From 4079043456017586f54de57a1832ea0e0c4e7b16 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 10 Nov 2017 16:18:35 -0600 Subject: [PATCH 01/10] runtags failsafe - as iiab.yml references config_vars.yml --- runtags | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/runtags b/runtags index 45ee507e7..9c4de08a3 100755 --- a/runtags +++ b/runtags @@ -14,6 +14,11 @@ then exit fi +if [ ! -f /etc/iiab/config_vars.yml ]; then + mkdir -p /etc/iiab + echo "{}" > /etc/iiab/config_vars.yml +fi + tags=$(echo $1 | tr "," "\n") if [ "$tags" == "" ] From 7b5de542cfda1f0ea9a57ffb3e075bbe639dbdaf Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Nov 2017 00:24:29 -0600 Subject: [PATCH 02/10] don't run lan_list_result when 'Count LAN ifaces' is zero to quite down noisy log when detecting single interface --- roles/network/tasks/detected_network.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 2bc744d07..4f4bde631 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -92,23 +92,20 @@ ap_device: "{{ blacklist_wifi }}" when: blacklist_wifi is defined and discovered_wireless_iface != iiab_wan_iface and num_wifi_interfaces >= "2" -# LAN - pick non WAN's -- name: Create list of LAN (non WAN) ifaces - shell: ls /sys/class/net | grep -v -e wwlan -e ppp -e lo -e br0 -e tun -e {{ device_gw }} -e {{ ap_device }} - register: lan_list_result - ignore_errors: True - changed_when: false - - name: Count LAN ifaces shell: ls /sys/class/net | grep -v -e wwlan -e ppp -e lo -e br0 -e tun -e {{ device_gw }} -e {{ ap_device }} | wc -l register: num_lan_interfaces_result - ignore_errors: True - changed_when: false - name: Calculate number of LAN interfaces including WiFi set_fact: num_lan_interfaces: "{{ num_lan_interfaces_result.stdout|int }}" +# LAN - pick non WAN's +- name: Create list of LAN (non WAN) ifaces + shell: ls /sys/class/net | grep -v -e wwlan -e ppp -e lo -e br0 -e tun -e {{ device_gw }} -e {{ ap_device }} + when: num_lan_interfaces != 0 + register: lan_list_result + # If 2 interfaces found in gateway mode, with one wifi, declare other to be wan #- name: In gateway mode with one wifi adapter, the other is WAN # set_fact: @@ -122,7 +119,7 @@ - name: Set discovered_wired_iface fact if present set_fact: discovered_wired_iface: "{{ item|trim }}" - when: item|trim != discovered_wireless_iface + when: item|trim != discovered_wireless_iface and lan_list_result is defined with_items: - "{{ lan_list_result.stdout_lines }}" From f810e91322d6a09dd8b5255c708c5bdb9154f1ba Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Nov 2017 16:10:32 -0600 Subject: [PATCH 03/10] stopping named after install but during upgrades is a bad idea --- roles/network/tasks/named.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index bd5d1b4c1..be351cd23 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -21,7 +21,7 @@ # or we have to change the serial number in the config files. - name: Stop named before copying files service: name={{ dns_service }} state=stopped - when: not installing + when: first_run and is_debuntu - name: Set folder permission file: path={{ item }} From 051808957a9621256535a672c012dae776fec47c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Nov 2017 04:51:07 -0600 Subject: [PATCH 04/10] cleanup --- roles/0-init/tasks/computed_vars.yml | 221 ------------------ roles/0-init/tasks/first_run.yml | 6 + roles/0-init/tasks/fl.yml | 27 +++ roles/{2-common => 0-init}/tasks/iiab_ini.yml | 0 roles/0-init/tasks/main.yml | 2 +- roles/1-prep/tasks/iiab_ini.yml | 34 --- roles/1-prep/tasks/main.yml | 2 - roles/1-prep/tasks/prep.yml | 48 ---- roles/2-common/tasks/centos.yml | 17 +- roles/2-common/tasks/fedora.yml | 35 ++- roles/2-common/tasks/fl.yml | 68 ------ roles/2-common/tasks/hostname.yml | 4 - roles/2-common/tasks/main.yml | 18 +- roles/2-common/tasks/packages.yml | 56 +---- roles/2-common/tasks/prep.yml | 29 +++ .../templates/iiab-extra.repo | 0 .../templates/iiab-testing.repo | 0 .../templates/rpmfusion-free-updates.repo | 0 18 files changed, 109 insertions(+), 458 deletions(-) delete mode 100644 roles/0-init/tasks/computed_vars.yml create mode 100644 roles/0-init/tasks/first_run.yml create mode 100644 roles/0-init/tasks/fl.yml rename roles/{2-common => 0-init}/tasks/iiab_ini.yml (100%) delete mode 100755 roles/1-prep/tasks/iiab_ini.yml delete mode 100644 roles/1-prep/tasks/prep.yml delete mode 100644 roles/2-common/tasks/fl.yml create mode 100644 roles/2-common/tasks/prep.yml rename roles/{1-prep => 2-common}/templates/iiab-extra.repo (100%) rename roles/{1-prep => 2-common}/templates/iiab-testing.repo (100%) rename roles/{1-prep => 2-common}/templates/rpmfusion-free-updates.repo (100%) diff --git a/roles/0-init/tasks/computed_vars.yml b/roles/0-init/tasks/computed_vars.yml deleted file mode 100644 index 3063927ae..000000000 --- a/roles/0-init/tasks/computed_vars.yml +++ /dev/null @@ -1,221 +0,0 @@ -- name: re-read local_facts.facts from /etc/ansible/facts.d - setup: filter=ansible_local - -# set top level variables from local facts for convenience -- set_fact: - xo_model: '{{ ansible_local.local_facts.xo_model }}' - phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}' - iiab_stage: '{{ ansible_local.local_facts.stage }}' - -# Networking uses a different file for the rpi -- name: Discover if this is a rpi -- assume if so it is running raspbian - set_fact: - rpi_model: "rpi" - is_rpi: True - no_net_restart: True - when: ansible_local.local_facts.os == "raspbian" - -- name: Set exFAT enabled for XO laptops - set_fact: - exFAT_enabled: True - when: xo_model != "none" - -- name: set FQDN - set_fact: - iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" - FQDN_changed: False - -- name: FQDN changed - set_fact: - FQDN_changed: True - when: iiab_fqdn != ansible_fqdn - -- name: Now check FQDN - include_tasks: roles/2-common/tasks/hostname.yml - when: FQDN_changed - -# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate -- name: Finding gateway - set_fact: - discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" - iiab_wan_iface: "{{ discovered_wan_iface }}" - when: ansible_default_ipv4.gateway is defined - -- name: Verify gateway present - shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l - when: discovered_wan_iface != "none" - register: gw_active_test - -- name: Recording gateway response - set_fact: - gw_active: True - when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - -- name: Test for internet access - get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt - ignore_errors: True -# async: 10 -# poll: 2 - register: internet_access_test - -- name: Set internet_available true if wget succeeded - set_fact: - internet_available: True - when: not internet_access_test|failed and not disregard_network - -- name: Cleanup internet test file - file: path=/tmp/heart-beat.txt - state=absent - -# Put all computed vars here so derive properly from any prior var file -- name: If the TZ is not set in env, set it to UTC - set_fact: local_tz='UTC' - when: local_tz == "" - -- name: Set port 80 for Admin Console - set_fact: - gui_port: 80 - when: not adm_cons_force_ssl - -- name: Set port 443 for Admin Console - set_fact: - gui_port: 443 - when: adm_cons_force_ssl - -- name: Require MySQL to be on - set_fact: - mysql_install: True - mysql_enabled: True - -# we decided to enable mysql unconditionally -# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install - -# Commenting out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427 -# - name: Turn on mongodb if sugarizer enabled -# set_fact: -# mongodb_install: True -# mongodb_enabled: True -# when: sugarizer_enabled - -# There might be other db's -- name: Turn on PostgreSQL if Moodle or Pathagar enabled - set_fact: - postgresql_install: True - postgresql_enabled: True - when: moodle_enabled or pathagar_enabled - -- name: Turn on Docker if SchoolTool is to be installed - set_fact: - docker_install: True - docker_enabled: True - when: schooltool_enabled or schooltool_install - -- name: Set python_path for is_redhat - set_fact: - python_path: /usr/lib/python2.7/site-packages/ - when: is_redhat - -- name: Set python_path for is_debuntu - set_fact: - python_path: /usr/local/lib/python2.7/dist-packages/ - when: is_debuntu - -# for various reasons the mysql service can not be enabled on fedora 20, -# but 'mariadb', which is its real name can -# on fedora 18 we need to use 'mysqld' - -- name: Set mysqld_service to mariadb by default - set_fact: - mysql_service: mariadb - -- name: Set mysqld_service to mysqld for Fedora 18 - set_fact: - mysql_service: mysqld - no_NM_reload: True - is_F18: True - when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18" - -- name: Set mysql_service to mysql for Debian - set_fact: - mysql_service: mysql - when: is_debuntu - -# PLATFORM variables -- name: Fedora 20 - set_fact: - is_F20: True - when: ansible_distribution == "Fedora" and ansible_distribution_version == "20" - -- name: Fedora 21 - set_fact: - is_F21: True - when: ansible_distribution == "Fedora" and ansible_distribution_version == "21" - -- name: Fedora 22 - set_fact: - is_F22: True - when: ansible_distribution == "Fedora" and ansible_distribution_version == "22" - -- name: Fedora 23 - set_fact: - is_F23: True - when: ansible_distribution == "Fedora" and ansible_distribution_version == "23" - -- name: Fedora 24 - set_fact: - is_F24: True - when: ansible_distribution == "Fedora" and ansible_distribution_version == "24" - -- name: CentOS - set_fact: - is_CentOS: True - when: ansible_distribution == "CentOS" - -- name: add version section - ini_file: dest='{{ iiab_config_file }}' - section=runtime - option='{{ item.option }}' - value='{{ item.value }}' - with_items: - - option: 'iiab_stage' - value: '{{ iiab_stage }}' - - option: 'runtime_php' - value: '{{ phplib_dir }}' - - option: 'runtime_branch' - value: '{{ ansible_local.local_facts.iiab_branch }}' - - option: 'runtime_commit' - value: '{{ ansible_local.local_facts.iiab_commit }}' - - option: 'runtime_date' - value: '{{ ansible_date_time.iso8601 }}' - - option: 'ansible_version' - value: '{{ ansible_local.local_facts.ansible_version }}' - - option: 'kernel' - value: '{{ ansible_kernel }}' - - option: 'memory_mb' - value: '{{ ansible_memtotal_mb }}' - - option: 'swap_mb' - value: '{{ ansible_swaptotal_mb }}' - - option: 'product_id' - value: '{{ ansible_product_uuid }}' - - option: 'gw_active' - value: '{{ gw_active }}' - - option: 'internet_available' - value: '{{ internet_available }}' - - option: 'is_rpi' - value: '{{ is_rpi }}' - - option: 'first_run' - value: '{{ first_run }}' - - option: 'local_tz' - value: '{{ local_tz }}' - - option: 'FQDN_changed' - value: '{{ FQDN_changed }}' - -- name: STAGE 0 HAS COMPLETED ====================================== - ini_file: dest='{{ iiab_config_file }}' - section=runtime - option='{{ item.option }}' - value='{{ item.value }}' - with_items: - - option: 'is_VM' - value: 'yes' - when: is_VM is defined diff --git a/roles/0-init/tasks/first_run.yml b/roles/0-init/tasks/first_run.yml new file mode 100644 index 000000000..4248be004 --- /dev/null +++ b/roles/0-init/tasks/first_run.yml @@ -0,0 +1,6 @@ +- name: Write iiab_ini.yml for the first time + include_tasks: iiab_ini.yml + +- name: Create the directory structure for IIAB + include_tasks: fl.yml + diff --git a/roles/0-init/tasks/fl.yml b/roles/0-init/tasks/fl.yml new file mode 100644 index 000000000..3dd518df7 --- /dev/null +++ b/roles/0-init/tasks/fl.yml @@ -0,0 +1,27 @@ +- name: Create various library directories + file: path={{ item }} + owner=root + group=root + mode=0755 + state=directory + with_items: + - "{{ yum_packages_dir }}" + - "{{ pip_packages_dir }}" + - "{{ downloads_dir }}" + - /library/downloads/zims + - /library/downloads/rachel + - /library/working/zims + - /library/working/rachel + - "{{ iiab_zim_path }}/content" + - "{{ iiab_zim_path }}/index" + - "{{ doc_root }}/modules" + - "{{ doc_root }}/common/css" + - "{{ doc_root }}/common/js" + - "{{ doc_root }}/common/fonts" + - "{{ doc_root }}/common/html" + - "{{ doc_root }}/common/images" + - "{{ doc_root }}/common/assets" + - "{{ doc_root }}/common/services" + - /etc/sysconfig/olpc-scripts/ + - /etc/sysconfig/olpc-scripts/setup.d/installed/ + diff --git a/roles/2-common/tasks/iiab_ini.yml b/roles/0-init/tasks/iiab_ini.yml similarity index 100% rename from roles/2-common/tasks/iiab_ini.yml rename to roles/0-init/tasks/iiab_ini.yml diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 827e5c3a3..54a9ecd0c 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -12,7 +12,7 @@ # we need to inialize the ini file and only write the location and version sections once and only # once to preserve the install date and git hash. - name: Write iiab_ini.yml for the first time - include_tasks: roles/1-prep/tasks/iiab_ini.yml + include_tasks: first_run.yml when: first_run #- name: Loading computed_vars diff --git a/roles/1-prep/tasks/iiab_ini.yml b/roles/1-prep/tasks/iiab_ini.yml deleted file mode 100755 index a1b4cb046..000000000 --- a/roles/1-prep/tasks/iiab_ini.yml +++ /dev/null @@ -1,34 +0,0 @@ -# workaround for fact that auto create does not work on ini_file -- name: Create iiab config file - file: dest='{{ iiab_config_file }}' - state=touch - -- name: Add location section to config file - ini_file: dest='{{ iiab_config_file }}' - section=location - option='{{ item.option }}' - value='{{ item.value }}' - with_items: - - option: 'iiab_base' - value: '{{ iiab_base }}' - - option: 'iiab_dir' - value: '{{ iiab_dir }}' - -- name: add version section - ini_file: dest='{{ iiab_config_file }}' - section=version - option='{{ item.option }}' - value='{{ item.value }}' - with_items: - - option: 'distribution' - value: '{{ ansible_distribution }}' - - option: 'arch' - value: '{{ ansible_architecture }}' - - option: 'iiab_branch' - value: '{{ ansible_local.local_facts.iiab_branch }}' - - option: 'iiab_commit' - value: '{{ ansible_local.local_facts.iiab_commit }}' - - option: 'install_date' - value: '{{ ansible_date_time.iso8601 }}' - - option: 'install_xo' - value: '{{ xo_model }}' diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 05010b77a..84e210854 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -63,8 +63,6 @@ when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed ## DISCOVER PLATFORMS ###### -- include_tasks: prep.yml - # Put conditional actions for hardware platforms here - include_tasks: raspberry_pi_2.yml when: first_run and