From 7cd2c66fc8a83b8e60a731f956105999537eda85 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 24 Mar 2022 08:13:46 -0500 Subject: [PATCH 01/13] reorder and 'installed' --- roles/2-common/tasks/main.yml | 10 +++++-- roles/4-server-options/tasks/main.yml | 17 ----------- .../network.yml => network/tasks/install.yml} | 28 +++++++++++++++++-- roles/network/tasks/main.yml | 4 +++ 4 files changed, 37 insertions(+), 22 deletions(-) rename roles/{2-common/tasks/network.yml => network/tasks/install.yml} (86%) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 9ed8ff007..c6fb3f21c 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,8 +8,14 @@ - include_tasks: packages.yml -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: network.yml +- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf" + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - include_tasks: iiab-startup.yml diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8ccf6b88b..9bed4e5e8 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -24,23 +24,6 @@ name: sshd when: sshd_install - -# UNMAINTAINED -- name: Install named / BIND - include_tasks: roles/network/tasks/named.yml - when: named_install is defined and named_install - -# UNMAINTAINED -- name: Install dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install is defined and dhcpd_install - -# LESS MAINTAINED -- name: Install Squid - include_tasks: roles/network/tasks/squid.yml - when: squid_install and squid_installed is undefined - - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/2-common/tasks/network.yml b/roles/network/tasks/install.yml similarity index 86% rename from roles/2-common/tasks/network.yml rename to roles/network/tasks/install.yml index 57bea8434..051e3fe84 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/network/tasks/install.yml @@ -52,10 +52,32 @@ - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' + +# UNMAINTAINED +- name: Install named / BIND + include_tasks: roles/network/tasks/named.yml + when: named_install is defined and named_install + +# UNMAINTAINED +- name: Install dhcpd + include_tasks: roles/network/tasks/dhcpd.yml + when: dhcpd_install is defined and dhcpd_install + +# LESS MAINTAINED +- name: Install Squid + include_tasks: roles/network/tasks/squid.yml + when: squid_install and squid_installed is undefined diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d849cebaf..d6806dea4 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,3 +1,7 @@ +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_installed is undefined + - name: Select RPi firmware mode include_role: name: firmware From 6219a24d8204b998bdd950e7ced1cff8bbccc48a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Mar 2022 20:19:33 -0500 Subject: [PATCH 02/13] group dnsmasq within network and always preinstall --- roles/1-prep/tasks/main.yml | 7 +++---- roles/network/tasks/install.yml | 3 +++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0dfd32ee0..0e8aa4e5c 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,6 +3,9 @@ - name: ...IS BEGINNING ============================================ meta: noop +- name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/install.yml + - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: name: sshd @@ -32,10 +35,6 @@ - iiab-summary - iiab-apps-to-be-installed -- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/dnsmasq.yml - #when: dnsmasq_install # Flag might be used in future? - - include_tasks: uuid.yml - include_tasks: ubermix.yml diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 051e3fe84..cdfbf2b8d 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -1,5 +1,8 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. +- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/dnsmasq.yml + - name: Install package networkd-dispatcher (OS's other than RasPiOS) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes From 85dfee3b087d54000845cd54079cc0002e87e4e7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 7 Apr 2022 06:14:58 -0500 Subject: [PATCH 03/13] fully opt out --- iiab-stages.yml | 1 + roles/0-init/tasks/validate_vars.yml | 3 ++- roles/1-prep/tasks/main.yml | 1 + vars/default_vars.yml | 2 ++ 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/iiab-stages.yml b/iiab-stages.yml index 32a6ca751..5f15ffbb8 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -63,3 +63,4 @@ - name: Network include_role: name: network + when: network_installed is defined and network_enabled diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..f2f6cf8e0 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -122,6 +122,7 @@ - calibreweb - calibre - pbx + - network - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined assert: diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 0e8aa4e5c..c522e82fb 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -5,6 +5,7 @@ - name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/install.yml + when: network_install - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4440b9e58..7023aa718 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -92,6 +92,8 @@ js_menu_install: True # IIAB Networking README: https://github.com/iiab/iiab/tree/master/roles/network # IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking # Read it offline too: http://box/info > "IIAB Networking" +network_install: True +network_enabled: True # NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 100 LINES, as enabled by Ansible's # NETWORK role (/opt/iiab/iiab/roles/network). SEE ALSO: From 57a9fa85f99b3befca7a61c3d59a1e63354d3c5a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 5 May 2022 22:52:48 -0500 Subject: [PATCH 04/13] use block in the role for enable --- iiab-stages.yml | 1 - roles/network/tasks/main.yml | 126 ++++++++++++++++++----------------- 2 files changed, 65 insertions(+), 62 deletions(-) diff --git a/iiab-stages.yml b/iiab-stages.yml index 5f15ffbb8..32a6ca751 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -63,4 +63,3 @@ - name: Network include_role: name: network - when: network_installed is defined and network_enabled diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d6806dea4..a1d34eac7 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,83 +1,87 @@ - name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) include_tasks: install.yml - when: network_installed is undefined + when: network_install and network_installed is undefined - name: Select RPi firmware mode include_role: name: firmware when: rpi_model != "none" -- name: detected_network - include_tasks: detected_network.yml +- name: Configuring Network if enabled + block: + - name: detected_network + include_tasks: detected_network.yml -#- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" -- name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" - set_fact: - no_net_restart: True # 2020-09-12: - # 0-init/defaults/main.yml - default boolean value of False - # network/tasks/main.yml - changes flag based on conditional present - # Var is currently used in 9 subsequent files, to suppress restarting of - # hostapd, dnsmasq and/or other networking service in computed_services.yml, - # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, - # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml - when: has_wifi_gateway is defined + #- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" + - name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" + set_fact: + no_net_restart: True # 2020-09-12: + # 0-init/defaults/main.yml - default boolean value of False + # network/tasks/main.yml - changes flag based on conditional present + # Var is currently used in 9 subsequent files, to suppress restarting of + # hostapd, dnsmasq and/or other networking service in computed_services.yml, + # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, + # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml + when: has_wifi_gateway is defined -- name: computed_network - include_tasks: computed_network.yml + - name: computed_network + include_tasks: computed_network.yml -# - name: Configure wondershaper -# include_tasks: wondershaper.yml -# when: wondershaper_install or wondershaper_installed is defined + # - name: Configure wondershaper + # include_tasks: wondershaper.yml + # when: wondershaper_install or wondershaper_installed is defined -- name: (Re)Install named - include_tasks: named.yml - when: named_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install named + include_tasks: named.yml + when: named_install and FQDN_changed and iiab_stage|int == 9 -- name: (Re)Install dhcpd - include_tasks: dhcpd.yml - when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install dhcpd + include_tasks: dhcpd.yml + when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -- name: (Re)Install Squid - include_tasks: squid.yml - when: squid_install and FQDN_changed and iiab_stage|int == 9 + - name: (Re)Install Squid + include_tasks: squid.yml + when: squid_install and FQDN_changed and iiab_stage|int == 9 -#preprep for backends -- name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 + #preprep for backends + - name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu and not is_ubuntu_16 -#### Start services -- name: avahi - include_tasks: avahi.yml -- name: hostapd - include_tasks: hostapd.yml -- name: computed_services - include_tasks: computed_services.yml -- name: enable_services - include_tasks: enable_services.yml -#### End services + #### Start services + - name: avahi + include_tasks: avahi.yml + - name: hostapd + include_tasks: hostapd.yml + - name: computed_services + include_tasks: computed_services.yml + - name: enable_services + include_tasks: enable_services.yml + #### End services -#### Start network layout -#- name: Redhat networking -# include_tasks: ifcfg_mods.yml -# when: is_redhat + #### Start network layout + #- name: Redhat networking + # include_tasks: ifcfg_mods.yml + # when: is_redhat -- name: NetworkManager in use - include_tasks: NM-debian.yml - when: is_debuntu and network_manager_active + - name: NetworkManager in use + include_tasks: NM-debian.yml + when: is_debuntu and network_manager_active -- name: systemd-networkd in use - include_tasks: sysd-netd-debian.yml - when: is_debuntu and systemd_networkd_active + - name: systemd-networkd in use + include_tasks: sysd-netd-debian.yml + when: is_debuntu and systemd_networkd_active -- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active - include_tasks: rpi_debian.yml - when: is_raspbian + - name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active + include_tasks: rpi_debian.yml + when: is_raspbian -- name: Not RPi, Not NetworkManager, Not systemd-networkd in use - include_tasks: debian.yml - when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 -#### end network layout + - name: Not RPi, Not NetworkManager, Not systemd-networkd in use + include_tasks: debian.yml + when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 + #### end network layout -- name: Restart services - include_tasks: restart.yml + - name: Restart services + include_tasks: restart.yml + # end block + when: network_installed is defined and network_enabled From 94d80f7ac44a4ddbd24e6dbec25787a27f15a400 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 20 May 2022 11:25:01 -0500 Subject: [PATCH 05/13] always detect and report - record enabled --- roles/network/tasks/computed_network.yml | 2 ++ roles/network/tasks/main.yml | 36 ++++++++++++------------ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index efe764642..8c7ac5515 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -172,3 +172,5 @@ value: "{{ iiab_lan_iface }}" - option: iiab_network_mode value: "{{ iiab_network_mode }}" + - option: network_enabled + value: "{{ network_enabled }}" diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a1d34eac7..a4808b47e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -7,26 +7,26 @@ name: firmware when: rpi_model != "none" +- name: detected_network + include_tasks: detected_network.yml + +#- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" +- name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" + set_fact: + no_net_restart: True # 2020-09-12: + # 0-init/defaults/main.yml - default boolean value of False + # network/tasks/main.yml - changes flag based on conditional present + # Var is currently used in 9 subsequent files, to suppress restarting of + # hostapd, dnsmasq and/or other networking service in computed_services.yml, + # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, + # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml + when: has_wifi_gateway is defined + +- name: computed_network + include_tasks: computed_network.yml + - name: Configuring Network if enabled block: - - name: detected_network - include_tasks: detected_network.yml - - #- name: "Set 'no_net_restart: True' if discovered_wireless_iface == iiab_wan_iface" - - name: "Set 'no_net_restart: True' if has_wifi_gateway is defined" - set_fact: - no_net_restart: True # 2020-09-12: - # 0-init/defaults/main.yml - default boolean value of False - # network/tasks/main.yml - changes flag based on conditional present - # Var is currently used in 9 subsequent files, to suppress restarting of - # hostapd, dnsmasq and/or other networking service in computed_services.yml, - # debian.yml, detected_network.yml, down-debian.yml, netplan.yml, - # NM-debian.yml, restart.yml, rpi_debian.yml, sysd-netd-debian.yml - when: has_wifi_gateway is defined - - - name: computed_network - include_tasks: computed_network.yml - # - name: Configure wondershaper # include_tasks: wondershaper.yml # when: wondershaper_install or wondershaper_installed is defined From 5196b4dff983bf4a4fecc5460996b44ca40fa7b9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 20 May 2022 13:13:11 -0500 Subject: [PATCH 06/13] tools needed after detection --- roles/network/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a4808b47e..86a07413b 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,7 +1,3 @@ -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: install.yml - when: network_install and network_installed is undefined - - name: Select RPi firmware mode include_role: name: firmware @@ -25,6 +21,10 @@ - name: computed_network include_tasks: computed_network.yml +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_install and network_installed is undefined + - name: Configuring Network if enabled block: # - name: Configure wondershaper From 59cd7ecc13bd51f25c3943e198c90e23bb1f00aa Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 25 Mar 2022 00:08:40 -0500 Subject: [PATCH 07/13] Correct discription of network.yml to hostname.yml --- roles/0-init/tasks/hostname.yml | 24 ++++++++++++++---------- roles/0-init/tasks/main.yml | 5 ++--- roles/0-init/tasks/network.yml | 31 ------------------------------- 3 files changed, 16 insertions(+), 44 deletions(-) delete mode 100644 roles/0-init/tasks/network.yml diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 3d323b3cc..427380929 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -1,3 +1,8 @@ +- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" + set_fact: + iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" + FQDN_changed: False + - name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ? stat: path: /etc/cloud/cloud.cfg @@ -17,16 +22,7 @@ # 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904) # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" -#- name: Install /etc/sysconfig/network from template (redhat) -# template: -# src: roles/network/templates/network/sysconfig.network.j2 -# dest: /etc/sysconfig/network -# owner: root -# group: root -# mode: 0644 -# when: is_redhat - -# roles/network/tasks/hosts.yml [no longer in use] ALSO did this: +# should the first entry match just hostname and domain move to after localhost? - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' lineinfile: path: /etc/hosts @@ -36,6 +32,14 @@ #group: root #mode: 0644 +# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is +# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it +# should be reconsidered? See PR #2876: roles/network might become optional? +- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" + set_fact: + FQDN_changed: True + when: iiab_fqdn != ansible_fqdn + #- name: Re-configuring httpd - not initial install # include_tasks: roles/httpd/tasks/main.yml # when: iiab_stage|int > 3 diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index b7d128124..1fd2c525f 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -51,9 +51,8 @@ - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml -- name: Set new hostname/domain (hostname.yml) if nec - include_tasks: network.yml - +- name: Set hostname / domain (etc) in various places + include_tasks: hostname.yml - name: Add 'runtime' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/0-init/tasks/network.yml b/roles/0-init/tasks/network.yml deleted file mode 100644 index 91ed10998..000000000 --- a/roles/0-init/tasks/network.