diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 3d323b3cc..427380929 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -1,3 +1,8 @@ +- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" + set_fact: + iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" + FQDN_changed: False + - name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ? stat: path: /etc/cloud/cloud.cfg @@ -17,16 +22,7 @@ # 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904) # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" -#- name: Install /etc/sysconfig/network from template (redhat) -# template: -# src: roles/network/templates/network/sysconfig.network.j2 -# dest: /etc/sysconfig/network -# owner: root -# group: root -# mode: 0644 -# when: is_redhat - -# roles/network/tasks/hosts.yml [no longer in use] ALSO did this: +# should the first entry match just hostname and domain move to after localhost? - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' lineinfile: path: /etc/hosts @@ -36,6 +32,14 @@ #group: root #mode: 0644 +# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is +# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it +# should be reconsidered? See PR #2876: roles/network might become optional? +- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" + set_fact: + FQDN_changed: True + when: iiab_fqdn != ansible_fqdn + #- name: Re-configuring httpd - not initial install # include_tasks: roles/httpd/tasks/main.yml # when: iiab_stage|int > 3 diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index c1084ff52..c8429a4ea 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -54,9 +54,8 @@ - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml -- name: Set new hostname/domain (hostname.yml) if nec - include_tasks: network.yml - +- name: Set hostname / domain (etc) in various places + include_tasks: hostname.yml - name: Add 'runtime' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/0-init/tasks/network.yml b/roles/0-init/tasks/network.yml deleted file mode 100644 index 91ed10998..000000000 --- a/roles/0-init/tasks/network.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" - set_fact: - iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" - FQDN_changed: False - -- name: Set hostname / domain (etc) in various places -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }}) - include_tasks: hostname.yml - when: iiab_fqdn != ansible_fqdn - -# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is -# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it -# should be reconsidered? See PR #2876: roles/network might become optional? -- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" - set_fact: - FQDN_changed: True - when: iiab_fqdn != ansible_fqdn - - -# 2021-08-17: (1) iiab-gen-iptables works better if gui_port is set directly in -# default_vars.yml and/or local_vars.yml (2) Admin Console's iiab-admin.yml -# and js-menu.yml set 'adm_cons_force_ssl: False' - -# - name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl" -# set_fact: -# gui_port: 80 -# when: not adm_cons_force_ssl - -# - name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl" -# set_fact: -# gui_port: 443 -# when: adm_cons_force_ssl diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..f2f6cf8e0 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -122,6 +122,7 @@ - calibreweb - calibre - pbx + - network - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined assert: diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0c376df31..d1ce25c6d 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,6 +3,10 @@ - name: ...IS BEGINNING ============================================ meta: noop +- name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/install.yml + when: network_install + - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: name: sshd @@ -29,10 +33,6 @@ dest: /usr/bin/ mode: '0755' -- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/dnsmasq.yml - #when: dnsmasq_install # Flag might be used in future? - - include_tasks: uuid.yml - include_tasks: ubermix.yml diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 9ed8ff007..c6fb3f21c 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,8 +8,14 @@ - include_tasks: packages.yml -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: network.yml +- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf" + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - include_tasks: iiab-startup.yml diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8ccf6b88b..9bed4e5e8 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -24,23 +24,6 @@ name: sshd when: sshd_install - -# UNMAINTAINED -- name: Install named / BIND - include_tasks: roles/network/tasks/named.yml - when: named_install is defined and named_install - -# UNMAINTAINED -- name: Install dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install is defined and dhcpd_install - -# LESS MAINTAINED -- name: Install Squid - include_tasks: roles/network/tasks/squid.yml - when: squid_install and squid_installed is undefined - - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index efe764642..8c7ac5515 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -172,3 +172,5 @@ value: "{{ iiab_lan_iface }}" - option: iiab_network_mode value: "{{ iiab_network_mode }}" + - option: network_enabled + value: "{{ network_enabled }}" diff --git a/roles/2-common/tasks/network.yml b/roles/network/tasks/install.yml similarity index 82% rename from roles/2-common/tasks/network.yml rename to roles/network/tasks/install.yml index 57bea8434..06e4cf31d 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/network/tasks/install.yml @@ -1,5 +1,8 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. +- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/dnsmasq.yml + - name: Install package networkd-dispatcher (OS's other than RasPiOS) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes @@ -44,7 +47,7 @@ # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" +- name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot name: "{{ item.name }}" value: "{{ item.value }}" @@ -52,10 +55,32 @@ - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' + +# UNMAINTAINED +- name: Install named / BIND + include_tasks: roles/network/tasks/named.yml + when: named_install is defined and named_install + +# UNMAINTAINED +- name: Install dhcpd + include_tasks: roles/network/tasks/dhcpd.yml + when: dhcpd_install is defined and dhcpd_install + +# LESS MAINTAINED +- name: Install Squid + include_tasks: roles/network/tasks/squid.yml + when: squid_install and squid_installed is undefined diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d849cebaf..86a07413b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -21,59 +21,67 @@ - name: computed_network include_tasks: computed_network.yml -# - name: Configure wondershaper -# include_tasks: wondershaper.yml -# when: wondershaper_install or wondershaper_installed is defined +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_install and network_installed is undefined -- name: (Re)Install named - include_tasks: named.yml - when: named_install and FQDN_changed and iiab_stage|int == 9 +- name: Configuring Network if enabled + block: + # - name: Configure wondershaper + # include_tasks: wondershaper.yml + # when: wondershaper_install or wondershaper_installed is defined -- name: (Re)Install dhcpd - include_tasks: dhcpd.yml - when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install named + include_tasks: named.yml + when: named_install and FQDN_changed and iiab_stage|int == 9 -- name: (Re)Install Squid - include_tasks: squid.yml - when: squid_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install dhcpd + include_tasks: dhcpd.yml + when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -#preprep for backends -- name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 + - name: (Re)Install Squid + include_tasks: squid.yml + when: squid_install and FQDN_changed and iiab_stage|int == 9 -#### Start services -- name: avahi - include_tasks: avahi.yml -- name: hostapd - include_tasks: hostapd.yml -- name: computed_services - include_tasks: computed_services.yml -- name: enable_services - include_tasks: enable_services.yml -#### End services + #preprep for backends + - name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu and not is_ubuntu_16 -#### Start network layout -#- name: Redhat networking -# include_tasks: ifcfg_mods.yml -# when: is_redhat + #### Start services + - name: avahi + include_tasks: avahi.yml + - name: hostapd + include_tasks: hostapd.yml + - name: computed_services + include_tasks: computed_services.yml + - name: enable_services + include_tasks: enable_services.yml + #### End services -- name: NetworkManager in use - include_tasks: NM-debian.yml - when: is_debuntu and network_manager_active + #### Start network layout + #- name: Redhat networking + # include_tasks: ifcfg_mods.yml + # when: is_redhat -- name: systemd-networkd in use - include_tasks: sysd-netd-debian.yml - when: is_debuntu and systemd_networkd_active + - name: NetworkManager in use + include_tasks: NM-debian.yml + when: is_debuntu and network_manager_active -- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active - include_tasks: rpi_debian.yml - when: is_raspbian + - name: systemd-networkd in use + include_tasks: sysd-netd-debian.yml + when: is_debuntu and systemd_networkd_active -- name: Not RPi, Not NetworkManager, Not systemd-networkd in use - include_tasks: debian.yml - when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 -#### end network layout + - name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active + include_tasks: rpi_debian.yml + when: is_raspbian -- name: Restart services - include_tasks: restart.yml + - name: Not RPi, Not NetworkManager, Not systemd-networkd in use + include_tasks: debian.yml + when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 + #### end network layout + + - name: Restart services + include_tasks: restart.yml + # end block + when: network_installed is defined and network_enabled diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 796074a3b..c1ff11bb9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -92,6 +92,8 @@ js_menu_install: True # IIAB Networking README: https://github.com/iiab/iiab/tree/master/roles/network # IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking # Read it offline too: http://box/info > "IIAB Networking" +network_install: True +network_enabled: True # NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 100 LINES, as enabled by Ansible's # NETWORK role (/opt/iiab/iiab/roles/network). SEE ALSO: