diff --git a/iiab-network b/iiab-network index 9e24154be..863d04da7 100755 --- a/iiab-network +++ b/iiab-network @@ -24,7 +24,8 @@ then touch /etc/iiab/config_vars.yml fi -export ANSIBLE_LOG_PATH="$CWD/iiab-network.log" +Start=`date` +export ANSIBLE_LOG_PATH="$XSCE_DIR/iiab-network.log" ansible-playbook -i ansible_hosts iiab-network.yml --connection=local echo "" >> iiab-network.log ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log @@ -32,8 +33,12 @@ if [ ! "OS" == "debian" ]; then nmcli d >> iiab-network.log nmcli c >> iiab-network.log fi +echo "" >> iiab-network.log brctl show >> iiab-network.log -echo "run on:" >> iiab-network.log +echo "" >> iiab-network.log +echo "run start:" >> iiab-network.log +echo "$Start" >> iiab-network.log +echo "run end:" >> iiab-network.log date >> iiab-network.log echo "" >> iiab-network.log echo "" >> iiab-network.log diff --git a/roles/0-vars/defaults/main.yml b/roles/0-vars/defaults/main.yml new file mode 120000 index 000000000..b8fa87d4b --- /dev/null +++ b/roles/0-vars/defaults/main.yml @@ -0,0 +1 @@ +/opt/iiab/iiab/roles/1-prep/defaults/main.yml \ No newline at end of file diff --git a/roles/0-vars/tasks/main.yml b/roles/0-vars/tasks/main.yml new file mode 100644 index 000000000..63e84b40a --- /dev/null +++ b/roles/0-vars/tasks/main.yml @@ -0,0 +1,2 @@ +- include: roles/1-prep/tasks/computed_vars.yml +- include: roles/1-prep/tasks/detected_network.yml diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 25c7b6b31..4c42380cd 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -46,3 +46,12 @@ network_config_dir: /etc/network/interfaces.d iiab_network_mode: "Gateway" dns_jail_enabled: False services_externally_visible: False + +# following variables set for old apache,dhcpd,named usage +dhcpd_install: True +dhcpd_enabled: True +named_install: True +named_enabled: True +dnsmasq_install: True +dnsmasq_enabled: True +captive_portal_enabled: False diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 1ba1283d7..e5b3b096f 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -17,30 +17,28 @@ - name: LAN configured - 'Gateway' mode set_fact: iiab_network_mode: "Gateway" - when: 'iiab_lan_iface != "none" and iiab_wan_iface != "none"' + when: iiab_lan_iface != "none" and iiab_wan_iface != "none" - name: No LAN configured - non-dnsmasq set_fact: named_enabled: True dhcpd_enabled: False - dns_service2: "{{ dns_service }}" - when: iiab_lan_iface == "none" or user_lan_iface == "none" and dns_service!= "dnsmasq" -# when: iiab_lan_iface == "none" or user_lan_iface == "none" and not dnsmasq_enabled" + dhcp_service2: "dhcpd" + when: not dnsmasq_enabled and iiab_network_mode == "Appliance" - name: LAN configured - non-dnsmasq set_fact: named_enabled: True dhcpd_enabled: True - dns_service2: "{{ dns_service }}" - when: dns_service != "dnsmasq" and iiab_network_mode != "Appliance" -# when: not dnsmasq_enabled and iiab_network_mode != "Appliance" + dhcp_service2: "dhcpd" + when: not dnsmasq_enabled and iiab_network_mode != "Appliance" -#- name: LAN configured - dnsmasq -# set_fact: -# named_enabled: False -# dhcpd_enabled: False -# dns_service2: dnsmasq -# when: dnsmasq_enabled and iiab_network_mode != "Appliance" +- name: LAN configured - dnsmasq + set_fact: + named_enabled: False + dhcpd_enabled: False + dhcp_service2: "dnsmasq" + when: dnsmasq_install and dnsmasq_enabled and iiab_network_mode != "Appliance" - name: Add location section to config file ini_file: dest='{{ iiab_config_file }}' @@ -50,3 +48,7 @@ with_items: - option: 'iiab_network_mode_applied' value: '{{ iiab_network_mode }}' + - option: 'dhcp_service2' + value: '{{ dhcp_service2 }}' + - option: 'dnsmasq_enabled' + value: '{{ dnsmasq_enabled }}' diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 97346ac07..1f1c79e0e 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -44,13 +44,18 @@ service: name=hostapd state=stopped when: interface.changed -#- name: dhcpcd may be affected -# service: name=dhcpcd state=stopped -# when: interface.changed and dhcpcd_result == "enabled" +- name: bind may be affected + service: name={{ dns_service }} state=stopped + when: named_install and dnsmasq_enabled -- name: dns may be affected - service: name={{ dns_service2 }} state=stopped - when: interface.changed +# dhcpd_server release the interface +- name: dhcpd_server may be affected - stopping dhcpd + service: name=dhcpd state=stopped + when: dhcpd_install + +- name: dhcpd_server may be affected - stopping dnsmasq + service: name=dnsmasq state=stopped + when: dnsmasq_install - name: reload systemd shell: systemctl daemon-reload @@ -63,45 +68,3 @@ - name: restart the networking service service: name=networking state=restarted when: interface.changed - -- name: dns may be affected - service: name={{ dns_service2 }} state=started - when: interface.changed - -#create lan br0 if lan_controller or gateway -#create wan br0 if appliance -#allocate wlan0 under br0 in all cases -#allocate eth0 under br0 if appliance, alone if gateway - -- name: Add location section to config file - ini_file: dest='{{ iiab_config_file }}' - section=network - option='{{ item.option }}' - value='{{ item.value }}' - with_items: - - option: 'gateway_active' - value: '{{ gw_active }}' - - option: 'internet_available' - value: '{{ internet_available }}' - - option: 'gateway_ifcfg' - value: '{{ has_ifcfg_gw }}' - - option: 'detected_gateway' - value: '{{ discovered_wan_iface }}' - - option: 'prior_gateway' - value: '{{ device_gw2 }}' - - option: 'wireless_list_1' - value: '{{ wifi1 }}' - - option: 'wireless_list_2' - value: '{{ wifi2 }}' - - option: 'num_wifi_interfaces' - value: '{{ num_wifi_interfaces }}' - - option: 'discovered_wireless_iface' - value: '{{ discovered_wireless_iface }}' - - option: 'iiab_wireless_lan_iface' - value: '{{ iiab_wireless_lan_iface }}' - - option: 'num_lan_interfaces' - value: '{{ num_lan_interfaces }}' - - option: 'detected_lan' - value: '{{ discovered_lan_iface }}' - - option: 'static_wan' - value: '{{ gui_static_wan }}' diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml index b26ecf73c..4315ba0b5 100644 --- a/roles/network/tasks/dhcpd.yml +++ b/roles/network/tasks/dhcpd.yml @@ -15,6 +15,7 @@ - name: Create non-privileged user user: name=dhcpd createhome=no + when: is_debuntu - name: Configure dhcpd template: src={{ item.src }} diff --git a/roles/network/tasks/dnsmasq.yml b/roles/network/tasks/dnsmasq.yml new file mode 100644 index 000000000..4ffc09dea --- /dev/null +++ b/roles/network/tasks/dnsmasq.yml @@ -0,0 +1,12 @@ +- name: Install dnsmasq + package: name=dnsmasq state=present + +- name: Configure dhcpd + template: src={{ item.src }} + dest={{ item.dest }} + owner=root + group=root + mode={{ item.mode }} + with_items: + - { src: 'network/dnsmasq.service.rh', dest: '/etc/systemd/system/dnsmasq.service', mode: '0644' } + diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index e6e47cd48..4a950fecc 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -1,13 +1,13 @@ - name: Disable dhcpd service service: name=dhcpd enabled=no - when: not dhcpd_enabled + when: not dhcpd_enabled and dhcpd_install # service is restarted with NM dispatcher.d script - name: Enable dhcpd service service: name=dhcpd enabled=yes - when: dhcpd_enabled + when: dhcpd_enabled and dhcpd_install - name: Copy /etc/sysconfig/dhcpd file template: src={{ item.src }} @@ -17,7 +17,7 @@ mode={{ item.mode }} with_items: - { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' } - when: dhcpd_enabled + when: dhcpd_enabled and dhcpd_install - name: Copy named file template: src={{ item.src }} @@ -32,28 +32,26 @@ - name: Enable named service service: name={{ dns_service }} enabled=yes - when: named_enabled + when: named_enabled and named_install - name: Disable named service service: name={{ dns_service }} enabled=no - when: not named_enabled + when: not named_enabled and named_install -#- name: Enable dnsmasq -# service: name=dnsmasq -# enabled=no -# when: dnsmasq_enabled +- name: Disable dnsmasq + service: name=dnsmasq + enabled=no + when: not dnsmasq_enabled and dnsmasq_install -# copy config file -#- name: Supply dnsmasq.conf -# template: dest= -# src= -# when: dnsmasq_enabled +- name: dnsmasq copy config file to /etc + template: src=network/dnsmasq.conf dest=/etc/ + when: dnsmasq_enabled and dnsmasq_install -#- name: Enable dnsmasq -# service: name=dnsmasq -# enabled=yes -# when: dnsmasq_enabled +- name: Enable dnsmasq + service: name=dnsmasq + enabled=yes + when: dnsmasq_enabled and dnsmasq_install - name: Enable dansguardian service: name=dansguardian diff --git a/roles/network/tasks/ifcfg_mods.yml b/roles/network/tasks/ifcfg_mods.yml index 89b03a922..9c4023e42 100644 --- a/roles/network/tasks/ifcfg_mods.yml +++ b/roles/network/tasks/ifcfg_mods.yml @@ -24,6 +24,18 @@ with_items: - "{{ discovered_lan_iface }}" +- name: bind may be affected + service: name={{ dns_service }} state=stopped + when: named_install and dnsmasq_enabled + +- name: dhcpd_server may be affected - stopping dhcpd + service: name=dhcpd state=stopped + when: dhcpd_install + +- name: dhcpd_server may be affected - stopping dnsmasq + service: name=dnsmasq state=stopped + when: dnsmasq_install + - name: Stop the LAN/Bridge deleting iiab-LAN shell: nmcli con delete id iiab-LAN ignore_errors: True @@ -98,4 +110,5 @@ with_items: - "{{ lan_list_result.stdout_lines }}" -# testpoint confirm with 'nmcli c show' 'brctl show' +- name: dhcp_server may be affected - starting - user choice + service: name={{ dhcp_service2 }} state=started diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 9bb1763f2..39d48bcdf 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -56,11 +56,19 @@ tags: - named - network + when: named_install - include: dhcpd.yml tags: - dhcpd - network + when: dhcpd_install + +- include: dnsmasq.yml + tags: + - dnsmasq + - network + when: dnsmasq_install - include: squid.yml tags: @@ -92,6 +100,10 @@ - network - network-discover +- include: computed_services.yml + tags: + - network + # templates needed from above install section live here - include: enable_services.yml tags: @@ -130,10 +142,6 @@ #### end network layout #### start services -- include: computed_services.yml - tags: - - network - - include: restart.yml when: not installing tags: diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 4de5c37c4..5619721c7 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,28 +1,7 @@ -# dhcpd service is restarted with NM dispatcher.d script -- name: Stop dhcpd - service: name=dhcpd - state=stopped - when: not dhcpd_enabled - -# assume NM is not running -- name: Start dhcpd - service: name=dhcpd - state=started - when: dhcpd_enabled and is_debuntu - -- name: Stop named service - service: name={{ dns_service }} - state=stopped - when: not named_enabled - -#- name: Stop dnsmasq service -# service: name=dnsmasq -# state=stopped -# when: not dnsmasq_enabled - - name: Start named service - service: name={{ dns_service2 }} + service: name={{ dns_service }} state=started + when: named_enabled and named_install - name: Stop DansGuardian service: name=dansguardian diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index b26cd84f4..189989540 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -80,36 +80,3 @@ #create wan br0 if appliance #allocate wlan0 under br0 in all cases #allocate eth0 under br0 if appliance, alone if gateway - -- name: Add location section to config file - ini_file: dest='{{ iiab_config_file }}' - section=network - option='{{ item.option }}' - value='{{ item.value }}' - with_items: - - option: 'gateway_active' - value: '{{ gw_active }}' - - option: 'internet_available' - value: '{{ internet_available }}' - - option: 'gateway_ifcfg' - value: '{{ has_ifcfg_gw }}' - - option: 'detected_gateway' - value: '{{ discovered_wan_iface }}' - - option: 'prior_gateway' - value: '{{ device_gw2 }}' - - option: 'wireless_list_1' - value: '{{ wifi1 }}' - - option: 'wireless_list_2' - value: '{{ wifi2 }}' - - option: 'num_wifi_interfaces' - value: '{{ num_wifi_interfaces }}' - - option: 'discovered_wireless_iface' - value: '{{ discovered_wireless_iface }}' - - option: 'iiab_wireless_lan_iface' - value: '{{ iiab_wireless_lan_iface }}' - - option: 'num_lan_interfaces' - value: '{{ num_lan_interfaces }}' - - option: 'detected_lan' - value: '{{ discovered_lan_iface }}' - - option: 'static_wan' - value: '{{ gui_static_wan }}' diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index b45295883..63f3a20ff 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -57,6 +57,7 @@ calibre_port={{ calibre_port }} kiwix_port={{ kiwix_port }} kalite_server_port={{ kalite_server_port }} block_DNS={{ block_DNS }} +captive_portal_enabled={{ captive_portal_enabled }} echo "Lan is $lan and WAN is $wan" # @@ -112,7 +113,13 @@ if [ "$block_DNS" == "True" ];then $IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53 fi -if [ -f /etc/sysconfig/xs_httpcache_on ]; then +if [ "$captive_portal_enabled" == "True" ];then + $IPTABLES -t mangle -N internet + $IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet + $IPTABLES -t mangle -A internet -j MARK --set-mark 99 + $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }} + +elif [ -f /etc/sysconfig/xs_httpcache_on ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128 fi diff --git a/roles/network/templates/network/dnsmasq.service.rh b/roles/network/templates/network/dnsmasq.service.rh new file mode 100644 index 000000000..79b687f43 --- /dev/null +++ b/roles/network/templates/network/dnsmasq.service.rh @@ -0,0 +1,10 @@ +[Unit] +Description=DNS caching server. +After=network.target + +[Service] +ExecStart=/usr/sbin/dnsmasq -k +ExecStop=/bin/killall -9 dnsmasq + +[Install] +WantedBy=multi-user.target diff --git a/roles/network/templates/network/resolvconf.j2 b/roles/network/templates/network/resolvconf.j2 new file mode 100644 index 000000000..7a8d7461d --- /dev/null +++ b/roles/network/templates/network/resolvconf.j2 @@ -0,0 +1,14 @@ +# Supplied by IIAB +# Configuration for resolvconf(8) +# See resolvconf.conf(5) for details + +resolv_conf=/etc/resolv.conf +# If you run a local name server, you should uncomment the below line and +# configure your subscribers configuration files below. +name_servers=127.0.0.1 + +# Mirror the Debian package defaults for the below resolvers +# so that resolvconf integrates seemlessly. +dnsmasq_resolv=/var/run/dnsmasq/resolv.conf +pdnsd_conf=/etc/pdnsd.conf +unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf