo "run end: $End"

70
iiab-stages.yml Normal file
View file

@ -0,0 +1,70 @@
---
- hosts: all
become: yes
vars_files:
- roles/0-init/defaults/main.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
tasks:
- name: 0-init
include_role:
name: 0-init
tags: 0-init
- name: 1-prep
include_role:
name: 1-prep
when: ansible_local.local_facts.stage|int < 1
tags: 1-prep, platform, base
- name: 2-common
include_role:
name: 2-common
when: ansible_local.local_facts.stage|int < 2
tags: 2-common, base
- name: 3-base-server
include_role:
name: 3-base-server
when: ansible_local.local_facts.stage|int < 3
tags: 3-base-server, base
- name: 4-server-options
include_role:
name: 4-server-options
when: ansible_local.local_facts.stage|int < 4
tags: 4-server-options
- name: 5-xo-services
include_role:
name: 5-xo-services
when: ansible_local.local_facts.stage|int < 5
tags: 5-xo-services
- name: 6-generic-apps
include_role:
name: 6-generic-apps
when: ansible_local.local_facts.stage|int < 6
tags: 6-generic-apps
- name: 7-edu-apps
include_role:
name: 7-edu-apps
when: ansible_local.local_facts.stage|int < 7
tags: 7-edu-apps
- name: 8-mgmt-tools
include_role:
name: 8-mgmt-tools
when: ansible_local.local_facts.stage|int < 8
tags: 8-mgmt-tools
- name: 9-local-addons
include_role:
name: 9-local-addons
when: ansible_local.local_facts.stage|int < 9
tags: 9-local-addons

3
install-support
View file

@ -4,6 +4,8 @@ PLAYBOOK="iiab-base.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f $PLAYBOOK ]
then
echo "IIAB Playbook not found."
@ -15,5 +17,4 @@ fi
sed -i -e "s/openvpn_install: False/openvpn_install: True/" vars/local_vars.yml
sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" vars/local_vars.yml
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local

1
roles/0-init/defaults/main.yml
View file

@ -1 +0,0 @@
/opt/iiab/iiab/roles/1-prep/defaults/main.yml

32
roles/0-init/defaults/main.yml Normal file
View file

@ -0,0 +1,32 @@
# use these as a tag a release at a point in time
iiab_base_ver: 6.4
gui_version: 2
# These entries should never be changed in this file.
# These are defaults for boolean routines,
first_run: False
rpi_model: none
is_rpi: False
xo_model: none
gw_active: none
internet_available: False
discovered_wan_iface: none
# old defs
gui_port: 80
exFAT_enabled: False
is_F18: False
# Set default 1-prep discovered hardware
rtc_id: ds3231
NUC6_firmware_needed: False
# used in 2-common xo.yml
wifi_id: none
# used 3+ others
installing: False
# network
no_net_restart: False
no_NM_reload: False

121
roles/1-prep/tasks/computed_vars.yml → roles/0-init/tasks/computed_vars.yml
View file

@ -1,34 +1,55 @@
# get local vars from scripts in /etc/ansible/facts.d
# on first run, this will generate UUID
- name: re-read facts
- name: re-read local_facts.facts from /etc/ansible/facts.d
setup: filter=ansible_local
# set top level variables from local facts for convenience
- set_fact:
xo_model: '{{ ansible_local["local_facts"]["xo_model"] }}'
phplib_dir: '{{ ansible_local["local_facts"]["phplib_dir"] }}'
xo_model: '{{ ansible_local.local_facts.xo_model }}'
phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}'
iiab_stage: '{{ ansible_local.local_facts.stage }}'
# Networking uses a different file for the rpi
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: True
no_net_restart: True
when: ansible_local.local_facts.os == "raspbian"
- name: Set exFAT enabled for XO laptops
set_fact:
exFAT_enabled: True
when: xo_model != "none"
- name: set FQDN
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: FQDN changed
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
- name: Now check FQDN
include_tasks: roles/2-common/tasks/hostname.yml
when: FQDN_changed
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
- name: Finding gateway
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
when: 'ansible_default_ipv4.gateway is defined'
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
iiab_wan_iface: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: Verify gateway present
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" &> /dev/null ; echo $?
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
when: discovered_wan_iface != "none"
register: gw_active_test
- name: Recording gateway response
set_fact:
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "0"
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: Test for internet access
get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt
@ -39,40 +60,13 @@
- name: Set internet_available true if wget succeeded
set_fact:
internet_available: True
internet_available: True
when: not internet_access_test|failed and not disregard_network
- name: Cleanup internet test file
file: path=/tmp/heart-beat.txt
state=absent
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'runtime_branch'
value: '{{ ansible_local["local_facts"]["iiab_branch"] }}'
- option: 'runtime_commit'
value: '{{ ansible_local["local_facts"]["iiab_commit"] }}'
- option: 'runtime_date'
value: '{{ ansible_date_time["iso8601"] }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
# Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC
set_fact: local_tz='UTC'
@ -176,3 +170,52 @@
set_fact:
is_CentOS: True
when: ansible_distribution == "CentOS"
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'iiab_stage'
value: '{{ iiab_stage }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'runtime_branch'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'runtime_commit'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'runtime_date'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'ansible_version'
value: '{{ ansible_local.local_facts.ansible_version }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'is_rpi'
value: '{{ is_rpi }}'
- option: 'first_run'
value: '{{ first_run }}'
- option: 'local_tz'
value: '{{ local_tz }}'
- option: 'FQDN_changed'
value: '{{ FQDN_changed }}'
- name: STAGE 0 HAS COMPLETED ======================================
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'is_VM'
value: 'yes'
when: is_VM is defined

203
roles/0-init/tasks/main.yml
View file

@ -1,9 +1,6 @@
# Initialize
- name: ...IS BEGINNING ============================================
command: echo
- name: Determine if runansible was run
stat: path=/etc/iiab/iiab.env
register: NewInstall
@ -14,10 +11,200 @@
# we need to inialize the ini file and only write the location and version sections once and only
# once to preserve the install date and git hash.
- include: roles/1-prep/tasks/iiab_ini.yml
- name: Write iiab_ini.yml for the first time
include_tasks: roles/1-prep/tasks/iiab_ini.yml
when: first_run
# Now load the computed vars
- include: roles/1-prep/tasks/computed_vars.yml
- name: ...HAS COMPLETED ===========================================
command: echo
#- name: Loading computed_vars
# include_tasks: roles/0-init/tasks/computed_vars.yml
- name: re-read local_facts.facts from /etc/ansible/facts.d
setup: filter=ansible_local
# set top level variables from local facts for convenience
- set_fact:
xo_model: '{{ ansible_local.local_facts.xo_model }}'
phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}'
iiab_stage: '{{ ansible_local.local_facts.stage }}'
# Networking uses a different file for the rpi
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: True
# no_net_restart: True
# nobridge: True
when: ansible_local.local_facts.os == "raspbian"
- name: Set exFAT enabled for XO laptops
set_fact:
exFAT_enabled: True
when: xo_model != "none"
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
- name: Finding gateway
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
iiab_wan_iface: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: Verify gateway present
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
when: discovered_wan_iface != "none"
register: gw_active_test
- name: Recording gateway response
set_fact:
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: Test for internet access
get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt
ignore_errors: True
# async: 10
# poll: 2
register: internet_access_test
- name: Set internet_available true if wget succeeded
set_fact:
internet_available: True
when: not internet_access_test|failed and not disregard_network
- name: Cleanup internet test file
file: path=/tmp/heart-beat.txt
state=absent
# Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC
set_fact: local_tz='UTC'
when: local_tz == ""
- name: Set port 80 for Admin Console
set_fact:
gui_port: 80
when: not adm_cons_force_ssl
- name: Set port 443 for Admin Console
set_fact:
gui_port: 443
when: adm_cons_force_ssl
- name: Require MySQL to be on
set_fact:
mysql_install: True
mysql_enabled: True
# we decided to enable mysql unconditionally
# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install
# Commenting out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427
# - name: Turn on mongodb if sugarizer enabled
# set_fact:
# mongodb_install: True
# mongodb_enabled: True
# when: sugarizer_enabled
# There might be other db's
- name: Turn on PostgreSQL if Moodle or Pathagar enabled
set_fact:
postgresql_install: True
postgresql_enabled: True
when: moodle_enabled or pathagar_enabled
- name: Turn on Docker if SchoolTool is to be installed
set_fact:
docker_install: True
docker_enabled: True
when: schooltool_enabled or schooltool_install
- name: Set python_path for is_redhat
set_fact:
python_path: /usr/lib/python2.7/site-packages/
when: is_redhat
- name: Set python_path for is_debuntu
set_fact:
python_path: /usr/local/lib/python2.7/dist-packages/
when: is_debuntu
# for various reasons the mysql service can not be enabled on fedora 20,
# but 'mariadb', which is its real name can
# on fedora 18 we need to use 'mysqld'
- name: Set mysqld_service to mariadb by default
set_fact:
mysql_service: mariadb
- name: Set mysqld_service to mysqld for Fedora 18
set_fact:
mysql_service: mysqld
no_NM_reload: True
is_F18: True
when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
- name: Set mysql_service to mysql for Debian
set_fact:
mysql_service: mysql
when: is_debuntu
- name: set FQDN
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: FQDN changed
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'iiab_stage'
value: '{{ iiab_stage }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'runtime_branch'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'runtime_commit'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'runtime_date'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'ansible_version'
value: '{{ ansible_local.local_facts.ansible_version }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'is_rpi'
value: '{{ is_rpi }}'
- option: 'first_run'
value: '{{ first_run }}'
- option: 'local_tz'
value: '{{ local_tz }}'
- option: 'FQDN_changed'
value: '{{ FQDN_changed }}'
- name: Now changing FQDN
include_tasks: roles/2-common/tasks/hostname.yml
when: FQDN_changed
- name: STAGE 0 HAS COMPLETED ======================================
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'is_VM'
value: 'yes'
when: is_VM is defined

31
roles/1-prep/defaults/main.yml
View file

@ -1,31 +0,0 @@
# use these as a tag a release at a point in time
iiab_base_ver: 6.4
gui_version: 2
# These entries should never be changed in this file.
# These are defaults for boolean routines,
first_run: False
installing: False
discovered_wan_iface: "none"
gw_active: "none"
internet_available: False
is_F18: False
no_NM_reload: False
exFAT_enabled: False
gui_port: 80
# Set default for discovered hardware
rpi_model: none
is_rpi: False
xo_model: none
rtc_id: ds3231
NUC6_firmware_needed: False
# used in 2-common xo.yml
wifi_id: none
is_F20: False
is_F21: False
is_F22: False
is_F23: False
is_F24: False