rpi_model != "none" diff --git a/roles/1-prep/tasks/prep.yml b/roles/1-prep/tasks/prep.yml deleted file mode 100644 index 43fdcbcb0..000000000 --- a/roles/1-prep/tasks/prep.yml +++ /dev/null @@ -1,48 +0,0 @@ -- name: Since f22, dnf has replaced yum, but ansible works with yum - command: dnf install -y yum - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 - -- name: Install iiab-extra repos - template: backup=yes - dest=/etc/yum.repos.d/iiab-extra.repo - src=iiab-extra.repo - owner=root - mode=0666 - when: is_redhat - -- name: Install iiab-testing repos - template: backup=yes - dest=/etc/yum.repos.d/iiab-testing.repo - src=iiab-testing.repo - owner=root - mode=0666 - when: is_redhat - -- name: Install rpmfusion-free-updates repo -- for exfat - template: dest=/etc/yum.repos.d/rpmfusion-free-updates.repo - src=rpmfusion-free-updates.repo - owner=root - mode=0666 - when: ansible_distribution == "Fedora" - -- name: Create /etc/iiab - file: path=/etc/iiab - owner=root - group=root - mode=0755 - state=directory - -- name: Set XO model - set_fact: - phplib_dir: '{{ ansible_local["local_facts"]["phplib_dir"] }}' - xo_model: '{{ ansible_local["local_facts"]["xo_model"] }}' - -- name: Install script to fully initialize network config, and/or collect data -# calling iiab-network-reset w/ snapshot name, stores info, but aborts reset -# intended as a convenience function for us - template: src=iiab-network-reset - dest=/usr/bin - owner=root - group=root - mode=0755 - diff --git a/roles/2-common/tasks/centos.yml b/roles/2-common/tasks/centos.yml index 5db9cbc68..f21bca607 100644 --- a/roles/2-common/tasks/centos.yml +++ b/roles/2-common/tasks/centos.yml @@ -7,12 +7,6 @@ option=keepcache value=1 -- name: Install epel-release for CentOS - package: name={{ item }} - state=present - with_items: - - epel-release - - name: Install IIAB repo for CentOS template: src={{ item }} dest=/etc/yum.repos.d/ owner=root group=root mode=0644 with_items: @@ -20,11 +14,6 @@ - li.nux.ro.repo - ansible.repo -#- name: Disable updating ansible on CentOS -# shell: sed -i -e '/^enabled=/a exclude=ansible' {{ item }} -# with_items: -# - /etc/yum.repos.d/CentOS-Base.repo -# - /etc/yum.repos.d/CentOS-CR.repo -# - /etc/yum.repos.d/CentOS-fasttrack.repo -# - /etc/yum.repos.d/CentOS-Vault.repo -# when: ansible_distribution == "CentOS" +- name: Install optional exFAT packages for CentOS + shell: yum --enablerepo=li-nux-ro install exfat-utils fuse-exfat + when: exFAT_enabled == "True" diff --git a/roles/2-common/tasks/fedora.yml b/roles/2-common/tasks/fedora.yml index 2060c19ff..f4921a311 100644 --- a/roles/2-common/tasks/fedora.yml +++ b/roles/2-common/tasks/fedora.yml @@ -4,20 +4,31 @@ option=keepcache value=1 +- name: Install rpmfusion-free-updates repo -- for exfat + template: dest=/etc/yum.repos.d/rpmfusion-free-updates.repo + src=rpmfusion-free-updates.repo + owner=root + group=root + mode=0666 + +- name: Install optional exFAT packages for Fedora + shell: yum --enablerepo=rpmfusion-free-updates install exfat-utils fuse-exfat + when: exFAT_enabled and is_F18 + +- name: Install yum deps for arm!!! + shell: dnf install -y python-urlgrabber pyxattr yum-metadata-parser + when: ansible_distribution == "Fedora" and ansible_machine == "armv7l" and ansible_distribution_version|int >= 22 + +- name: Install yum from Fedora 23 for arm!!! + shell: dnf install -y https://kojipkgs.fedoraproject.org//packages/yum/3.4.3/506.fc23/noarch/yum-3.4.3-506.fc23.noarch.rpm python-dnf + when: ansible_distribution == "Fedora" and ansible_machine == "armv7l" and ansible_distribution_version|int >= 22 + +- name: Install yum if it has been dropped from our distribution -- Fedora 22 uses dnf!!! + shell: dnf install -y yum + when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 and ansible_machine != "armv7l" + - name: Install Fedora specifc packages package: name={{ item }} state=present with_items: - mtd-utils - -- name: Install optional exFAT packages for Fedora - shell: yum --enablerepo=rpmfusion-free-updates install exfat-utils fuse-exfat - when: exFAT_enabled == "True" - -#- name: Disable updating ansible on Fedora -# shell: sed -i -e '/^enabled=/a exclude=ansible' {{ item }} -# with_items: -# - /etc/yum.repos.d/fedora.repo -# - /etc/yum.repos.d/fedora-updates.repo -# - /etc/yum.repos.d/fedora-updates-testing.repo -# when: ansible_distribution == "Fedora" diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml deleted file mode 100644 index 381566cb7..000000000 --- a/roles/2-common/tasks/fl.yml +++ /dev/null @@ -1,68 +0,0 @@ -- name: Create /opt/iiab/iiab - file: path={{ iiab_dir }} - owner=root - group=root - mode=0755 - state=directory - -- name: Create /opt/iiab/yum-packages - file: path={{ yum_packages_dir }} - owner=root - group=root - mode=0755 - state=directory - -- name: Create /opt/iiab/pip-packages - file: path={{ pip_packages_dir }} - owner=root - group=root - mode=0755 - state=directory - -- name: Create /opt/iiab/downloads - file: path={{ downloads_dir }} - owner=root - group=root - mode=0755 - state=directory - -- name: Create various library directories - file: path={{ item }} - owner=root - group=root - mode=0755 - state=directory - with_items: - - /library/downloads/zims - - /library/downloads/rachel - - /library/working/zims - - /library/working/rachel - - "{{ iiab_zim_path }}/content" - - "{{ iiab_zim_path }}/index" - - "{{ doc_root }}/modules" - -- name: Create directory for common packages - file: path={{ item }} - mode=0755 - owner=root - group=root - state=directory - with_items: - - "{{ doc_root }}/common/css" - - "{{ doc_root }}/common/js" - - "{{ doc_root }}/common/fonts" - - "{{ doc_root }}/common/html" - - "{{ doc_root }}/common/images" - - "{{ doc_root }}/common/assets" - - "{{ doc_root }}/common/services" - -- name: Create olpc-scripts directory - file: path={{ item }} - owner=root - group=root - mode=0755 - state=directory - with_items: - - /etc/sysconfig/olpc-scripts/ - - /etc/sysconfig/olpc-scripts/setup.d/installed/ - diff --git a/roles/2-common/tasks/hostname.yml b/roles/2-common/tasks/hostname.yml index 50c8d2167..2a09b0d2b 100644 --- a/roles/2-common/tasks/hostname.yml +++ b/roles/2-common/tasks/hostname.yml @@ -1,7 +1,3 @@ -- name: Create filesytem layout - include_tasks: roles/2-common/tasks/fl.yml - when: first_run - - name: Turn the crank for systemd shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" when: is_debuntu diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 06dacacbe..ad0604c0d 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -3,25 +3,23 @@ - name: ...IS BEGINNING ========================================== command: echo -#- include_tasks: iiab_ini.yml - -# create the directory structure for IIAB -#- include_tasks: fl.yml - -- include_tasks: xo.yml - when: xo_model != "none" or osbuilder is defined - -- include_tasks: roles/network/tasks/iptables.yml - - include_tasks: centos.yml when: ansible_distribution == "CentOS" - include_tasks: fedora.yml when: ansible_distribution == "Fedora" +- include_tasks: prep.yml + when: not is_debuntu + +- include_tasks: xo.yml + when: xo_model != "none" or osbuilder is defined + # the following installs common packages for both debian and fedora - include_tasks: packages.yml +- include_tasks: roles/network/tasks/iptables.yml + - sysctl: name=net.ipv4.ip_forward value=1 state=present - sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present - sysctl: name=net.ipv4.conf.default.accept_source_route value=0 state=present diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 83e029cbd..d9a9c95d7 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,31 +1,3 @@ -- name: Install yum deps for arm!!! - shell: dnf install -y python-urlgrabber pyxattr yum-metadata-parser - when: ansible_distribution == "Fedora" and ansible_machine == "armv7l" and ansible_distribution_version|int >= 22 - -- name: Install yum from Fedora 23 for arm!!! - shell: dnf install -y https://kojipkgs.fedoraproject.org//packages/yum/3.4.3/506.fc23/noarch/yum-3.4.3-506.fc23.noarch.rpm python-dnf - when: ansible_distribution == "Fedora" and ansible_machine == "armv7l" and ansible_distribution_version|int >= 22 - -- name: Install yum if it has been dropped from our distribution -- Fedora 22 uses dnf!!! - shell: dnf install -y yum - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 and ansible_machine != "armv7l" - -- name: Get the createrepo program (redhat) - package: name=createrepo - state=present - when: is_redhat - -- name: Create local repo (redhat) - shell: createrepo {{ yum_packages_dir }} - when: is_redhat - -- name: Install local repo file (redhat) - template: dest=/etc/yum.repos.d/iiab-local.repo - src=local.repo - owner=root - mode=0644 - when: is_redhat - - name: Install yum packages (redhat) package: name={{ item }} state=present @@ -107,15 +79,18 @@ - python-setuptools - python-virtualenv -- name: Update common packages (redhat) - package: name={{ item }} - state=latest - with_items: - - NetworkManager - - glibc # CVE-2015-7547 - - bash - - iptables - when: is_redhat +# instructions state to start with a fully updated system before starting, stop using +# ansible as a crutch for developers not following the directions and taking short-cuts + +#- name: Update common packages (not Debian) +# package: name={{ item }} +# state=latest +# with_items: +# - NetworkManager +# - glibc # CVE-2015-7547 +# - bash +# - iptables +# when: is_redhat - name: Update common packages (debuntu) package: name={{ item }} @@ -128,16 +103,9 @@ - exfat-utils when: is_debuntu -# instructions state to start with a fully updated system before starting, stop using -# ansible as a crutch for developers not following the directions and taking short-cuts - #- name: If version of Network manager has changed, subsequent nmcli commands will fail,restart now # service: name=NetworkManager # state=restarted # when: not installing # the above should use a handler - all reboots should wait until all # mods are preformed - -- name: Install optional exFAT packages for CentOS - shell: yum --enablerepo=li-nux-ro install exfat-utils fuse-exfat - when: exFAT_enabled == "True" and ansible_distribution == "CentOS" diff --git a/roles/2-common/tasks/prep.yml b/roles/2-common/tasks/prep.yml new file mode 100644 index 000000000..0116005e0 --- /dev/null +++ b/roles/2-common/tasks/prep.yml @@ -0,0 +1,29 @@ +- name: Install iiab-extra repos + template: backup=no + dest=/etc/yum.repos.d/iiab-extra.repo + src=iiab-extra.repo + owner=root + group=root + mode=0666 + +- name: Install iiab-testing repos + template: backup=no + dest=/etc/yum.repos.d/iiab-testing.repo + src=iiab-testing.repo + owner=root + group=root + mode=0666 + +- name: Get the createrepo program + package: name=createrepo + state=present + +- name: Install local repo file + template: dest=/etc/yum.repos.d/iiab-local.repo + src=local.repo + owner=root + group=root + mode=0644 + +- name: Create local repo + shell: createrepo {{ yum_packages_dir }} diff --git a/roles/1-prep/templates/iiab-extra.repo b/roles/2-common/templates/iiab-extra.repo similarity index 100% rename from roles/1-prep/templates/iiab-extra.repo rename to roles/2-common/templates/iiab-extra.repo diff --git a/roles/1-prep/templates/iiab-testing.repo b/roles/2-common/templates/iiab-testing.repo similarity index 100% rename from roles/1-prep/templates/iiab-testing.repo rename to roles/2-common/templates/iiab-testing.repo diff --git a/roles/1-prep/templates/rpmfusion-free-updates.repo b/roles/2-common/templates/rpmfusion-free-updates.repo similarity index 100% rename from roles/1-prep/templates/rpmfusion-free-updates.repo rename to roles/2-common/templates/rpmfusion-free-updates.repo From 0d5d494514e4ddaaa35991b3be1be9ab616e1124 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Nov 2017 06:11:15 -0600 Subject: [PATCH 05/10] iptables --- .../{network => 2-common}/tasks/iptables.yml | 5 +- roles/2-common/tasks/main.yml | 2 +- .../gateway => 2-common/templates}/iptables | 0 .../templates}/iptables-config | 0 roles/network/templates/gateway/check-LAN | 61 ------------------- 5 files changed, 3 insertions(+), 65 deletions(-) rename roles/{network => 2-common}/tasks/iptables.yml (81%) rename roles/{network/templates/gateway => 2-common/templates}/iptables (100%) rename roles/{network/templates/gateway => 2-common/templates}/iptables-config (100%) delete mode 100755 roles/network/templates/gateway/check-LAN diff --git a/roles/network/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml similarity index 81% rename from roles/network/tasks/iptables.yml rename to roles/2-common/tasks/iptables.yml index 0025fab99..eb3a27b1f 100644 --- a/roles/network/tasks/iptables.yml +++ b/roles/2-common/tasks/iptables.yml @@ -47,10 +47,9 @@ group='root' mode={{ item.2 }} with_items: - - { 0: 'roles/network/templates/gateway/iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' } - - { 0: 'roles/network/templates/gateway/check-LAN', 1: '/usr/bin/check-LAN', 2: '0755' } + - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' } - name: Install Debian config - template: src=roles/network/templates/gateway/iptables dest=/etc/network/if-pre-up.d/iptables + template: src=iptables dest=/etc/network/if-pre-up.d/iptables mode=0755 when: is_debuntu diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index ad0604c0d..8b8df2f2e 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -18,7 +18,7 @@ # the following installs common packages for both debian and fedora - include_tasks: packages.yml -- include_tasks: roles/network/tasks/iptables.yml +- include_tasks: iptables.yml - sysctl: name=net.ipv4.ip_forward value=1 state=present - sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present diff --git a/roles/network/templates/gateway/iptables b/roles/2-common/templates/iptables similarity index 100% rename from roles/network/templates/gateway/iptables rename to roles/2-common/templates/iptables diff --git a/roles/network/templates/gateway/iptables-config b/roles/2-common/templates/iptables-config similarity index 100% rename from roles/network/templates/gateway/iptables-config rename to roles/2-common/templates/iptables-config diff --git a/roles/network/templates/gateway/check-LAN b/roles/network/templates/gateway/check-LAN deleted file mode 100755 index 659f7590e..000000000 --- a/roles/network/templates/gateway/check-LAN +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash -run_detect(){ - logger "check-LAN: running reconfig" - cd /opt/schoolserver/iiab - /opt/schoolserver/iiab/runtags network > /dev/null - logger "check-LAN: completed reconfig" - exit 0 -} - -exit_clean(){ - logger "check-LAN: completed - nothing to do" - exit 0 -} - -logger "check-LAN: startup" - -if [ -f /etc/sysconfig/xs_lan_device ]; then - LAN_DEVICE=`cat /etc/sysconfig/xs_lan_device` - if [ "x$LAN_DEVICE" = "x" ]; then - logger "check-LAN: no lan expected" - exit_clean - else - if [ "$LAN_DEVICE" = "br0" ]; then - SLAVES=`egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* \ - | gawk -F'[-:]' '{print $3}'` - SLAVE_COUNT=`egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* \ - | wc | awk '{print $1}'` - - logger "check-LAN: looking for $SLAVE_COUNT slaves" - - while [ "$SLAVE_COUNT" > 1 ]; do - TEST_SLAVE=`brctl show | tail -n $[ $SLAVE_COUNT - 1 ] | awk '{print $1}'` - if [ "x$TEST_SLAVE" = "x" ]; then - logger "check-LAN: blank slave for number $SLAVE_COUNT" - run_detect - else - logger "check-LAN: slave number $SLAVE_COUNT $TEST_SLAVE present" - fi - SLAVE_COUNT="$[ $SLAVE_COUNT - 1 ]" - if [ "$SLAVE_COUNT" = 1 ]; then - TEST_SLAVE=`brctl show | grep br0 | awk '{print $4}'` - if [ "x$TEST_SLAVE" = "x" ]; then - logger "check-LAN: single blank slave for number $SLAVE_COUNT" - run_detect - else - logger "check-LAN: single slave number $SLAVE_COUNT $TEST_SLAVE present" - exit_clean - fi - fi - done - fi - LAN_IF=`ip -o addr | grep 172.18 | awk '{print $2}'` - if [ "$LAN_IF" = "$LAN_DEVICE" ]; then - logger "check-LAN: expected LAN matched $LAN_DEVICE" - exit_clean - fi - fi -else - logger "check-LAN: unconfigured" - exit_clean -fi From c08de05fbdd65f9fd36fdd721e260328b9c69248 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Nov 2017 06:44:00 -0600 Subject: [PATCH 06/10] shift FQDN --- roles/2-common/tasks/hostname.yml | 21 --------------------- roles/network/tasks/main.yml | 25 ++++++++++++++++++++++++- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/roles/2-common/tasks/hostname.yml b/roles/2-common/tasks/hostname.yml index 2a09b0d2b..4726ec306 100644 --- a/roles/2-common/tasks/hostname.yml +++ b/roles/2-common/tasks/hostname.yml @@ -18,27 +18,6 @@ group=root mode=0644 -- name: Configuring named - include_tasks: roles/network/tasks/named.yml - tags: - - named - - network - - domain - -- name: Configuring dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - tags: - - dhcpd - - network - - domain - -- name: Configuring Squid - include_tasks: roles/network/tasks/squid.yml - when: squid_install - tags: - - squid - - network - - name: Re-configuring httpd - not initial install include_tasks: roles/httpd/tasks/main.yml when: iiab_stage|int > 3 diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d52c088fc..dd80f1638 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -19,12 +19,35 @@ # when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"' ##### End static ip address info -- include_tasks: roles/network/tasks/wondershaper.yml +- include_tasks: wondershaper.yml tags: - wondershaper - network when: wondershaper_install +- name: Configuring named + include_tasks: named.yml + when: FQDN_changed + tags: + - named + - network + - domain + +- name: Configuring dhcpd + include_tasks: dhcpd.yml + when: FQDN_changed + tags: + - dhcpd + - network + - domain + +- name: Configuring Squid + include_tasks: squid.yml + when: squid_install and FQDN_changed + tags: + - squid + - network + - include_tasks: hosts.yml tags: - network From 8a2c560f5b605a84b147f23c5021c2f3cf05b50a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Nov 2017 16:13:03 -0600 Subject: [PATCH 07/10] Squid on the fly, loses some speed thou --- roles/network/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index dd80f1638..f87aa86a0 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -43,7 +43,7 @@ - name: Configuring Squid include_tasks: squid.yml - when: squid_install and FQDN_changed + when: squid_install tags: - squid - network From 5e38b47d041f3ca38b3a630b31a1cdadabf01838 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 10 Nov 2017 00:09:10 -0600 Subject: [PATCH 08/10] move proxy install option to 4-common --- roles/4-server-options/tasks/main.yml | 20 ++++++++++++++++++ roles/network/tasks/main.yml | 29 --------------------------- 2 files changed, 20 insertions(+), 29 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 95501679c..0b8ef0e10 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -15,6 +15,26 @@ when: openvpn_install tags: openvpn +- name: Configuring wondershaper + include_tasks: roles/network/tasks/wondershaper.yml + when: wondershaper_install + tags: wondershaper, network + +- name: Configuring named + include_tasks: roles/network/tasks/named.yml + when: FQDN_changed + tags: named, network, domain + +- name: Configuring dhcpd + include_tasks: roles/network/tasks/dhcpd.yml + when: FQDN_changed + tags: dhcpd, network, domain + +- name: Configuring Squid + include_tasks: roles/network/tasks/squid.yml + when: squid_install + tags: squid, network, domain + - name: NETWORK include_role: name: network diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index f87aa86a0..675dd805c 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -19,35 +19,6 @@ # when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"' ##### End static ip address info -- include_tasks: wondershaper.yml - tags: - - wondershaper - - network - when: wondershaper_install - -- name: Configuring named - include_tasks: named.yml - when: FQDN_changed - tags: - - named - - network - - domain - -- name: Configuring dhcpd - include_tasks: dhcpd.yml - when: FQDN_changed - tags: - - dhcpd - - network - - domain - -- name: Configuring Squid - include_tasks: squid.yml - when: squid_install - tags: - - squid - - network - - include_tasks: hosts.yml tags: - network From db2827a0ed67b292519c272373b4a78ed3823885 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 9 Nov 2017 15:11:57 -0600 Subject: [PATCH 09/10] removed unused templates & touchups --- roles/network/tasks/enable_services.yml | 1 - roles/network/tasks/squid.yml | 2 +- roles/network/templates/network/iiab_domain_name.j2 | 1 - roles/network/templates/network/iiab_lan_device.j2 | 3 --- roles/network/templates/network/iiab_wan_device.j2 | 3 --- 5 files changed, 1 insertion(+), 9 deletions(-) delete mode 100644 roles/network/templates/network/iiab_domain_name.j2 delete mode 100644 roles/network/templates/network/iiab_lan_device.j2 delete mode 100644 roles/network/templates/network/iiab_wan_device.j2 diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 25335401a..6e53c08cb 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -133,7 +133,6 @@ mode='0755' with_items: - { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' } - - { 0: 'gateway/check-LAN', 1: '/usr/bin/check-LAN' } - name: Add 'squid' to service list ini_file: dest='{{ service_filelist }}' diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 1bd9485d0..8082a94b3 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -73,7 +73,7 @@ mode=0750 state=directory -- include_tasks: roles/network/tasks/dansguardian.yml +- include_tasks: dansguardian.yml when: dansguardian_install - name: Add Squid to service list diff --git a/roles/network/templates/network/iiab_domain_name.j2 b/roles/network/templates/network/iiab_domain_name.j2 deleted file mode 100644 index 06e5288d8..000000000 --- a/roles/network/templates/network/iiab_domain_name.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ iiab_domain }} diff --git a/roles/network/templates/network/iiab_lan_device.j2 b/roles/network/templates/network/iiab_lan_device.j2 deleted file mode 100644 index 825b59a5f..000000000 --- a/roles/network/templates/network/iiab_lan_device.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% if iiab_lan_iface != "none" %} -{{ iiab_lan_iface }} -{% endif %} diff --git a/roles/network/templates/network/iiab_wan_device.j2 b/roles/network/templates/network/iiab_wan_device.j2 deleted file mode 100644 index 97e74768f..000000000 --- a/roles/network/templates/network/iiab_wan_device.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% if iiab_wan_iface != "none" %} -{{ iiab_wan_iface }} -{% endif %} From 405607c84561f75f4095a599e73d37bda8d553ef Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 12 Nov 2017 21:06:48 -0600 Subject: [PATCH 10/10] DG path - iiab_lan_iface tweeks --- roles/network/tasks/computed_network.yml | 2 +- roles/network/tasks/computed_services.yml | 2 +- roles/network/tasks/squid.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 1257ec34f..19cd1048a 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -122,7 +122,7 @@ - name: LAN configured - 'LanController' mode set_fact: iiab_network_mode: "LanController" - when: iiab_lan_iface != "" and iiab_wan_iface == "none" + when: iiab_lan_iface != "none" and iiab_wan_iface == "none" - name: LAN configured - 'Gateway' mode set_fact: diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index d8831fd2d..1523e5ce1 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -12,7 +12,7 @@ squid_enabled: False wondershaper_enabled: False iiab_network_mode: "LanController" - when: iiab_lan_iface != "" and iiab_wan_iface == "none" + when: iiab_lan_iface != "none" and iiab_wan_iface == "none" - name: LAN configured - 'Gateway' mode set_fact: diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 8082a94b3..1bd9485d0 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -73,7 +73,7 @@ mode=0750 state=directory -- include_tasks: dansguardian.yml +- include_tasks: roles/network/tasks/dansguardian.yml when: dansguardian_install - name: Add Squid to service list