From a32539ae818bf7c46324ca9016962152c1d0cbd2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 12 Apr 2021 00:00:50 -0500 Subject: [PATCH 01/11] Don't load legacy modules --- roles/network/templates/gateway/iiab-gen-iptables | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index f7ee6c7c9..80f7b60a5 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -86,14 +86,6 @@ elif [ "$ports_externally_visible" -lt 0 ] || [ "$ports_externally_visible" -gt exit 1 fi -#if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then -# Load iptables kernel modules -/sbin/modprobe ip_tables -/sbin/modprobe iptable_filter -/sbin/modprobe ip_conntrack -/sbin/modprobe iptable_nat -#fi - # Delete all existing firewall rules $IPTABLES -F $IPTABLES -t nat -F From 742405b1d37d724d6c7fccdf1f5e42dd5d7b9217 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 12 Apr 2021 09:21:51 -0500 Subject: [PATCH 02/11] use iiab.env as reference for state of iiab_gateway_enabled Opens up the posibility of gateway-on|off scripts like hotspot-on|off --- roles/network/templates/gateway/iiab-gen-iptables | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 80f7b60a5..1175157af 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -37,6 +37,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables source {{ iiab_env_file }} lan=$IIAB_LAN_DEVICE wan=$IIAB_WAN_DEVICE +iiab_gateway_enabled=$IIAB_GATEWAY_ENABLED echo -e "\nLAN: $lan" echo -e "WAN: $wan\n" #network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` @@ -49,7 +50,6 @@ gw_block_https={{ gw_block_https }} sshd_port={{ sshd_port }} #gui_wan= [no longer needed] gui_port={{ gui_port }} -iiab_gateway_enabled={{ iiab_gateway_enabled }} block_DNS={{ block_DNS }} azuracast_ports="{{ azuracast_port_range_prefix }}000:{{ azuracast_port_range_prefix }}100" From 1b8e6e4958850096ee1dbace22aa844a8718badc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 12 Apr 2021 10:31:23 -0500 Subject: [PATCH 03/11] move to runtime option from install time (via 1-prep) --- roles/network/tasks/restart.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index e169714d0..d70999290 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -53,11 +53,12 @@ name: avahi-daemon state: restarted -- name: Create gateway flag - shell: echo 1 > /etc/sysconfig/olpc-scripts/setup.d/installed/gateway - args: - creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway - when: iiab_network_mode == "Gateway" +- name: Record 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' in {{ iiab_env_file }} + lineinfile: + path: "{{ iiab_env_file }}" + regexp: '^IIAB_GATEWAY_ENABLED=*' + line: 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' + state: present #netplan de-configures pre-created bridged interfaces #- name: Reload netplan when Wifi is not gateway on Ubuntu 18+ From df5618c3a4d3b70b6445a61098db7f6d4bc071e8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 12 Apr 2021 10:45:31 -0500 Subject: [PATCH 04/11] grouping --- roles/network/tasks/computed_network.yml | 7 +++++++ roles/network/tasks/restart.yml | 7 ------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 61dda59ce..94f70833b 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -141,6 +141,13 @@ line: 'IIAB_LAN_DEVICE={{ iiab_lan_iface }}' state: present +- name: Record 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' in {{ iiab_env_file }} + lineinfile: + path: "{{ iiab_env_file }}" + regexp: '^IIAB_GATEWAY_ENABLED=*' + line: 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' + state: present + - name: Add 'computed_network' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index d70999290..3c1e1c793 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -53,13 +53,6 @@ name: avahi-daemon state: restarted -- name: Record 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' in {{ iiab_env_file }} - lineinfile: - path: "{{ iiab_env_file }}" - regexp: '^IIAB_GATEWAY_ENABLED=*' - line: 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' - state: present - #netplan de-configures pre-created bridged interfaces #- name: Reload netplan when Wifi is not gateway on Ubuntu 18+ # shell: netplan apply From 6aeaeed6ab512323421dda80d65d1299482d734f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 12 Apr 2021 12:10:45 -0500 Subject: [PATCH 05/11] helper scripts --- roles/network/tasks/enable_services.yml | 11 +++++++++++ roles/network/templates/gateway/iiab-internet-off | 3 +++ roles/network/templates/gateway/iiab-internet-on | 3 +++ 3 files changed, 17 insertions(+) create mode 100644 roles/network/templates/gateway/iiab-internet-off create mode 100644 roles/network/templates/gateway/iiab-internet-on diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 1ce2e06bf..d083e4690 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -205,6 +205,17 @@ group: root mode: 0755 +- name: Install iiab-internet-on|off + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0755 + with_items: + - { src: 'gateway/iiab-internet-on', dest: '/usr/bin/iiab-internet-on' } + - { src: 'gateway/iiab-internet-off', dest: '/usr/bin/iiab-internet-off' } + - name: Add 'squid' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off new file mode 100644 index 000000000..1ed48ae64 --- /dev/null +++ b/roles/network/templates/gateway/iiab-internet-off @@ -0,0 +1,3 @@ +#!/bin/bash +sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=False/" {{ iiab_env_file }} +/usr/bin/iiab-gen-iptables diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on new file mode 100644 index 000000000..63e7ac3ff --- /dev/null +++ b/roles/network/templates/gateway/iiab-internet-on @@ -0,0 +1,3 @@ +#!