6
roles/1-prep/tasks/iiab_ini.yml
View file

@ -25,10 +25,10 @@
- option: 'arch'
value: '{{ ansible_architecture }}'
- option: 'iiab_branch'
value: '{{ ansible_local["local_facts"]["iiab_branch"] }}'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'iiab_commit'
value: '{{ ansible_local["local_facts"]["iiab_commit"] }}'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'install_date'
value: '{{ ansible_date_time["iso8601"] }}'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'install_xo'
value: '{{ xo_model }}'

28
roles/1-prep/tasks/main.yml
View file

@ -50,43 +50,39 @@
- name: Disable AppArmor -- on by default in Ubuntu
service: name=apparmor enabled=False state=stopped
when: first_run and is_ubuntu
when: is_ubuntu
ignore_errors: true
- name: Disable SELinux on next boot
selinux: state=disabled
register: selinux_disabled
when: first_run and not is_debuntu
when: not is_debuntu
- name: Disable SELinux for this session (if needed)
command: setenforce Permissive
when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
## DISCOVER PLATFORMS ######
- name: Discover if this is an rpi -- assume it is running Raspbian if so
set_fact:
rpi_model: "rpi"
is_rpi: "True"
when: ansible_local.local_facts.os == "raspbian"
ignore_errors: true
- include: prep.yml
when: first_run
- include_tasks: prep.yml
# Put conditional actions for hardware platforms here
- include: raspberry_pi_2.yml
- include_tasks: raspberry_pi_2.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 builtin WiFi is present
shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'"
register: usb_NUC6
ignore_errors: true
when: first_run
- name: Download the firmware for built-in WiFi on NUC6
get_url: dest=/lib/firmware
url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode
when: first_run and usb_NUC6.stdout|int > 0
when: usb_NUC6.stdout|int > 0
- name: ...HAS COMPLETED ===========================================
command: echo
# this script can be sourced to get IIAB location
- name: Recording STAGE 1 HAS COMPLETED ============================
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644

3
roles/1-prep/templates/iiab.env.j2
View file

@ -1,7 +1,8 @@
# This is a configuration file for XSCE
# This is a configuration file for IIAB
# It can sourced in a shell script or read into an application
IIAB_BASE_PATH={{ iiab_base }}
IIAB_DIR={{ iiab_dir }}
OS={{ ansible_local.local_facts.os }}
OS_VER={{ ansible_local.local_facts.os_ver }}
WWWROOT={{ doc_root }}
STAGE=1

52
roles/2-common/tasks/hostname.yml Normal file
View file

@ -0,0 +1,52 @@
- name: Creat filesytem layout
include_tasks: roles/2-common/tasks/fl.yml
when: first_run
- name: turn the crank for systemd
shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
when: is_debuntu
- name: Configure /etc/sysconfig/network
template: src=roles/network/templates/network/sysconfig.network.j2
dest=/etc/sysconfig/network
owner=root
group=root
mode=0644
when: is_redhat
- name: Configure short hostname in /etc/hosts
lineinfile: dest=/etc/hosts
regexp='^127\.0\.0\.1'
line='127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}'
owner=root
group=root
mode=0644
- name: Configuring named
include_tasks: roles/network/tasks/named.yml
tags:
- named
- network
- domain
- name: Configuring dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
tags:
- dhcpd
- network
- domain
- name: Configuring squid
include_tasks: roles/network/tasks/squid.yml
when: squid_install
tags:
- squid
- network
- name: Re-configuring httpd - not initial install
include_tasks: roles/httpd/tasks/main.yml
when: iiab_stage|int > 3
- name: Re-configuring rest of networking - not initial install
include_tasks: roles/network/tasks/main.yml
when: iiab_stage|int > 4

25
roles/2-common/tasks/main.yml
View file

@ -3,22 +3,24 @@
- name: ...IS BEGINNING ==========================================
command: echo
#- include: iiab_ini.yml
#- include_tasks: iiab_ini.yml
# create the directory structure for IIAB
- include: fl.yml
#- include_tasks: fl.yml
- include: xo.yml
- include_tasks: xo.yml
when: xo_model != "none" or osbuilder is defined
- include: centos.yml
- include_tasks: roles/network/tasks/iptables.yml
- include_tasks: centos.yml
when: ansible_distribution == "CentOS"
- include: fedora.yml
- include_tasks: fedora.yml
when: ansible_distribution == "Fedora"
# the following installs common packages for both debian and fedora
- include: packages.yml
- include_tasks: packages.yml
- sysctl: name=net.ipv4.ip_forward value=1 state=present
- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present
@ -43,10 +45,13 @@
mode=0644
backup=no
- include: net_mods.yml
- include_tasks: net_mods.yml
when: not is_debuntu and not is_F18
- include: udev.yml
- include_tasks: udev.yml
- name: ...HAS COMPLETED =========================================
command: echo
- name: Recording STAGE 2 HAS COMPLETED ==========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=2'
state=present

6
roles/2-common/tasks/packages.yml
View file

@ -36,6 +36,9 @@
- linux-firmware
- syslog
- xml-common
- nss-mdns
- avahi
- avahi-tools
when: is_redhat
- name: Download usbmount -- not in debian-9
@ -52,6 +55,9 @@
with_items:
- inetutils-syslogd
- wpasupplicant
- libnss-mdns
- avahi-daemon
- avahi-discover
when: is_debuntu
- name: Install common packages

15
roles/3-base-server/tasks/main.yml
View file

@ -1,5 +1,4 @@
# Base Server
- name: ...IS BEGINNING =====================================
command: echo
@ -30,12 +29,8 @@
state=restarted
when: not installing
# If we got here we're done
#- name: Record base gui version
# lineinfile: dest=/etc/iiab/iiab.env
# regexp='^BASE_VERSION=*'
# line='BASE_VERSION="{{ gui_version }}"'
# state=present
- name: ...HAS COMPLETED ====================================
command: echo
- name: Record STAGE 3 HAS COMPLETED ========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=3'
state=present

16
roles/4-server-options/tasks/main.yml
View file

@ -1,5 +1,4 @@
# Server Options
- name: ...IS BEGINNING ==================================
command: echo
@ -57,14 +56,6 @@
when: usb_lib_install
tags: usb-lib
# this script can be sourced to get IIAB location
- name: Create iiab.env file
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644
- name: Put a Python interface to iiab.env
template: src=roles/1-prep/templates/iiab_env.py.j2
dest=/etc/iiab/iiab_env.py
@ -73,5 +64,8 @@
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs
- name: ...HAS COMPLETED =================================
command: echo
- name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=4'
state=present

8
roles/5-xo-services/tasks/main.yml
View file

@ -1,5 +1,4 @@
# XO Services
- name: ...IS BEGINNING =====================================
command: echo
@ -21,5 +20,8 @@
when: idmgr_install
tags: olpc, idmgr
- name: ...HAS COMPLETED ====================================
command: echo
- name: Recording STAGE 5 HAS COMPLETED =====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=5'
state=present

8
roles/6-generic-apps/tasks/main.yml
View file

@ -1,5 +1,4 @@
# Generic Apps
- name: ...IS BEGINNING ====================================
command: echo
@ -45,5 +44,8 @@
when: wordpress_install
tags: wordpress
- name: ...HAS COMPLETED ===================================
command: echo
- name: Recording STAGE 6 HAS COMPLETED ====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=6'
state=present

8
roles/7-edu-apps/tasks/main.yml
View file

@ -1,5 +1,4 @@
# Educational Apps
- name: ...IS BEGINNING ========================================
command: echo
@ -39,5 +38,8 @@
when: sugarizer_install
tags: sugarizer
- name: ...HAS COMPLETED =======================================
command: echo
- name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=7'
state=present

7
roles/8-mgmt-tools/tasks/main.yml
View file

@ -51,5 +51,8 @@
when: xovis_install and ansible_distribution != "CentOS"
tags: xovis
- name: ...HAS COMPLETED =====================================
command: echo
- name: Recording STAGE 8 HAS COMPLETED ======================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=8'
state=present

7
roles/9-local-addons/tasks/main.yml
View file

@ -3,5 +3,8 @@
- name: ...IS BEGINNING ====================================
command: echo
- name: ...HAS COMPLETED ===================================
command: echo
- name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=9'
state=present

2
roles/ajenti/tasks/main.yml
View file

@ -37,7 +37,7 @@
mode=0744
state=file
- include: ajenti-wondershaper.yml
- include_tasks: ajenti-wondershaper.yml
when: 'iiab_lan_iface != ""'
# handler doesn't fire

2
roles/awstats/tasks/main.yml
View file

@ -1,4 +1,4 @@
- include: install.yml
- include_tasks: install.yml
when: awstats_install
- name: Add AWStats to service list

2
roles/dokuwiki/tasks/main.yml
View file

@ -1,5 +1,5 @@
- name: Include the install playbook
include: install.yml
include_tasks: install.yml
when: dokuwiki_install
- name: Add DokuWiki to service list

47
roles/ejabberd/tasks/main.yml
View file

@ -14,25 +14,30 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'ejabberd-xs.cfg.j2', dest: '/etc/ejabberd/ejabberd-xs.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl.cfg', mode: '0644' }
- { src: 'ejabberd-xs', dest: '/etc/sysconfig/ejabberd-xs', mode: '0755' }
- { src: 'ejabberd-iiab.cfg.j2', dest: '/etc/ejabberd/ejabberd-iiab.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl-iiab.cfg', mode: '0644' }
- { src: 'ejabberd-iiab', dest: '/etc/sysconfig/ejabberd-iiab', mode: '0755' }
# - { src: 'ejabberd-domain-config', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd', mode: '0755'}
# - { src: 'ejabberd', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd' , mode: '0755' }
- { src: 'ejabberd-xs.service.j2', dest: '/etc/systemd/system/ejabberd-xs.service', mode: '0755' }
- { src: 'xs-ejabberd-srg', dest: '/usr/bin/xs-ejabberd-srg' , mode: '0755' }
- { src: '10-ejabberdmoodle', dest: '/etc/sudoers.d/10-ejabberdmoodle', mode: '0440' }
- { src: 'ejabberd-iiab.service.j2', dest: '/etc/systemd/system/ejabberd-iiab.service', mode: '0755' }
- { src: 'iiab-ejabberd-srg', dest: '/usr/bin/iiab-ejabberd-srg' , mode: '0755' }
# - { src: '10-ejabberdmoodle', dest: '/etc/sudoers.d/10-ejabberdmoodle', mode: '0440' }
- { src: 'ejabberd.tmpfiles', dest: '/etc/tmpfiles.d/ejabberd.conf', mode: '0640' }
register: ejabberd_config
- name: Stop and disable OS provided systemd ejabberd service
service: name=ejabberd
state=stopped
enabled=no
- name: Put the startup script in place - debian
template: src='ejabberd-xs.init'
dest='/etc/init.d/ejabberd-xs'
template: src='ejabberd-iiab.init'
dest='/etc/init.d/ejabberd-iiab'
when: is_debuntu
- name: Put the startup script in place - non debian
template: src='ejabberd-xs.init'
dest='/usr/libexec/ejabberd-xs'
template: src='ejabberd-iiab.init'
dest='/usr/libexec/ejabberd-iiab'
when: not is_debuntu
- name: Remove ejabberd_domain if domain changes
@ -41,14 +46,14 @@
when: ejabberd_config.changed
- name: Enable ejabberd service
file: src=/etc/systemd/system/ejabberd-xs.service
dest=/etc/systemd/system/multi-user.target.wants/ejabberd-xs.service
file: src=/etc/systemd/system/ejabberd-iiab.service
dest=/etc/systemd/system/multi-user.target.wants/ejabberd-iiab.service
owner=root
group=root
state=link
- name: Start ejabberd service
service: name=ejabberd-xs
service: name=ejabberd-iiab
state=restarted
enabled=yes
when: ejabberd_config.changed and ejabberd_enabled
@ -60,10 +65,14 @@
timeout=300
when: ejabberd_config.changed and ejabberd_enabled
- name: Create online group
shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
when: ejabberd_config.changed and not is_debuntu
# ejabberd-iiab.init has the logic for the below, needs to be done once
# and only if the group does not exist based on presence of
# /var/lib/ejabberd online_src_created
- name: Add all users to online group
shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
when: ejabberd_config.changed and not is_debuntu
#- name: Create online group
# shell: ejabberdctl srg_create Online "{{ iiab_hostname }}" Online "Online_Users" Online
# when: ejabberd_config.changed
#- name: Add all users to online group
# shell: ejabberdctl srg_user_add '@online@' "{{ iiab_hostname }}" Online "schoolserver"
# when: ejabberd_config.changed

