From 7e79d691fcf5734a829863285c8967ed635c942c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 May 2020 23:06:18 -0500 Subject: [PATCH 01/16] install and start dnsmasq early - add option to set upstream dns server --- roles/1-prep/tasks/main.yml | 3 +++ roles/3-base-server/tasks/main.yml | 6 ------ roles/network/tasks/dnsmasq.yml | 4 +++- roles/network/templates/network/dnsmasq-iiab | 6 ++++++ vars/default_vars.yml | 6 +++--- 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 8c94303b5..ca432836f 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,6 +3,9 @@ - name: ...IS BEGINNING ============================================ command: echo +- name: dnsmasq (install now, configure LATER in 'network', after Stage 9) + include_tasks: roles/network/tasks/dnsmasq.yml + - name: Install uuid-runtime package (debuntu) package: name: diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 83a06d30a..e56b33f2d 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -21,12 +21,6 @@ - name: WWW_BASE (WWW_OPTIONS should be installed later) include_role: name: www_base - #when: www_base_install | bool - #when: apache_install or nginx_install - -- name: dnsmasq (install now, configure LATER in 'network', after Stage 9) - include_tasks: roles/network/tasks/dnsmasq.yml - when: dnsmasq_install | bool - name: Recording STAGE 3 HAS COMPLETED ===================== lineinfile: diff --git a/roles/network/tasks/dnsmasq.yml b/roles/network/tasks/dnsmasq.yml index 4b7d73a9c..2678650ae 100644 --- a/roles/network/tasks/dnsmasq.yml +++ b/roles/network/tasks/dnsmasq.yml @@ -14,7 +14,9 @@ - { src: 'roles/network/templates/network/dnsmasq.service.u18', dest: '/etc/systemd/system/iiab-dnsmasq.service', mode: '0644' } - { src: 'roles/network/templates/network/dnsmasq-iiab', dest: '/etc/dnsmasq.d/dnsmasq-iiab', mode: '644' } -- name: Don't use stock dnsmasq systemd unit file during boot +- name: Don't use stock dnsmasq systemd unit file during boot but start now systemd: name: dnsmasq + daemon_reload: yes enabled: no + state: restarted diff --git a/roles/network/templates/network/dnsmasq-iiab b/roles/network/templates/network/dnsmasq-iiab index 4173a2823..ecefeb359 100644 --- a/roles/network/templates/network/dnsmasq-iiab +++ b/roles/network/templates/network/dnsmasq-iiab @@ -1 +1,7 @@ +#IIAB bind-interfaces +# Wan nameserver if manually set +{% if wan_nameserver != "" %} +no-resolv +server={{ wan_nameserver }} +{% endif %} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9d3875dac..0c190e6ab 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -177,14 +177,14 @@ user_wan_iface: auto user_lan_iface: auto # Ethernet - IF NECESSARY, CUSTOMIZE THESE 4+1 VARS IN /etc/iiab/local_vars.yml +# Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -wan_nameserver: # wan_nameserver: 192.168.1.254 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems -# Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf - +# Can be set to override the isp provided dns servers when on a dhcp network. +wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 # Parameters for Aggregate Roles # Each Role should have the following variables which are either True or False: From c88312428f193003ab2a72dc925599c1c4a82ef2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 May 2020 23:46:24 -0500 Subject: [PATCH 02/16] settable at runtime --- roles/network/tasks/enable_services.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 60d28a9f4..762755be3 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -60,6 +60,12 @@ dest: /etc/hosts.dnsmasq when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") +- name: Update /etc/dnsmasq.d/dnsmasq-iiab for custom dns setting + template: + src: network/dnsmasq-iiab + dest: /etc/dnsmasq.d/dnsmasq-iiab + when: dnsmasq_install + ## Another way to skin the cat ##- name: Check if systemd service networkd-dispatcher is enabled ## systemd: From efc28556abdf7c7b472e0aa9f198dcd348d12187 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 8 May 2020 23:59:10 -0500 Subject: [PATCH 03/16] remove stale note --- roles/network/templates/network/dnsmasq.conf.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index edf3ae9e6..782f38049 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -1,7 +1,5 @@ # Never forward addresses in the non-routed address spaces. bogus-priv -# Add other name servers here, with domain specs if they are for non-public domains. -#server=/{{ iiab_domain }}/{{ iiab_hostname }} # Add local-only domains here, queries in these domains are answered from /etc/hosts or DHCP only. local=/{{ iiab_domain }}/ {% if dns_jail_enabled %} From 8663cb59ff915c2d8c2e18364795f386face6a3f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 18:06:22 -0400 Subject: [PATCH 04/16] Update default_vars.yml --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f7cbe22f1..a661531b0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -177,9 +177,9 @@ user_lan_iface: auto wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 +# Can be set to override ISP-provided DNS servers when on a DHCP network: +wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems -# Can be set to override the isp provided dns servers when on a dhcp network. -wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 # Parameters for Aggregate Roles # Each Role should have the following variables which are either True or False: From b3610ff7b4809ca7dca69b8cf41f887e331ee5c0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 18:07:10 -0400 Subject: [PATCH 05/16] Update local_vars_min.yml --- vars/local_vars_min.