/bin/bash +sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=True/" {{ iiab_env_file }} +/usr/bin/iiab-gen-iptables From eeefe546e7f270c1afa74fd431e3513072a3b788 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Apr 2021 00:31:33 -0400 Subject: [PATCH 06/11] network/tasks/enable_services.yml: Install iiab-internet-on|off from template --- roles/network/tasks/enable_services.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index d083e4690..f6a1ac116 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -207,14 +207,14 @@ - name: Install iiab-internet-on|off template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: "{{ item }}" + dest: /usr/bin/ owner: root group: root mode: 0755 with_items: - - { src: 'gateway/iiab-internet-on', dest: '/usr/bin/iiab-internet-on' } - - { src: 'gateway/iiab-internet-off', dest: '/usr/bin/iiab-internet-off' } + - gateway/iiab-internet-on + - gateway/iiab-internet-off - name: Add 'squid' variable values to {{ iiab_ini_file }} ini_file: From 6a4e6bb2a9d71f4b464ed9c840c6f23f4b2b4684 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Apr 2021 00:37:44 -0400 Subject: [PATCH 07/11] Update iiab-internet-off --- roles/network/templates/gateway/iiab-internet-off | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off index 1ed48ae64..2f9aa6fd9 100644 --- a/roles/network/templates/gateway/iiab-internet-off +++ b/roles/network/templates/gateway/iiab-internet-off @@ -1,3 +1,10 @@ #!/bin/bash sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=False/" {{ iiab_env_file }} /usr/bin/iiab-gen-iptables + +cat << EOF +WARNING: If you want to _permanently_ change your IIAB's default behavior +(i.e. to specify whether student client devices should have Internet or not, +in general!) then modify variable 'iiab_gateway_enabled' in +/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' +EOF From c5bd0c909bdf3b26ff216a63f3c1b847c9134e77 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Apr 2021 00:38:38 -0400 Subject: [PATCH 08/11] Update iiab-internet-on --- roles/network/templates/gateway/iiab-internet-on | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on index 63e7ac3ff..ce4d507c3 100644 --- a/roles/network/templates/gateway/iiab-internet-on +++ b/roles/network/templates/gateway/iiab-internet-on @@ -1,3 +1,10 @@ #!/bin/bash sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=True/" {{ iiab_env_file }} /usr/bin/iiab-gen-iptables + +cat << EOF +WARNING: If you want to _permanently_ change your IIAB's default behavior +(i.e. to specify whether student client devices should have Internet or not, +in general!) then modify variable 'iiab_gateway_enabled' in +/etc/iiab/local_vars.yml — and finally run 'cd /opt/iiab/iiab ; ./iiab-network' +EOF From 1b2ccef0ce031b744f413b3398179ffa3ef1bb5d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Apr 2021 01:08:49 -0400 Subject: [PATCH 09/11] Update iiab-internet-off --- roles/network/templates/gateway/iiab-internet-off | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off index 2f9aa6fd9..0e3e73ac1 100644 --- a/roles/network/templates/gateway/iiab-internet-off +++ b/roles/network/templates/gateway/iiab-internet-off @@ -3,6 +3,7 @@ sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=False/" {{ iiab_env_fi /usr/bin/iiab-gen-iptables cat << EOF + WARNING: If you want to _permanently_ change your IIAB's default behavior (i.e. to specify whether student client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in From 593804f9d37d7d3e35cdd0583833fe44ddefe21e Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Apr 2021 01:09:09 -0400 Subject: [PATCH 10/11] Update iiab-internet-on --- roles/network/templates/gateway/iiab-internet-on | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on index ce4d507c3..23aadd8b1 100644 --- a/roles/network/templates/gateway/iiab-internet-on +++ b/roles/network/templates/gateway/iiab-internet-on @@ -3,6 +3,7 @@ sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=True/" {{ iiab_env_fil /usr/bin/iiab-gen-iptables cat << EOF + WARNING: If you want to _permanently_ change your IIAB's default behavior (i.e. to specify whether student client devices should have Internet or not, in general!) then modify variable 'iiab_gateway_enabled' in From 4f0c31969c3a2689dd0aa84516467cfd5e92eeeb Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 13 Apr 2021 02:12:05 -0400 Subject: [PATCH 11/11] scripts/ansible: recommend ansible-base 2.10.8 --- scripts/ansible | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index acab7932d..f9dcd5deb 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -9,7 +9,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.10.7 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.10.8 # Orig for 'yum install [rpm]' & XO laptops (pip install) # We install the latest 'ansible-base' from PPA, using an OS 'CODENAME' below: # https://launchpad.net/~ansible/+archive/ubuntu/ansible @@ -42,12 +42,12 @@ fi #apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv #ansible-galaxy collection install -r collections.yml -# TEMPORARILY USE ansible-base 2.10.7 (REMOVE W/ "pip3 uninstall ansible-base") -#pip3 install ansible-base==2.10.7 # Start new shell, so /usr/local/bin works +# TEMPORARILY USE ansible-base 2.10.8 (REMOVE W/ "pip3 uninstall ansible-base") +#pip3 install ansible-base==2.10.8 # Start new shell, so /usr/local/bin works -# TEMPORARILY USE ANSIBLE 2.9.19 (REMOVE IT WITH "pip uninstall ansible") +# TEMPORARILY USE ANSIBLE 2.9.20 (REMOVE IT WITH "pip uninstall ansible") #apt install python-pip -#pip install ansible==2.9.19 +#pip install ansible==2.9.20 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"