4
roles/ejabberd/templates/ejabberd
View file

@ -3,9 +3,9 @@
#
# ejabberd now handles domain changes in the initrd script
#
SERVICE_NAME=ejabberd-xs
SERVICE_NAME=ejabberd-iiab
CONFIG_LIST="/etc/ejabberd/ejabberd-xs.cfg"
CONFIG_LIST="/etc/ejabberd/ejabberd-iiab.cfg"
# taken from ejabberd spec %post
# taken from ejabberd spec %post

2
roles/ejabberd/templates/ejabberd-xs → roles/ejabberd/templates/ejabberd-iiab
View file

@ -2,7 +2,7 @@
## Where should ejabberd find its configuration file?
#
CONFIG_FILE=/etc/ejabberd/ejabberd-xs.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-iiab.cfg
## ULIMIT_MAX_FILES alters the number of files that ejabberd is
## allowed to have open at once. If it is unset the system default

0
roles/ejabberd/templates/ejabberd-xs.cfg.j2 → roles/ejabberd/templates/ejabberd-iiab.cfg.j2
View file

24
roles/ejabberd/templates/ejabberd-xs.init → roles/ejabberd/templates/ejabberd-iiab.init
View file

@ -17,14 +17,17 @@
# Description: A distributed, fault-tolerant Jabber/XMPP server
### END INIT INFO
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
. /etc/rc.d/init.d/functions
if [ -r /etc/sysconfig/ejabberd-xs ]; then
. /etc/sysconfig/ejabberd-xs
if [ -r /etc/sysconfig/ejabberd-iiab ]; then
. /etc/sysconfig/ejabberd-iiab
fi
if [ ! "$CONFIG_FILE" ]; then
CONFIG_FILE=/etc/ejabberd/ejabberd.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-iiab.cfg
fi
# /var/run is tmpfs in fc18, so need to create every time
@ -34,25 +37,22 @@ chown ejabberd:ejabberd /var/run/ejabberd
# avoid using consolehelper, call ejabberdctl directly
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
check_domain_configured() {
if [ ! -e /etc/sysconfig/xs_domain_name ]; then
echo "Domain not configured yet" > /dev/stderr
if [ ! -e $SYS_DOMAIN_FILE ]; then
echo "Domain not configured yet 1" > /dev/stderr
exit 1;
fi
domain=`cat "$SYS_DOMAIN_FILE" `
if [ "$domain" == "random.xs.laptop.org" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 2" > /dev/stderr
exit 1;
fi
#hostname=`hostname -f`
hostname=`hostname `
if [ "$hostname" == "localhost.localdomain" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 3" > /dev/stderr
fi
# if [ "$hostname" != "schoolserver.$domain" ]; then
@ -149,7 +149,7 @@ start() {
fi
daemon --user=ejabberd $progctl start --config $CONFIG_FILE \
--ctl-config /etc/ejabberd/ejabberdctl.cfg \
--ctl-config /etc/ejabberd/ejabberdctl-iiab.cfg \
--logs "/var/log/ejabberd" \
--spool "/var/lib/ejabberd/spool" \
2>/dev/null
@ -218,5 +218,3 @@ case "$1" in
esac
exit $RETVAL

6
roles/ejabberd/templates/ejabberd-xs.service.j2 → roles/ejabberd/templates/ejabberd-iiab.service.j2
View file

@ -8,9 +8,9 @@ User=root
Group=root
LimitNOFILE=50000
RestartSec=5
EnvironmentFile=/etc/sysconfig/ejabberd-xs
ExecStart=/usr/libexec/ejabberd-xs start
ExecStop=/usr/libexec/ejabberd-xs stop
EnvironmentFile=/etc/sysconfig/ejabberd-iiab
ExecStart=/usr/libexec/ejabberd-iiab start
ExecStop=/usr/libexec/ejabberd-iiab stop
RemainAfterExit=yes
[Install]

2
roles/ejabberd/templates/xs-ejabberd-srg → roles/ejabberd/templates/iiab-ejabberd-srg
View file

@ -2,7 +2,7 @@
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
setup_online_srg() {

17
roles/ejabberd_xs/tasks/main.yml
View file

@ -34,7 +34,7 @@
mode={{ item.mode }}
with_items:
- { src: 'ejabberd-xs.cfg.j2', dest: '/etc/ejabberd/ejabberd-xs.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl.cfg', mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl-xs.cfg', mode: '0644' }
- { src: 'ejabberd-xs', dest: '/etc/sysconfig/ejabberd-xs', mode: '0755' }
# - { src: 'ejabberd-domain-config', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd', mode: '0755'}
# - { src: 'ejabberd', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd' , mode: '0755' }
@ -76,13 +76,10 @@
timeout=300
when: ejabberd_config.changed and ejabberd_xs_enabled
- name: Create online group
shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
- name: Add all users to online group
shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
#- name: Create online group
# shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
# when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
#- name: Add all users to online group
# shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
# when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled

18
roles/ejabberd_xs/templates/ejabberd-xs.init
View file

@ -17,6 +17,9 @@
# Description: A distributed, fault-tolerant Jabber/XMPP server
### END INIT INFO
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
. /etc/rc.d/init.d/functions
if [ -r /etc/sysconfig/ejabberd-xs ]; then
@ -24,7 +27,7 @@ if [ -r /etc/sysconfig/ejabberd-xs ]; then
fi
if [ ! "$CONFIG_FILE" ]; then
CONFIG_FILE=/etc/ejabberd/ejabberd.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-xs.cfg
fi
# /var/run is tmpfs in fc18, so need to create every time
@ -34,25 +37,22 @@ chown ejabberd:ejabberd /var/run/ejabberd
# avoid using consolehelper, call ejabberdctl directly
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
check_domain_configured() {
if [ ! -e /etc/sysconfig/xs_domain_name ]; then
echo "Domain not configured yet" > /dev/stderr
if [ ! -e $SYS_DOMAIN_FILE ]; then
echo "Domain not configured yet 1" > /dev/stderr
exit 1;
fi
domain=`cat "$SYS_DOMAIN_FILE" `
if [ "$domain" == "random.xs.laptop.org" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 2" > /dev/stderr
exit 1;
fi
#hostname=`hostname -f`
hostname=`hostname `
if [ "$hostname" == "localhost.localdomain" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 3" > /dev/stderr
fi
# if [ "$hostname" != "schoolserver.$domain" ]; then
@ -149,7 +149,7 @@ start() {
fi
daemon --user=ejabberd $progctl start --config $CONFIG_FILE \
--ctl-config /etc/ejabberd/ejabberdctl.cfg \
--ctl-config /etc/ejabberd/ejabberdctl-xs.cfg \
--logs "/var/log/ejabberd" \
--spool "/var/lib/ejabberd/spool" \
2>/dev/null

2
roles/httpd/tasks/main.yml
View file

@ -142,7 +142,7 @@
state=absent
when: is_debuntu
- include: html.yml
- include_tasks: html.yml
tags:
- base

4
roles/iiab-admin/tasks/main.yml
View file

@ -1,9 +1,9 @@
- include: admin-user.yml
- include_tasks: admin-user.yml
tags:
- base
when: not no_admin is defined
- include: access.yml
- include_tasks: access.yml
tags:
- base

30
roles/kiwix/tasks/kiwix_install.yml
View file

@ -1,4 +1,4 @@
- name: Create various directories for ZIM files
- name: Create various directories for Kiwix's ZIM files
file: path={{ item }}
owner=root
group=root
@ -9,11 +9,11 @@
- "{{ kiwix_content_path }}"
- "{{ iiab_zim_path }}/index"
- name: Check for kiwix-serve binary
- name: Check for 'kiwix-serve' binary
stat: path={{ iiab_base }}/kiwix/bin/kiwix-serve
register: kiwix_bin
- name: Set kiwix first pass
- name: Set kiwix_first_pass
set_fact:
kiwix_first_pass: True
when: kiwix_bin.stat.exists is defined and not kiwix_bin.stat.exists
@ -47,7 +47,7 @@
group=root
when: not kiwix_src_bin_only and kiwix_first_pass
- name: Create directory for kiwix bin
- name: Create kiwix/bin directory
file: path="{{ iiab_base }}/kiwix/bin"
owner=root
group=root
@ -63,7 +63,7 @@
- rewrite
when: is_debuntu
- name: Unarchive it to permanent location - bin only
- name: Unarchive Kiwix to permanent location - bin only
unarchive: src="{{ downloads_dir }}/{{ kiwix_src_file }}"
dest="{{ iiab_base }}/kiwix/bin"
owner=root
@ -71,25 +71,25 @@
when: kiwix_src_bin_only and kiwix_first_pass
# workaround because unarchive does not set ownership properly
- name: Set kiwix ownership to root [WARNING chown -R across all of /opt/iiab]
command: "chown -R root:root {{ iiab_base }}"
- name: "Set ownership: 'chown -R root:root /opt/iiab/kiwix'"
command: "chown -R root:root {{ iiab_base }}/kiwix"
# workaround because kiwix-serve does not stay running
- name: Make an entry in crontab to restart every hour
- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu)
# * * * * * user-name command to be executed
lineinfile: line="15 * * * * root /bin/systemctl restart kiwix-serve.service"
lineinfile: line="0 4 * * * root /bin/systemctl restart kiwix-serve.service"
dest=/etc/crontab
when: is_debuntu
- name: Make an entry in crontab to restart every hour
- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat)
# * * * * * user-name command to be executed
lineinfile: line="15 * * * * root /usr/bin/systemctl restart kiwix-serve.service"
lineinfile: line="0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service"
dest=/etc/crontab
when: is_redhat
# Create kiwix service
- name: Create kiwix-serve service
- name: Create 'kiwix-serve' service
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
@ -105,7 +105,7 @@
- { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'}
- name: Add kiwix-serve to list of services
- name: Add 'kiwix-serve' to list of services
ini_file: dest='{{ service_filelist }}'
section=kiwix-serve
option='{{ item.option }}'
@ -130,13 +130,13 @@
- option: enabled
value: "{{ kiwix_enabled }}"
- name: Enable kiwix-serve service
- name: Enable 'kiwix-serve' service
service: name=kiwix-serve
enabled=yes
state=restarted
when: kiwix_enabled
- name: Disable kiwix-serve service
- name: Disable 'kiwix-serve' service
service: name=kiwix-serve
enabled=no
state=stopped

2
roles/kiwix/tasks/main.yml
View file

@ -20,7 +20,7 @@
get_url: url="{{ iiab_download_url }}/{{ kiwix_src_file }}" dest="{{ downloads_dir }}/{{ kiwix_src_file }}"
when: internet_available
- include: kiwix_install.yml
- include_tasks: kiwix_install.yml
when: kiwix_src_file is defined
tags:
- kiwix

4
roles/mysql/tasks/main.yml
View file

@ -45,12 +45,12 @@
tags:
- download
- include: centos.yml
- include_tasks: centos.yml
when: ansible_distribution == "CentOS"
tags:
- download
- include: fedora.yml
- include_tasks: fedora.yml
when: ansible_distribution == "Fedora"
tags:
- download

32
roles/network/defaults/main.yml
View file

@ -8,18 +8,23 @@ gui_static_wan: False
# Set defaults for discovery process as strings
wifi1: "not found-1"
wifi2: "not found-2"
discovered_lan_iface: "none"
discovered_wireless_iface: "none"
#Redhat
iiab_lan_iface: "none"
iiab_wan_iface: "none"
iiab_wireless_lan_iface: "none"
ap_device: "none"
device_gw: "none"
device_gw2: ""
iiab_wan_iface: "none"
iiab_lan_iface: "none"
#discovered_lan_iface: "none"
discovered_wired_iface: "none"
discovered_wireless_iface: "none"
#iiab_wired_lan_iface: "none"
#iiab_wireless_lan_iface: "none"
#Redhat
has_WAN: False
has_ifcfg_gw: "none"
has_wifi_gw: "none"
ap_device: "none"
#Debian
dhcpcd_result: ""
wan_in_interfaces: False
@ -33,7 +38,7 @@ wondershaper_upspeed: "1024"
# WiFi
host_ssid: IIAB
hostapd_wait: 10
hostapd_wait: 1
host_wifi_mode: g
host_channel: 6
host_wireless_n: False
@ -43,6 +48,15 @@ hostapd_password: "iiab2017"
driver_name: nl80211
network_config_dir: /etc/network/interfaces.d
iiab_network_mode: "Gateway"
#iiab_network_mode: "Gateway"
dns_jail_enabled: False
services_externally_visible: False
# following variables set for old apache,dhcpd,named usage
dhcpd_install: True
dhcpd_enabled: True
named_install: True
named_enabled: True
dnsmasq_enabled: False
dnsmasq_install: False
captive_portal_enabled: False

22
roles/network/tasks/avahi.yml
View file

@ -1,25 +1,3 @@
- name: Install avahi package
package: name={{ item }}
state=present
with_items:
- libnss-mdns
- avahi-daemon
- avahi-discover
when: is_debuntu
tags:
- download
- name: Install avahi package
package: name={{ item }}
state=present
with_items:
- nss-mdns
- avahi
- avahi-tools
when: not is_debuntu
tags:
- download
- name: Create a user for avahi
user: name=avahi
createhome=no

33
roles/network/tasks/computed_services.yml
View file

@ -2,16 +2,12 @@
set_fact:
dansguardian_enabled: False
squid_enabled: False
named_enabled: True
dhcpd_enabled: False
wondershaper_enabled: False
iiab_network_mode: "Appliance"
when: iiab_lan_iface == "none" or user_lan_iface == "none"
- name: LAN configured - 'LanController' mode
set_fact:
named_enabled: True
dhcpd_enabled: True
dansguardian_enabled: False
squid_enabled: False
wondershaper_enabled: False
@ -19,11 +15,30 @@
when: iiab_lan_iface != "" and iiab_wan_iface == "none"
- name: LAN configured - 'Gateway' mode
set_fact:
iiab_network_mode: "Gateway"
when: iiab_lan_iface != "none" and iiab_wan_iface != "none"
- name: No LAN configured - non-dnsmasq
set_fact:
named_enabled: True
dhcpd_enabled: False
dhcp_service2: "dhcpd"
when: not dnsmasq_enabled and iiab_network_mode == "Appliance"
- name: LAN configured - non-dnsmasq
set_fact:
named_enabled: True
dhcpd_enabled: True
iiab_network_mode: "Gateway"
when: 'iiab_lan_iface != "none" and iiab_wan_iface != "none"'
dhcp_service2: "dhcpd"
when: not dnsmasq_enabled and iiab_network_mode != "Appliance"
- name: LAN configured - dnsmasq
set_fact:
named_enabled: False
dhcpd_enabled: False
dhcp_service2: "dnsmasq"
when: dnsmasq_install and dnsmasq_enabled and iiab_network_mode != "Appliance"
- name: Add location section to config file
ini_file: dest='{{ iiab_config_file }}'
@ -33,3 +48,9 @@
with_items:
- option: 'iiab_network_mode_applied'
value: '{{ iiab_network_mode }}'
- option: 'dhcp_service2'
value: '{{ dhcp_service2 }}'
- option: 'dnsmasq_enabled'
value: '{{ dnsmasq_enabled }}'
- option: 'no_net_restart'
value: '{{ no_net_restart }}'

6
roles/network/tasks/dansguardian.yml
View file

@ -7,7 +7,7 @@
- download
- name: Copy DansGuardian config file
template: src=squid/dansguardian.conf.j2
template: src=roles/network/templates/squid/dansguardian.conf.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=dansguardian
@ -15,7 +15,7 @@
when: ansible_distribution == "Fedora"
- name: Copy DansGuardian config file
template: src=squid/dansguardian.conf.debian.j2
template: src=roles/network/templates/squid/dansguardian.conf.debian.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=dansguardian
@ -23,7 +23,7 @@
when: is_debuntu
- name: Copy DansGuardian config file for CentOS
template: src=squid/dansguardian.conf.centos.j2
template: src=roles/network/templates/squid/dansguardian.conf.centos.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=vscan

120
roles/network/tasks/debian.yml
View file

@ -10,93 +10,69 @@
# 5. In gateway: eth0 is wan, and wlan0 is under br0 (only one adapter under br0)
# 6. As a slight concess to auto config, if eth1 exists, make it wan, and force gateway
- name: In upgrade from earlier IIAB 6.2, delete the resolvconf
package: name=resolvconf
state=absent
enabled=False
ignore_errors: True
#- name: In upgrade from earlier IIAB 6.2, delete the resolvconf
# package: name=resolvconf
# state=absent
# enabled=False
# ignore_errors: True
- name: Get the dhcp client daemon used in recent Raspbian
package: name=dhcpcd5
state=present
#- name: Get the dhcp client daemon used in recent raspbian
# package: name=dhcpcd5
# state=present
- name: For upgrades from earlier IIAB 6.2, remove br0 file
file: path=/etc/network/interfaces.d/br0
state=absent
when: iiab_lan_iface != "br0" and wan_ip == "dhcp"
- name: Default to 'lan_controller'
set_fact:
gui_desired_network_role: "lan_controller"
when: not gui_desired_network_role is defined
- name: Supply resolvconf.conf
template: dest=/etc/resolvconf.conf
src=network/resolvconf.j2
- name: Recover from putting config in /etc/network/interfaces
template: dest=/etc/network/interfaces
src=network/interfaces.j2
- name: Supply dhcpcd.conf
template: dest=/etc/dhcpcd.conf
src=network/dhcpcd.conf.j2
when: dhcpcd_result == "enabled"
- name: Copy the bridge script
template: dest=/etc/network/interfaces.d/iiab
src=network/iiab.j2
register: interface
src=network/systemd.j2
when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp")
- name: Start up the dhcpcd service
service: name=dhcpcd
enabled=True
state=started
- name: Copy the bridge script for RPi
template: dest=/etc/network/interfaces.d/iiab
src=network/rpi.j2
when: is_rpi and iiab_lan_iface == "br0"
- name: If this was a change, things need to shift
service: name=hostapd state=stopped
when: interface.changed
- name: bind may be affected
service: name={{ dns_service }} state=stopped
when: named_install and dnsmasq_enabled
- name: dhcpd may be affected
service: name=bind9 state=stopped
when: interface.changed
# dhcpd_server release the interface
- name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped
when: dhcpd_install
- name: Restart the networking service
service: name=networking state=restarted
when: interface.changed
- name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped
when: dnsmasq_install
- name: Start up hostapd again
service: name=hostapd state=started
when: interface.changed
- name: reload systemd
shell: systemctl daemon-reload
- name: dhcpd may be affected
service: name=bind9 state=started
when: interface.changed
# now pick up denyinterfaces
- name: restart dhcpcd
service: name=dhcpcd state=restarted
when: dhcpcd_result == "enabled"
#create lan br0 if lan_controller or gateway
#create wan br0 if appliance
#allocate wlan0 under br0 in all cases
#allocate eth0 under br0 if appliance, alone if gateway
- name: restart the networking service
service: name=networking state=restarted
when: not nobridge is defined and not no_net_restart
- name: Add location section to config file
ini_file: dest='{{ iiab_config_file }}'
section=network
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'gateway_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'gateway_ifcfg'
value: '{{ has_ifcfg_gw }}'
- option: 'detected_gateway'
value: '{{ discovered_wan_iface }}'
- option: 'prior_gateway'
value: '{{ device_gw2 }}'
- option: 'wireless_list_1'
value: '{{ wifi1 }}'
- option: 'wireless_list_2'
value: '{{ wifi2 }}'
- option: 'num_wifi_interfaces'
value: '{{ num_wifi_interfaces }}'
- option: 'discovered_wireless_iface'
value: '{{ discovered_wireless_iface }}'
- option: 'iiab_wireless_lan_iface'
value: '{{ iiab_wireless_lan_iface }}'
- option: 'num_lan_interfaces'
value: '{{ num_lan_interfaces }}'
- option: 'detected_lan'
value: '{{ discovered_lan_iface }}'
- option: 'static_wan'
value: '{{ gui_static_wan }}'
- name: restart hostapd when wifi is present
service: name=hostapd state=restarted
when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
#- name: dhcp_server may be affected - starting - user choice
# service: name={{ dhcp_service2 }} state=started
# when: iiab_network_mode != "Appliance"

136
roles/network/tasks/detected_network.yml
View file

@ -1,35 +1,43 @@
- name: Checking iiab_domain_name
shell: "cat /etc/sysconfig/iiab_domain_name"
register: prior_domain
when: not first_run
# above always registers
- name: Checking for prior domain name
set_fact:
iiab_domain: "{{ prior_domain.stdout }}"
when: not first_run and prior_domain.stdout != "lan" and prior_domain.stdout != ""
- name: iiab_wan_device
shell: "cat /etc/sysconfig/iiab_wan_device"
shell: grep IIAB_WAN_DEVICE /etc/iiab/iiab.env | awk -F "=" '{print $2}'
when: iiab_stage|int > 4
register: prior_gw
when: not first_run
- name: Checking for old device gateway interface for device test
set_fact:
device_gw: "{{ prior_gw.stdout }}"
device_gw2: "{{ prior_gw.stdout }}"
when: not first_run and prior_gw is defined and prior_gw.stdout != ""
device_gw: "{{ prior_gw.stdout }}"
device_gw2: "{{ prior_gw.stdout }}"
when: iiab_stage|int > 4 and prior_gw is defined and prior_gw.stdout != ""
- name: Setting WAN if detected
set_fact:
iiab_wan_iface: "{{ discovered_wan_iface }}"
device_gw: "{{ discovered_wan_iface }}"
when: discovered_wan_iface != "none"
iiab_wan_iface: "{{ discovered_wan_iface }}"
device_gw: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: RedHat network detection
include: detected_redhat.yml
include_tasks: detected_redhat.yml
when: is_redhat
- name: check to see if dhcpcd is installed and active - Can Fail
shell: systemctl is-enabled dhcpcd
register: dhcpcd_test
ignore_errors: True
- name: setting dhcpcd_test results
set_fact:
dhcpcd_result: "{{ dhcpcd_test.stdout }}"
- name: check /etc/network/interfaces for gateway
shell: grep {{ device_gw }} /etc/network/interfaces | wc -l
when: is_debuntu
register: wan_file
- name: setting wan_in_interfaces
set_fact:
wan_in_interfaces: True
when: is_debuntu and wan_file.stdout|int >= 0
# WIRELESS -- if any wireless is detected as gateway, it becomes WAN
- name: Look for any wireless interfaces
shell: "cat /proc/net/wireless | grep -v -e Inter -e face | awk -F: '{print $1}' "
@ -65,6 +73,7 @@
shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}' | wc -l"
register: count_wifi_interfaces
# facts are apparently all stored as text, so do text comparisons from here on
- name: Remember number of WiFi devices
set_fact:
num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}"
@ -90,22 +99,12 @@
ignore_errors: True
changed_when: false
# Select an adapter that is not WAN and not wireless
# if there is more than one the last one wins
- name: Set IIAB discovered_lan_iface fact
set_fact:
discovered_lan_iface: "{{ item|trim }}"
when: item|trim != discovered_wireless_iface and item|trim != discovered_wan_iface
with_items:
- "{{ lan_list_result.stdout_lines }}"
- name: Count LAN ifaces
shell: ls /sys/class/net | grep -v -e wwlan -e ppp -e lo -e br0 -e tun -e {{ device_gw }} -e {{ ap_device }} | wc -l
register: num_lan_interfaces_result
ignore_errors: True
changed_when: false
# facts are apparently all stored as text, so do text comparisons from here on
- name: Calulate number of LAN interfaces including WiFi
set_fact:
num_lan_interfaces: "{{ num_lan_interfaces_result.stdout|int }}"
@ -118,35 +117,60 @@
# num_lan_interfaces: "1"
# when: iiab_lan_enabled and iiab_wan_enabled and num_lan_interfaces == "2" and discovered_wireless_iface != "none" and iiab_wan_iface == "none"
- name: Set variable discovered_wireless_iface if present
# Select an adapter that is not WAN and not wireless
# if there is more than one the last one wins
- name: Set discovered_wired_iface fact if present
set_fact:
discovered_wired_iface: "{{ item|trim }}"
when: item|trim != discovered_wireless_iface
with_items:
- "{{ lan_list_result.stdout_lines }}"
- name: Set discovered_wireless_lan_iface fact if present
set_fact:
iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
when: discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface
when: discovered_wireless_iface is defined and discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface
- name: Set variable discovered_wired_lan_iface if present
set_fact:
iiab_wired_lan_iface: "{{ discovered_wired_iface }}"
when: discovered_wired_iface is defined and discovered_wired_iface != "none" and discovered_wired_iface != iiab_wan_iface
#unused
#- name: Get a list of ifcfg files to delete
# moved to detected_redhat
# use value only if present
- name: Setting detected LAN
set_fact:
iiab_lan_iface: "{{ discovered_lan_iface }}"
when: 'discovered_lan_iface != "none" and num_lan_interfaces == "1"'
- name: For Debian, always use bridging
set_fact:
iiab_lan_iface: br0
when: 'discovered_lan_iface != "none" and num_lan_interfaces >= "1" and is_debuntu'
- name: 2 or more devices on the LAN - use bridging
set_fact:
iiab_lan_iface: br0
when: 'discovered_lan_iface != "none" and num_lan_interfaces >= "2" and not is_debian'
iiab_lan_iface: br0
when: num_lan_interfaces >= 2 and not is_rpi
- name: WiFi is on the LAN - use bridging
- name: For Debian, always use bridging - except RPi
set_fact:
iiab_lan_iface: br0
when: iiab_wireless_lan_iface != "none"
iiab_lan_iface: br0
when: num_lan_interfaces >= 1 and is_debuntu and not is_rpi
- name: WiFi is on the LAN - use bridging - except RPi
set_fact:
iiab_lan_iface: br0
when: iiab_wireless_lan_iface is defined and not nobridge is defined
- name: Setting wired LAN as only interface - RPi
set_fact:
iiab_lan_iface: "{{ iiab_wired_lan_iface }}"
when: iiab_wired_lan_iface is defined and nobridge is defined
- name: Setting wireless LAN as only interface - RPi
set_fact:
iiab_lan_iface: "{{ iiab_wireless_lan_iface }}"
when: iiab_wireless_lan_iface is defined and nobridge is defined
- name: in VM disable LAN - needs local_vars entry to activate
set_fact:
iiab_lan_iface: none
no_net_restart: True
when: is_VM is defined
# OK try old gw this is a best guess based on what's in
# /etc/sysconfig/iiab_wan_device's last state intended to
@ -165,10 +189,12 @@
with_items:
- option: 'has_ifcfg_gw'
value: '{{ has_ifcfg_gw }}'
- option: 'discovered_wan_iface'
value: '{{ discovered_wan_iface }}'
- option: 'prior_gateway_(device_gw2)'
value: '{{ device_gw2 }}'
- option: 'dhcpcd_result'
value: '{{ dhcpcd_result }}'
- option: 'wan_in_interfaces'
value: '{{ wan_in_interfaces }}'
- option: 'wireless_list_1(wifi1)'
value: '{{ wifi1 }}'
- option: 'wireless_list_2(wifi2)'
@ -177,11 +203,15 @@
value: '{{ num_wifi_interfaces }}'
- option: 'discovered_wireless_iface'
value: '{{ discovered_wireless_iface }}'
- option: 'iiab_wireless_lan_iface'
value: '{{ iiab_wireless_lan_iface }}'
- option: 'discovered_wired_iface'
value: '{{ discovered_wired_iface }}'
# - option: 'iiab_wireless_lan_iface'
# value: '{{ iiab_wireless_lan_iface }}'
- option: 'num_lan_interfaces'
value: '{{ num_lan_interfaces }}'
- option: 'discovered_lan_iface'
value: '{{ discovered_lan_iface }}'
- option: 'gui_static_wan'
value: '{{ gui_static_wan }}'
- option: 'iiab_lan_iface'
value: '{{ iiab_lan_iface }}'
- option: 'iiab_wan_iface'
value: '{{ iiab_wan_iface }}'

4
roles/network/tasks/dhcpd.yml
View file

@ -15,6 +15,7 @@
- name: Create non-privileged user
user: name=dhcpd
createhome=no
when: is_debuntu
- name: Configure dhcpd
template: src={{ item.src }}
@ -23,8 +24,7 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
- { src: 'dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
- { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
- name: Create dhcpd needed files
command: touch /var/lib/dhcpd/dhcpd.leases

12
roles/network/tasks/dnsmasq.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Install dnsmasq
package: name=dnsmasq state=present
- name: Configure dhcpd
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
with_items:
- { src: 'network/dnsmasq.service.rh', dest: '/etc/systemd/system/dnsmasq.service', mode: '0644' }

50
roles/network/tasks/enable_services.yml
View file

@ -1,13 +1,19 @@
- name: Disable stock dhcp_service
service: name={{ dhcp_service }}
enabled=no
state=stopped
when: dhcpd_install and first_run and is_debuntu
- name: Disable dhcpd service
service: name=dhcpd
enabled=no
when: not dhcpd_enabled
when: not dhcpd_enabled and dhcpd_install
# service is restarted with NM dispatcher.d script
- name: Enable dhcpd service
service: name=dhcpd
enabled=yes
when: dhcpd_enabled
when: dhcpd_enabled and dhcpd_install
- name: Copy /etc/sysconfig/dhcpd file
template: src={{ item.src }}
@ -17,7 +23,8 @@
mode={{ item.mode }}
with_items:
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
when: dhcpd_enabled
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
when: dhcpd_enabled and dhcpd_install
- name: Copy named file
template: src={{ item.src }}
@ -32,14 +39,28 @@
- name: Enable named service
service: name={{ dns_service }}
enabled=yes
when: named_enabled
when: named_enabled and named_install
- name: Disable named service
service: name={{ dns_service }}
enabled=no
when: not named_enabled
when: not named_enabled and named_install
- name: Enable DansGuardian
- name: Disable dnsmasq
service: name=dnsmasq
enabled=no
when: not dnsmasq_enabled and dnsmasq_install
- name: dnsmasq copy config file to /etc
template: src=network/dnsmasq.conf dest=/etc/
when: dnsmasq_enabled and dnsmasq_install
- name: Enable dnsmasq
service: name=dnsmasq
enabled=yes
when: dnsmasq_enabled and dnsmasq_install
- name: Enable dansguardian
service: name=dansguardian
enabled=yes
when: dansguardian_enabled and dansguardian_install
@ -50,9 +71,11 @@
when: not dansguardian_enabled and dansguardian_install
- name: Create xs_httpcache flag
shell: echo 1 > /etc/sysconfig/xs_httpcache_on
creates=/etc/sysconfig/xs_httpcache_on
when: squid_enabled
lineinfile: dest=/etc/iiab/iiab.env
regexp='^HTTPCACHE_ON=*'
line='HTTPCACHE_ON=True'
state=present
when: squid_enabled and squid_install
- name: Enable Squid service
service: name={{ proxy }}
@ -85,8 +108,10 @@
when: not squid_enabled and squid_install
- name: Remove xs_httpcache flag
file: path=/etc/sysconfig/xs_httpcache_on
state=absent
lineinfile: dest=/etc/iiab/iiab.env
regexp='^HTTPCACHE_ON=*'
line='HTTPCACHE_ON=False'
state=present
when: not squid_enabled
- name: Enable Wondershaper service
@ -110,9 +135,6 @@
- { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' }
- { 0: 'gateway/check-LAN', 1: '/usr/bin/check-LAN' }
- name: Execute the script that sets up userspace firewall
shell: iiab-gen-iptables
- name: Add 'squid' to service list
ini_file: dest='{{ service_filelist }}'
section=squid

30
roles/network/tasks/hostapd.yml
View file

@ -4,13 +4,12 @@
owner=root
group=root
mode=0644
when: iiab_wireless_lan_iface != "none"
when: discovered_wireless_iface is defined
- name: Disable the Access Point hostapd program
- name: Disable the Access Point Hostapd program
service: enabled=no
name=hostapd.service
state=stopped
when: iiab_wireless_lan_iface == "none" or iiab_network_mode == "Appliance" or not hostapd_enabled
when: not iiab_wireless_lan_iface is defined or iiab_network_mode == "Appliance" or not hostapd_enabled
- name: Use custom systemd unit file to start hostapd
template: src=hostapd/hostapd.service.j2
@ -19,26 +18,7 @@
group=root
mode=0644
- name: Ask systemd to reread the unit files for hostapd
shell: systemctl daemon-reload
- name: Enable the Access Point hostapd program
- name: Enable the Access Point Hostapd program
service: enabled=yes
name=hostapd.service
state=restarted
when: iiab_wireless_lan_iface != "none" and iiab_network_mode != "Appliance" and hostapd_enabled
- name: Checking if slave is active waiting 10 seconds
shell: "sleep {{ hostapd_wait }} | brctl show | grep {{ iiab_wireless_lan_iface }}"
ignore_errors: True
changed_when: False
register: wifi_slave
when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none"
- name: Restart hostapd if slave is inactive
service: name=hostapd.service
state=restarted
when: is_debuntu and iiab_lan_iface == "br0" and item|trim == ""
with_items:
- "{{ wifi_slave.stdout }}"
ignore_errors: true
when: iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance" and hostapd_enabled

8
roles/network/tasks/hosts.yml
View file

@ -1,12 +1,4 @@
#TODO: Use vars instead of hardcoded values
- name: Configure short hostname in /etc/hosts
lineinfile: dest=/etc/hosts
regexp='^127\.0\.0\.1'
line='127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}'
owner=root
group=root
mode=0644
- name: Remove fqdn in /etc/hosts without LAN
lineinfile: dest=/etc/hosts
regexp='^172\.18\.96\.1'

39
roles/network/tasks/ifcfg_mods.yml
View file

@ -14,35 +14,47 @@
# clear all bridge ifcfg files
- name: Now delete slave bridge ifcfg files
shell: rm -f /etc/sysconfig/network-scripts/ifcfg-"{{ item }}"
when: num_lan_interfaces != "0" or iiab_wireless_lan_iface != "none"
when: num_lan_interfaces != 0 or iiab_wireless_lan_iface != "none"
with_items:
- "{{ ifcfg_slaves.stdout_lines }}"
- name: Now delete original ifcfg files
shell: rm -f /etc/sysconfig/network-scripts/ifcfg-"{{ item }}"
when: num_lan_interfaces == "1" and iiab_lan_iface != "br0"
when: num_lan_interfaces == 1 and iiab_lan_iface != "br0"
with_items:
- "{{ discovered_lan_iface }}"
- name: bind may be affected
service: name={{ dns_service }} state=stopped
when: named_install and dnsmasq_enabled
- name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped
when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped
when: dnsmasq_install
- name: Stop the LAN/Bridge deleting iiab-LAN
shell: nmcli con delete id iiab-LAN
ignore_errors: True
changed_when: False
when: (num_lan_interfaces != "0" or iiab_wireless_lan_iface != "none")
when: (num_lan_interfaces != 0 or iiab_wireless_lan_iface != "none")
## vars/ users should set user_wan_iface to avoid messy redetect
- include: redetect.yml
- include_tasks: redetect.yml
when: discovered_wan_iface == "none" and user_wan_iface == "auto"
# move gateway if not WAN
# might have wifi info if wireless is used as uplink.
- include: edit_ifcfg.yml
- include_tasks: edit_ifcfg.yml
when: has_wifi_gw == "none" and has_ifcfg_gw != "none" and has_ifcfg_gw != "/etc/sysconfig/network-scripts/ifcfg-WAN"
# create ifcfg-WAN if missing
# if we get here we have gateway but no ifcfg file
- include: create_ifcfg.yml
when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode
#- include_tasks: create_ifcfg.yml
# when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode
- name: Configuring LAN interface as iiab_lan_iface
template: src=network/ifcfg.j2
@ -64,9 +76,13 @@
tags:
- network
- include: enable_wan.yml
- include_tasks: enable_wan.yml
when: not installing and not iiab_demo_mode
- name: ask systemd to reread the unit files, picks up changes done
shell: systemctl daemon-reload
when: not installing
# monitor-connection-files defaults to no with F21, F18-F20 defaults to yes
- name: Re-read network config files
shell: nmcli con reload
@ -94,4 +110,9 @@
with_items:
- "{{ lan_list_result.stdout_lines }}"
# testpoint confirm with 'nmcli c show' 'brctl show'
#- name: restart hostapd when wifi is present
# service: name=hostapd state=started
# when: iiab_wireless_lan_iface != "none" and hostapd_enabled and iiab_network_mode != "Appliance"
#- name: dhcp_server may be affected - starting - user choice
# service: name={{ dhcp_service2 }} state=started

6
roles/network/tasks/iptables.yml
View file

@ -47,10 +47,10 @@
group='root'
mode={{ item.2 }}
with_items:
- { 0: 'gateway/iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
- { 0: 'gateway/check-LAN', 1: '/usr/bin/check-LAN', 2: '0755' }
- { 0: 'roles/network/templates/gateway/iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
- { 0: 'roles/network/templates/gateway/check-LAN', 1: '/usr/bin/check-LAN', 2: '0755' }
- name: Install Debian config
template: src=gateway/iptables dest=/etc/network/if-pre-up.d/iptables
template: src=roles/network/templates/gateway/iptables dest=/etc/network/if-pre-up.d/iptables
mode=0755
when: is_debuntu

146
roles/network/tasks/main.yml
View file

@ -1,129 +1,105 @@
- include: detected_network.yml
#- include_vars: roles/network/defaults/main.yml
#- include_vars: vars/local_vars.yml
- include_tasks: detected_network.yml
when: not installing
tags:
- network
- network-discover
- include: computed_network.yml
- include_tasks: computed_network.yml
when: not installing
tags:
- network
- network-discover
- name: Set hostname
template: dest=/etc/hostname
src=network/hostname.j2
owner=root
mode=0644
tags:
- network
- domain
- name: Configure /etc/sysconfig/network
template: src=network/sysconfig.network.j2
dest=/etc/sysconfig/network
owner=root
group=root
mode=0644
tags:
- network
- domain
- name: Create iiab_domain_name flag
template: src=network/{{ item }}.j2
dest=/etc/sysconfig/{{ item }}
mode=0644
with_items:
- iiab_domain_name
register: domainname
tags:
- network
- domain
##### Start static ip address info for first run #####
#- include: static.yml
#- include_tasks: static.yml
# when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"'
##### End static ip address info
- include: hosts.yml
tags:
- network
- include: named.yml
tags:
- named
- network
- include: dhcpd.yml
tags:
- dhcpd
- network
- include: squid.yml
tags:
- squid
- network
when: squid_install
- include: wondershaper.yml
- include_tasks: roles/network/tasks/wondershaper.yml
tags:
- wondershaper
- network
when: wondershaper_install
- include: iptables.yml
- include_tasks: hosts.yml
tags:
- iptables
- network
- hostname
- domain
- include: avahi.yml
#### start services
- include_tasks: avahi.yml
tags:
- network
- name: Ask systemd to reread the unit files, picks up changes done
shell: systemctl daemon-reload
when: not installing
- include_tasks: hostapd.yml
tags:
- network
- AP
- include: ifcfg_mods.yml
- include_tasks: computed_services.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
- include_tasks: enable_services.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
#### end services
#### Start network layout
- include_tasks: ifcfg_mods.yml
tags:
- network
when: is_redhat and not installing
- include: debian.yml
- include_tasks: debian.yml
tags:
- network
when: is_debuntu and not is_rpi and not installing
when: is_debuntu
#and not is_rpi and not installing
- include: rpi_debian.yml
tags:
- network
when: is_debuntu and is_rpi and not installing
#- include_tasks: rpi_debian.yml
# tags:
# - network
# when: is_debuntu and is_rpi and not installing
- name: Create IIAB network flags
template: src=network/{{ item }}.j2
dest=/etc/sysconfig/{{ item }}
mode=0644
with_items:
- iiab_wan_device
- iiab_lan_device
- name: Record iiab_wan_device
lineinfile: dest=/etc/iiab/iiab.env
regexp='^IIAB_WAN_DEVICE=*'
line='IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
state=present
when: not installing
tags:
- network
- include: computed_services.yml
tags:
- network
- include: enable_services.yml
tags:
- network
- include: restart.yml
- name: Record iiab_lan_device
lineinfile: dest=/etc/iiab/iiab.env
regexp='^IIAB_LAN_DEVICE=*'
line='IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
state=present
when: not installing
tags:
- network
- include: hostapd.yml
#### end network layout
- include_tasks: restart.yml
when: not installing
tags:
- network
- named
- dhcpd
- dnsmasq
- squid

52
roles/network/tasks/named.yml
View file

@ -19,9 +19,9 @@
- download
# or we have to change the serial number in the config files.
#- name: Stop named before copying files
# service: name={{ dns_service }} state=stopped
# when: not installing
- name: Stop named before copying files
service: name={{ dns_service }} state=stopped
when: not installing
- name: Set folder permission
file: path={{ item }}
@ -41,37 +41,37 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
- { src: 'named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
- { src: 'named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
- { src: 'named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
- { src: 'named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
- name: Substitute our unit file which uses $OPTIONS from sysconfig
template: src=named/{{ dns_service }}.service
template: src=roles/network/templates/named/{{ dns_service }}.service
dest=/etc/systemd/system/{{ dns_service }}.service
mode=0644
- name: The dns-jail redirect requires the named.blackhole,disabling recursion
# in named-iiab.conf, and the redirection of 404 error documents to /
template: src=named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
template: src=roles/network/templates/named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
when: dns_jail_enabled
- name: Separate enabling required for Debian

61
roles/network/tasks/restart.yml
View file

@ -1,45 +1,36 @@
# dhcpd service is restarted with NM dispatcher.d script
- name: Stop dhcpd
service: name=dhcpd
state=stopped
when: not dhcpd_enabled
- name: Stop named service
service: name={{ dns_service }}
state=stopped
when: not named_enabled
#- name: restart hostapd when wifi is present
# service: name=hostapd state=started
# when: iiab_wireless_lan_iface is defined and hostapd_enabled
- name: Start named service
service: name={{ dns_service }}
state=started
ignore_errors: True
when: named_enabled
register: dns_started
- name: Stop DansGuardian
service: name=dansguardian
state=stopped
when: not dansguardian_enabled and dansguardian_install
- name: Restart DansGuardian
service: name=dansguardian
state=restarted
when: dansguardian_enabled and dansguardian_install
when: named_enabled and named_install
- name: Stop Squid service
service: name={{ proxy }}
state=stopped
when: not squid_enabled and squid_install
when: squid_install
- name: Stop DansGuardian
service: name=dansguardian
state=stopped
when: dansguardian_install
- name: Restart DansGuardian - execpt Ubuntu which needs reboot to activate
service: name=dansguardian
state=restarted
when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 )
# Squid get re-loaded with dispatcher.d
- name: Restart Squid service
service: name={{ proxy }}
state=started
state=restarted
when: squid_enabled and squid_install
- name: Restart Wondershaper service
service: name=wondershaper
state=restarted
state=restarted
when: wondershaper_enabled
- name: Restart avahi service
@ -51,5 +42,23 @@
creates=/etc/sysconfig/olpc-scripts/setup.d/installed/gateway
when: iiab_network_mode == "Gateway"
- name: Waiting {{ hostapd_wait }} seconds for network to stablize
shell: sleep {{ hostapd_wait }}
- name: Run iptables
command: /usr/bin/iiab-gen-iptables
- name: Checking if wifi slave is active
shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l
when: iiab_wireless_lan_iface is defined and iiab_lan_iface == "br0" and hostapd_enabled
register: wifi_slave
- name: Restart hostapd if wifi slave is inactive
service: name=hostapd.service
state=restarted
when: wifi_slave.stdout is defined and hostapd_enabled and wifi_slave.stdout == 0
- name: dhcp_server may be affected - starting - user choice
service: name={{ dhcp_service2 }}
state=restarted
when: iiab_network_mode != "Appliance"

62
roles/network/tasks/rpi_debian.yml
View file

@ -21,6 +21,7 @@
- name: On upgrade from earlier IIAB versions, remove /etc/network/interfaces.d/br0
file: path=/etc/network/interfaces.d/br0
state=absent
when: iiab_lan_iface != "br0" and wan_ip == "dhcp"
- name: Default to 'LanController'
set_fact:
@ -33,19 +34,21 @@
- name: Supply our own dhcpcd.conf
template: dest=/etc/dhcpcd.conf
src=network/dhcpcd.conf
src=network/dhcpcd.conf.j2
when: iiab_lan_iface == "br0" or wan_ip != "dhcp"
- name: Copy the network config script
template: dest=/etc/network/interfaces.d/iiab
src=network/iiab.j2
src=network/systemd.j2
register: interface
when: iiab_lan_iface == "br0" or wan_ip != "dhcp"
- name: If this was a change, things need to shift
service: name=hostapd state=stopped
when: interface.changed
- name: dhcpd may be affected
service: name=bind9 state=stopped
- name: dhcpcd may be affected
service: name=dhcpcd state=stopped
when: interface.changed
- name: Tear down any bridge and start fresh
@ -63,52 +66,17 @@
ignore_errors: True
when: interface.changed
- name: Restart the networking service
- name: start up dhcpcd again
service: name=dhcpcd state=started
# now pick up denyinterfaces
- name: restart dhcpcd
service: name=dhcpcd state=restarted
- name: restart the networking service
service: name=networking state=restarted
when: interface.changed
- name: Start up hostapd again
service: name=hostapd state=started
when: interface.changed
- name: dhcpd may be affected
service: name=bind9 state=started
when: interface.changed
#create lan br0 if lan_controller or gateway
#create wan br0 if appliance
#allocate wlan0 under br0 in all cases
#allocate eth0 under br0 if appliance, alone if gateway
- name: Add location section to config file
ini_file: dest='{{ iiab_config_file }}'
section=network
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'gateway_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'gateway_ifcfg'
value: '{{ has_ifcfg_gw }}'
- option: 'detected_gateway'
value: '{{ discovered_wan_iface }}'
- option: 'prior_gateway'
value: '{{ device_gw2 }}'
- option: 'wireless_list_1'
value: '{{ wifi1 }}'
- option: 'wireless_list_2'
value: '{{ wifi2 }}'
- option: 'num_wifi_interfaces'
value: '{{ num_wifi_interfaces }}'
- option: 'discovered_wireless_iface'
value: '{{ discovered_wireless_iface }}'
- option: 'iiab_wireless_lan_iface'
value: '{{ iiab_wireless_lan_iface }}'
- option: 'num_lan_interfaces'
value: '{{ num_lan_interfaces }}'
- option: 'detected_lan'
value: '{{ discovered_lan_iface }}'
- option: 'static_wan'
value: '{{ gui_static_wan }}'

29
roles/network/tasks/squid.yml
View file

@ -7,6 +7,15 @@
tags:
- download
- name: Bigger hammer for Ubuntu
command: /etc/init.d/squid stop
when: is_ubuntu
- name: Stop Squid
service: name={{ proxy }}
state=stopped
when: not installing
- name: Create the Squid user
user: name={{ proxy_user }}
createhome=False
@ -19,32 +28,32 @@
group={{ item.group }}
mode={{ item.mode }}
with_items:
- src: 'squid/squid.sysconfig'
- src: 'roles/network/templates/squid/squid.sysconfig'
dest: '/etc/sysconfig/squid'
owner: 'root'
group: 'root'
mode: '0755'
- src: 'squid/sites.whitelist.txt'
- src: 'roles/network/templates/squid/sites.whitelist.txt'
dest: '/etc/{{ proxy }}/sites.whitelist.txt'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: 'squid/allowregex.rules'
- src: 'roles/network/templates/squid/allowregex.rules'
dest: '/etc/{{ proxy }}/allowregex.rules'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: 'squid/denyregex.rules'
- src: 'roles/network/templates/squid/denyregex.rules'
dest: '/etc/{{ proxy }}/denyregex.rules'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: 'squid/dstaddress.rules'
- src: 'roles/network/templates/squid/dstaddress.rules'
dest: '/etc/{{ proxy }}/dstaddress.rules'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: 'squid/iiab-httpcache.j2'
- src: 'roles/network/templates/squid/iiab-httpcache.j2'
dest: '/usr/bin/iiab-httpcache'
owner: 'root'
group: 'root'
@ -64,15 +73,9 @@
mode=0750
state=directory
- include: dansguardian.yml
- include_tasks: roles/network/tasks/dansguardian.yml
when: dansguardian_install
- name: Stop Squid
service: name={{ proxy }}
state=stopped
ignore_errors: yes
when: not installing
- name: Add Squid to service list
ini_file: dest='{{ service_filelist }}'
section={{ proxy }}

2
roles/network/tasks/static.yml
View file

@ -4,7 +4,7 @@
template: src=network/ifcfg-WAN.j2
dest=/etc/sysconfig/network-scripts/ifcfg-WAN
- include: NM.yml
- include_tasks: NM.yml
when: 'ansible_distribution_version <= "20" and wan_ip != "dhcp"'
- name: Re-read network config files

6
roles/network/tasks/wondershaper.yml
View file

@ -1,12 +1,12 @@
- name: Copy Wondershaper service script
template: backup=yes
src=wondershaper/wondershaper.service
src=roles/network/templates/wondershaper/wondershaper.service
dest=/etc/systemd/system/wondershaper.service
mode=0644
- name: Copy Wondershaper script
template: backup=yes
src=wondershaper/wondershaper.j2
src=roles/network/templates/wondershaper/wondershaper.j2
dest=/usr/bin/wondershaper
owner=root
group=root
@ -20,7 +20,7 @@
state=directory
- name: Copy Wondershaper config script
template: src=wondershaper/wondershaper.conf
template: src=roles/network/templates/wondershaper/wondershaper.conf
dest=/etc/conf.d/wondershaper.conf
owner=root
group=root

16
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -1,4 +1,5 @@
#!/bin/bash -x
source /etc/iiab/iiab.env
{% if is_debuntu %}
IPTABLES=/sbin/iptables
IPTABLES_DATA=/etc/iptables.up.rules
@ -6,8 +7,8 @@ IPTABLES_DATA=/etc/iptables.up.rules
IPTABLES=/usr/sbin/iptables
IPTABLES_DATA=/etc/sysconfig/iptables
{% endif %}
LANIF=`cat /etc/sysconfig/iiab_lan_device`
WANIF=`cat /etc/sysconfig/iiab_wan_device`
LANIF=$IIAB_LAN_DEVICE
WANIF=$IIAB_WAN_DEVICE
MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
clear_fw() {
@ -33,7 +34,7 @@ $IPTABLES -A INPUT -p tcp --dport 5984 -j DROP
$IPTABLES -A INPUT -p udp --dport 5984 -j DROP
}
if [ "x$WANIF" == "x" ] || [ "$MODE" == 'Appliance' ]; then
if [ "x$WANIF" == "xnone" ] || [ "$MODE" == 'Appliance' ]; then
clear_fw
# save the rule set
{% if is_debuntu %}
@ -57,6 +58,7 @@ calibre_port={{ calibre_port }}
kiwix_port={{ kiwix_port }}
kalite_server_port={{ kalite_server_port }}
block_DNS={{ block_DNS }}
captive_portal_enabled={{ captive_portal_enabled }}
echo "Lan is $lan and WAN is $wan"
#
@ -112,7 +114,13 @@ if [ "$block_DNS" == "True" ];then
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
fi
if [ -f /etc/sysconfig/xs_httpcache_on ]; then
if [ "$captive_portal_enabled" == "True" ];then
$IPTABLES -t mangle -N internet
$IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet
$IPTABLES -t mangle -A internet -j MARK --set-mark 99
$IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
elif [ "$HTTPCACHE_ON" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
fi

3
roles/network/templates/hostapd/hostapd.conf.j2
View file

@ -1,6 +1,7 @@
# Basic configuration
interface={{ iiab_wireless_lan_iface }}
interface={% if iiab_wireless_lan_iface is defined %}{{ iiab_wireless_lan_iface }}{% endif %}
ssid={{ host_ssid }}
channel={{ host_channel }}
{%if iiab_lan_iface == "br0" %}

34
roles/network/templates/network/dhcpcd.conf → roles/network/templates/network/dhcpcd.conf.j2
View file

@ -37,25 +37,21 @@ require dhcp_server_identifier
# Generate Stable Private IPv6 Addresses instead of hardware based ones
slaac private
# don't let dhcpcd mess with IIAB LAN
denyinterfaces br0 wlan0
# IIAB
denyinterfaces {% if iiab_wireless_lan_iface is defined %} {{ iiab_wireless_lan_iface }} {% endif %} {% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }} {% endif %}
# Example static IP configuration:
{% if gui_static_wan == true %}
interface {{ discovered_wan_iface }}
# strange that dhcpcd does not have a netmask option -- hardcode it FIXME
static ip_address={{ gui_static_wan_ip }}/24
static routers={{ gui_static_wan_gateway }}
domain_name_servers= {{ gui_static_wan_nameserver }}
#{% if iiab_lan_iface != "br0" %} {{ iiab_lan_iface }} {% endif %}
{% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %}
interface {{ iiab_lan_iface }}
static ip_address={{ lan_ip }}/19
static domain_name_servers=127.0.0.1
{% endif %}
# It is possible to fall back to a static IP if DHCP fails:
# define static profile
#profile static_eth0
#static ip_address=192.168.1.23/24
#static routers=192.168.1.1
#static domain_name_servers=192.168.1.1
# fallback to static profile on eth0
#interface eth0
#fallback static_eth0
# IIAB static IP configuration:
{% if wan_ip != "dhcp" %}
interface {{ iiab_wan_iface }}
static ip_address={{ wan_ip }}/24
static routers={{ wan_gateway }}
domain_name_servers= {{ wan_nameserver }}
{% endif %}

10
roles/network/templates/network/dnsmasq.service.rh Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=DNS caching server.
After=network.target
[Service]
ExecStart=/usr/sbin/dnsmasq -k
ExecStop=/bin/killall -9 dnsmasq
[Install]
WantedBy=multi-user.target

9
roles/network/templates/network/interfaces.j2
View file

@ -1,9 +0,0 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback

14
roles/network/templates/network/resolvconf.j2 Normal file
View file

@ -0,0 +1,14 @@
# Supplied by IIAB
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details
resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
name_servers=127.0.0.1
# Mirror the Debian package defaults for the below resolvers
# so that resolvconf integrates seemlessly.
dnsmasq_resolv=/var/run/dnsmasq/resolv.conf
pdnsd_conf=/etc/pdnsd.conf
unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf

14
roles/network/templates/network/rpi.j2 Normal file
View file

@ -0,0 +1,14 @@
# iiab_network_mode is {{ iiab_network_mode }}
# gui_desired_network_role is {{ gui_desired_network_role }}
{% if iiab_network_mode != "Appliance" %}
################# LANCONTROLLER ###################
auto br0
iface br0 inet manual
bridge_ports {% if iiab_wireless_lan_iface is defined %}{{ iiab_wireless_lan_iface }}{% endif %} {% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }}{% endif %}
bridge_maxwait 0
dns-nameservers 127.0.0.1
dns-search {{ iiab_domain }}
{% endif %}
{# end LANCONTROLLER #}

47
roles/network/templates/network/systemd.j2 Normal file
View file

@ -0,0 +1,47 @@
# iiab_network_mode is {{ iiab_network_mode }}
# gui_desired_network_role is {{ gui_desired_network_role }}
{% if iiab_network_mode != "Appliance" %}
################# LANCONTROLLER ###################
auto br0
{% if dhcpcd_result == "enabled" %}
iface br0 inet manual
{% else %}
iface br0 inet static
{% endif %}
bridge_ports {% if iiab_wireless_lan_iface is defined %}{{ iiab_wireless_lan_iface }} {% endif %}{% if iiab_wired_lan_iface is defined %}{{ iiab_wired_lan_iface }}{% endif %}
bridge_maxwait 0
{% if dhcpcd_result != "enabled" %}
address {{ lan_ip }}
netmask {{ lan_netmask }}
{% endif %}
dns-nameservers 127.0.0.1
dns-search {{ iiab_domain }}
{% endif %}
{# end LANCONTROLLER #}
{% if iiab_network_mode != "LanController" %}
################# GATEWAY or APPLIANCE #########################
# start dhcp clients
{% if dhcpcd_result == "enabled" or wan_in_interfaces %}
# client or user defined
{% endif %}
{% if dhcpcd_result != "enabled" and not wan_in_interfaces %}
#cover butt
auto {{ iiab_wan_iface }}
iface {{ iiab_wan_iface }} inet dhcp
{% endif %}
# end dhcp clients
# static wan
{% if wan_ip != "dhcp" and dhcpcd_result != "enabled" and wan_in_interfaces == "false" %}
auto {{ iiab_wan_iface }}
iface {{ iiab_wan_iface }} inet static
address {{ wan_ip }}
netmask {{ wan_netmask }}
gateway {{ wan_gateway }}
dns-nameservers 127.0.0.1 {{ wan_nameserver }}
dns-search {{ iiab_domain }}
{% endif %} {# end of static_wan #}
{% endif %} {# end of iiab_network_mode != LanController #}

2
roles/owncloud/tasks/main.yml
View file

@ -102,7 +102,7 @@
# Enable owncloud by copying template to httpd config
- include: owncloud_enabled.yml
- include_tasks: owncloud_enabled.yml
when: owncloud_enabled
- name: Add owncloud to service list

2
roles/rachel/tasks/main.yml
View file

@ -20,7 +20,7 @@
rachel_content_found: True
when: rachel_content.stat.exists == true
- include: rachel_enabled.yml
- include_tasks: rachel_enabled.yml
when: rachel_enabled and rachel_content_found
- name: Add rachel to service list

2
roles/sugar-stats/tasks/main.yml
View file

@ -38,7 +38,7 @@
enabled=no
when: not sugar_stats_enabled
- include: statistics-consolidation.yml
- include_tasks: statistics-consolidation.yml
- name: Add sugar-stats to service list
ini_file: dest='{{ service_filelist }}'

2
roles/teamviewer/tasks/main.yml
View file

@ -5,7 +5,7 @@
when: ansible_architecture == "armv7l" or not is_redhat
- name: Install Teamviewer if intel
include: install.yml
include_tasks: install.yml
when: teamviewer_install
- name: Add teamviewer to service list

2
roles/vnstat/tasks/main.yml
View file

@ -19,7 +19,7 @@
- name: Create database for LAN to collect vnStat data if not appliance config
shell: /usr/bin/vnstat -i {{ iiab_lan_iface }}
when: not iiab_lan_iface == ""
when: iiab_lan_iface is defined
- name: Start vnStat daemon via systemd
service: name=vnstat enabled=yes state=started

2
roles/wordpress/tasks/main.yml
View file

@ -1,3 +1,3 @@
- name: Include the install playbook
include: install.yml
include_tasks: install.yml
when: wordpress_install

14
runtags
View file

@ -1,16 +1,11 @@
#!/bin/bash
# running from a git repo
PLAYBOOK="iiab.yml"
INVENTORY="ansible_hosts"
# Pass cmdline options for ansible
if [ -f /etc/iiab/iiab.env ]
then
. /etc/iiab/iiab.env
cd $IIAB_DIR
fi
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log"
if [ ! -f $PLAYBOOK ]
then
echo "IIAB Playbook not found."
@ -41,8 +36,6 @@ do
fi
done
# echo $found
taglist=$1
if [ "$found" == "N" ]
@ -50,5 +43,4 @@ then
taglist="0-init,"$taglist
fi
export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log"
ansible-playbook -i ansible_hosts iiab.yml --connection=local --tags="""$taglist"""

8
scripts/ansible
View file

@ -10,13 +10,13 @@ if [ $(which ansible-playbook) ]; then
VER=`ansible --version|head -n 1|cut -f 2 -d " "`
GOOD_VER=`echo $VER | grep ^2.4`
# 2.2.0.0 -> 2.4.0 patching was not applied -just upgrade via pip
if [ $VER = "2.2.0.0" ]; then
if [ $GOOD_VER = "" ]; then
echo "Ansible $VER installed updating to 2.4.0"
pip install --upgrade ansible==2.4.0 --disable-pip-version-check
pip install --upgrade ansible==2.4.1 --disable-pip-version-check
exit 0
fi
# keep an eye out for 2.4.0.X in the future
if [ $VER = "2.4.0.0" ]; then
# keep an eye out for 2.4.1.X in the future
if [ $VER = "2.4.1.0" ]; then
echo "Ansible $VER installed exiting..."
exit 0
fi

13
scripts/local_facts.fact
View file

@ -41,13 +41,24 @@ else
XO_VERSION="none"
fi
# upgrades return found, clean installs return 0
# interruptions return last stage number recorded (1-9)
if [ -f /etc/iiab/iiab.env ]
then
STAGE=1
source /etc/iiab/iiab.env
STAGE=$STAGE
else
STAGE=0
fi
ANSIBLE_VERSION=$(ansible --version|head -n 1|cut -f 2 -d " ")
cat <<EOF
{"phplib_dir" : "$PHPLIB_DIR",
"stage" : "$STAGE",
"iiab_branch" : "$BRANCH",
"iiab_commit" : "$COMMIT",
"xo_model" : "$XO_VERSION",
"ansble_version" : "$ANSIBLE_VERSION",
"ansible_version" : "$ANSIBLE_VERSION",
"os" : "$OS",
"os_ver" : "$OS_VER"}

1
vars/centos-7.yml
View file

@ -12,6 +12,7 @@ smb_service: smb
nmb_service: nmb
systemctl_program: /usr/bin/systemctl
mysql_service: mariadb
dhcp_service: dhcpd
apache_log: /var/log/httpd/access_log
sshd_service: sshd
php_version: 7.0

1
vars/debian-9.yml
View file

@ -2,6 +2,7 @@ is_debuntu: True
is_debian: True
is_debian_9: True
dns_service: bind9
dhcp_service: isc-dhcp-server
dns_user: bind
proxy: squid
proxy_user: proxy

1
vars/raspbian-9.yml
View file

@ -5,6 +5,7 @@ rtc_id: ds3231
dns_service: bind9
dns_user: bind
dhcp_service: isc-dhcp-server
proxy: squid
proxy_user: proxy
apache_service: apache2

1
vars/ubuntu-16.yml
View file

@ -2,6 +2,7 @@ is_debuntu: True
is_ubuntu: True
dns_service: bind9
dns_user: bind
dhcp_service: isc-dhcp-server
proxy: squid
proxy_user: proxy
apache_service: apache2