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 94ee0ca63..a77d20272 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -54,7 +54,8 @@ wifi_up_down: True # Creates a 2nd virtual wifi adapter for upstream WiFi wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -wan_nameserver: # wan_nameserver: 192.168.1.254 +# Can be set to override ISP-provided DNS servers when on a DHCP network: +wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems # Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite From f852ce23e38b2edd56162674f762890438b49a6b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 18:07:45 -0400 Subject: [PATCH 06/16] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0e153a37d..20afec8c0 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -54,7 +54,8 @@ wifi_up_down: True # Creates a 2nd virtual wifi adapter for upstream WiFi wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -wan_nameserver: # wan_nameserver: 192.168.1.254 +# Can be set to override ISP-provided DNS servers when on a DHCP network: +wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems # Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite From 27bb626cdd69b4f8710a12639b6e061194fa4666 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 18:08:13 -0400 Subject: [PATCH 07/16] Update local_vars_big.yml --- vars/local_vars_big.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 6f839df17..4a55dcf36 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -54,7 +54,8 @@ wifi_up_down: True # Creates a 2nd virtual wifi adapter for upstream WiFi wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -wan_nameserver: # wan_nameserver: 192.168.1.254 +# Can be set to override ISP-provided DNS servers when on a DHCP network: +wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems # Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite From a0043892b132d96a0ed509a6b1d5a3dee4594db5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 18:52:50 -0400 Subject: [PATCH 08/16] Update default_vars.yml --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a661531b0..3a5761c93 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -171,15 +171,15 @@ wondershaper_enabled: False user_wan_iface: auto user_lan_iface: auto -# Ethernet - IF NECESSARY, CUSTOMIZE THESE 4+1 VARS IN /etc/iiab/local_vars.yml -# Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO +# Ethernet - IF NECESSARY, CUSTOMIZE THESE 4+1 VARS IN /etc/iiab/local_vars.yml wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # Can be set to override ISP-provided DNS servers when on a DHCP network: wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems +# Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf # Parameters for Aggregate Roles # Each Role should have the following variables which are either True or False: From 0e72a20a2b988248b47d235fbb70d4a2da95342a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 19:47:14 -0400 Subject: [PATCH 09/16] Update default_vars.yml --- vars/default_vars.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3a5761c93..cec3e1d08 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -176,7 +176,11 @@ user_lan_iface: auto wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -# Can be set to override ISP-provided DNS servers when on a DHCP network: +# If nec dnsmasq can override ISP-provided DNS servers: +# /etc/resolv.conf dictates which backend is used for the machine itself, so +# 127.0.0.1 means you get dnsmasq (so it works right away on Raspbian) while +# 127.0.0.53 gives you systemd-networkd (so Ubuntu is NOT using the dnsmasq +# setting for lookups, but LAN clients use the dnsmasq-specified upstream DNS). wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems # Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf From 861e4d49fae8905ae77cb136c1566b767e8ef08d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 19:57:18 -0400 Subject: [PATCH 10/16] Update default_vars.yml --- vars/default_vars.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index cec3e1d08..6686971e2 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -176,11 +176,11 @@ user_lan_iface: auto wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -# If nec dnsmasq can override ISP-provided DNS servers: -# /etc/resolv.conf dictates which backend is used for the machine itself, so +# If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: +# /etc/resolv.conf dictates which backend is used for the machine itself, so # 127.0.0.1 means you get dnsmasq (so it works right away on Raspbian) while -# 127.0.0.53 gives you systemd-networkd (so Ubuntu is NOT using the dnsmasq -# setting for lookups, but LAN clients use the dnsmasq-specified upstream DNS). +# 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this +# dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems # Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf From 8c9ff7c90f855f84d497edd1211daa7a0335f5d5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 19:59:11 -0400 Subject: [PATCH 11/16] Update local_vars_min.yml --- vars/local_vars_min.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index a77d20272..bb6f8ddcc 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -54,7 +54,11 @@ wifi_up_down: True # Creates a 2nd virtual wifi adapter for upstream WiFi wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -# Can be set to override ISP-provided DNS servers when on a DHCP network: +# If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: +# /etc/resolv.conf dictates which backend is used for the machine itself, so +# 127.0.0.1 means you get dnsmasq (so it works right away on Raspbian) while +# 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this +# dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems From e08e6d55927af7e9e54cc74074a6ae8c6830e482 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 19:59:22 -0400 Subject: [PATCH 12/16] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 20afec8c0..5a3bb51c0 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -54,7 +54,11 @@ wifi_up_down: True # Creates a 2nd virtual wifi adapter for upstream WiFi wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -# Can be set to override ISP-provided DNS servers when on a DHCP network: +# If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: +# /etc/resolv.conf dictates which backend is used for the machine itself, so +# 127.0.0.1 means you get dnsmasq (so it works right away on Raspbian) while +# 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this +# dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems From e6b16f5180e0ae0a74990cf1c789f75cdf4d4821 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 19:59:31 -0400 Subject: [PATCH 13/16] Update local_vars_big.yml --- vars/local_vars_big.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 4a55dcf36..f03702059 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -54,7 +54,11 @@ wifi_up_down: True # Creates a 2nd virtual wifi adapter for upstream WiFi wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 -# Can be set to override ISP-provided DNS servers when on a DHCP network: +# If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: +# /etc/resolv.conf dictates which backend is used for the machine itself, so +# 127.0.0.1 means you get dnsmasq (so it works right away on Raspbian) while +# 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this +# dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems From f3b77205c842ceb696041a3dce80e05a4ba9be5f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 9 May 2020 20:06:53 -0400 Subject: [PATCH 14/16] Fix for #2399 --- roles/nextcloud/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index b72566dea..9fb31c593 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -44,8 +44,8 @@ nextcloud_dbpassword: nextcloudmysql nextcloud_admin_user: 'Admin' nextcloud_admin_password: 'changeme' -# 2019-09-04: UNUSED (due to changes in roles/nextcloud/templates/nextcloud.conf.j2) -# nextcloud_required_ip: 10.0.0.0/8 192.168.0.0/16 +# 2020-05-09: Not functional but still templated by templates/nextcloud.conf.j2 +nextcloud_required_ip: 10.0.0.0/8 192.168.0.0/16 # 2020-02-15: UNUSED at the time. Legacy remains from Apache: # nextcloud_allow_public_ips: True From 0d0747907051551338fc1f1c1fa734343d57fdf5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 10 May 2020 14:22:58 -0400 Subject: [PATCH 15/16] 1-prep: #when: dnsmasq_install | bool --- roles/1-prep/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index ca432836f..bbb87c8cb 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -5,6 +5,7 @@ - name: dnsmasq (install now, configure LATER in 'network', after Stage 9) include_tasks: roles/network/tasks/dnsmasq.yml + #when: dnsmasq_install | bool - name: Install uuid-runtime package (debuntu) package: From 39b557b94c1fe4f918b727f167d4c1c3b13244bb Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 10 May 2020 14:25:08 -0400 Subject: [PATCH 16/16] Update enable_services.yml --- roles/network/tasks/enable_services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 762755be3..c52809960 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -64,7 +64,7 @@ template: src: network/dnsmasq-iiab dest: /etc/dnsmasq.d/dnsmasq-iiab - when: dnsmasq_install + when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? ## Another way to skin the cat ##- name: Check if systemd service networkd-dispatcher is enabled