diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 61dda59ce..94f70833b 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -141,6 +141,13 @@ line: 'IIAB_LAN_DEVICE={{ iiab_lan_iface }}' state: present +- name: Record 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' in {{ iiab_env_file }} + lineinfile: + path: "{{ iiab_env_file }}" + regexp: '^IIAB_GATEWAY_ENABLED=*' + line: 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' + state: present + - name: Add 'computed_network' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 1ce2e06bf..f6a1ac116 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -205,6 +205,17 @@ group: root mode: 0755 +- name: Install iiab-internet-on|off + template: + src: "{{ item }}" + dest: /usr/bin/ + owner: root + group: root + mode: 0755 + with_items: + - gateway/iiab-internet-on + - gateway/iiab-internet-off + - name: Add 'squid' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index e169714d0..3c1e1c793 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -53,12 +53,6 @@ name: avahi-daemon state: restarted -- name: Create gateway flag - shell: echo 1 > /etc/sysconfig/olpc-scripts/setup.d/installed/gateway - args: - creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway - when: iiab_network_mode == "Gateway" - #netplan de-configures pre-created bridged interfaces #- name: Reload netplan when Wifi is not gateway on Ubuntu 18+ # shell: netplan apply diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index f7ee6c7c9..1175157af 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -37,6 +37,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables source {{ iiab_env_file }} lan=$IIAB_LAN_DEVICE wan=$IIAB_WAN_DEVICE +iiab_gateway_enabled=$IIAB_GATEWAY_ENABLED echo -e "\nLAN: $lan" echo -e "WAN: $wan\n" #network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` @@ -49,7 +50,6 @@ gw_block_https={{ gw_block_https }} sshd_port={{ sshd_port }} #gui_wan= [no longer needed] gui_port={{ gui_port }} -iiab_gateway_enabled={{ iiab_gateway_enabled }} block_DNS={{ block_DNS }} azuracast_ports="{{ azuracast_port_range_prefix }}000:{{ azuracast_port_range_prefix }}100" @@ -86,14 +86,6 @@ elif [ "$ports_externally_visible" -lt 0 ] || [ "$ports_externally_visible" -gt exit 1 fi -#if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then -# Load iptables kernel modules -/sbin/modprobe ip_tables -/sbin/modprobe iptable_filter -/sbin/modprobe ip_conntrack -/sbin/modprobe iptable_nat -#fi - # Delete all existing firewall rules $IPTABLES -F $IPTABLES -t nat -F diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off new file mode 100644 index 000000000..0e3e73ac1 --- /dev/null +++ b/roles/network/templates/gateway/iiab-internet-off @@ -0,0 +1,11 @@ +#!/bin/bash +sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=False/" {{ iiab_env_file }} +/usr/bin/iiab-gen-iptables + +cat << EOF + +WARNING: If you want to _permanently_ change your IIAB's default behavior +(i.e. to specify whether student client devices should have Internet or not, +in general!) then modify variable 'iiab_gateway_enabled' in +/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' +EOF diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on new file mode 100644 index 000000000..23aadd8b1 --- /dev/null +++ b/roles/network/templates/gateway/iiab-internet-on @@ -0,0 +1,11 @@ +#!/bin/bash +sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=True/" {{ iiab_env_file }} +/usr/bin/iiab-gen-iptables + +cat << EOF + +WARNING: If you want to _permanently_ change your IIAB's default behavior +(i.e. to specify whether student client devices should have Internet or not, +in general!) then modify variable 'iiab_gateway_enabled' in +/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' +EOF diff --git a/scripts/ansible b/scripts/ansible index acab7932d..f9dcd5deb 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -9,7 +9,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.10.7 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.10.8 # Orig for 'yum install [rpm]' & XO laptops (pip install) # We install the latest 'ansible-base' from PPA, using an OS 'CODENAME' below: # https://launchpad.net/~ansible/+archive/ubuntu/ansible @@ -42,12 +42,12 @@ fi #apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv #ansible-galaxy collection install -r collections.yml -# TEMPORARILY USE ansible-base 2.10.7 (REMOVE W/ "pip3 uninstall ansible-base") -#pip3 install ansible-base==2.10.7 # Start new shell, so /usr/local/bin works +# TEMPORARILY USE ansible-base 2.10.8 (REMOVE W/ "pip3 uninstall ansible-base") +#pip3 install ansible-base==2.10.8 # Start new shell, so /usr/local/bin works -# TEMPORARILY USE ANSIBLE 2.9.19 (REMOVE IT WITH "pip uninstall ansible") +# TEMPORARILY USE ANSIBLE 2.9.20 (REMOVE IT WITH "pip uninstall ansible") #apt install python-pip -#pip install ansible==2.9.19 +#pip install ansible==2.9.20 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"