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" - set_fact: - iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" - FQDN_changed: False - -- name: Set hostname / domain (etc) in various places -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }}) - include_tasks: hostname.yml - when: iiab_fqdn != ansible_fqdn - -# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is -# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it -# should be reconsidered? See PR #2876: roles/network might become optional? -- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" - set_fact: - FQDN_changed: True - when: iiab_fqdn != ansible_fqdn - - -# 2021-08-17: (1) iiab-gen-iptables works better if gui_port is set directly in -# default_vars.yml and/or local_vars.yml (2) Admin Console's iiab-admin.yml -# and js-menu.yml set 'adm_cons_force_ssl: False' - -# - name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl" -# set_fact: -# gui_port: 80 -# when: not adm_cons_force_ssl - -# - name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl" -# set_fact: -# gui_port: 443 -# when: adm_cons_force_ssl From 11f451da1af99b6eb8f47a808c9a6be8606fb381 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 30 Jun 2022 12:21:33 -0500 Subject: [PATCH 08/13] visual feedback --- roles/network/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index cdfbf2b8d..06e4cf31d 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -47,7 +47,7 @@ # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" +- name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot name: "{{ item.name }}" value: "{{ item.value }}" From 91046a4f12b12ba4027816cb2ecb8e8080651195 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Jul 2022 15:40:52 +0000 Subject: [PATCH 09/13] PR #3173 adjustments (making network role optional) --- roles/1-prep/tasks/main.yml | 8 ++++---- roles/network/tasks/install.yml | 22 ++++++++++++---------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index d1ce25c6d..911e31df5 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,10 +3,6 @@ - name: ...IS BEGINNING ============================================ meta: noop -- name: Install network/wifi related packages -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/install.yml - when: network_install - - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: name: sshd @@ -33,6 +29,10 @@ dest: /usr/bin/ mode: '0755' +- name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/install.yml + when: network_install + - include_tasks: uuid.yml - include_tasks: ubermix.yml diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml index 06e4cf31d..65f7fb2c2 100644 --- a/roles/network/tasks/install.yml +++ b/roles/network/tasks/install.yml @@ -19,7 +19,7 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml @@ -60,15 +60,6 @@ #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE -- name: "Set 'network_installed: True'" - set_fact: - network_installed: True - -- name: "Add 'network_installed: True' to {{ iiab_state_file }}" - lineinfile: - path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^network_installed' - line: 'network_installed: True' # UNMAINTAINED - name: Install named / BIND @@ -84,3 +75,14 @@ - name: Install Squid include_tasks: roles/network/tasks/squid.yml when: squid_install and squid_installed is undefined + + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' From 699e908291261084eca7a9d53b2c40fb76b7a516 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Jul 2022 17:12:29 +0000 Subject: [PATCH 10/13] Move iiab-hotspot-on|off installs (hostapd.yml to main.yml, for Admin Console) --- roles/network/tasks/hostapd.yml | 17 ++--------------- roles/network/tasks/main.yml | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 07e534b66..3b9231a86 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -50,21 +50,8 @@ mode: 0644 when: not wifi_up_down and can_be_ap -- name: Create /usr/bin/iiab-hotspot-on from template - template: - src: hostapd/iiab-hotspot-on - dest: /usr/bin/iiab-hotspot-on - owner: root - group: root - mode: 0755 - -- name: Create /usr/bin/iiab-hotspot-off from template - template: - src: hostapd/iiab-hotspot-off - dest: /usr/bin/iiab-hotspot-off - owner: root - group: root - mode: 0755 +# 2022-07-11: Install of iiab-hotspot-on|off moved to network/tasks/main.yml +# as required for Admin Console - name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True template: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 86a07413b..567a21159 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -25,6 +25,22 @@ include_tasks: install.yml when: network_install and network_installed is undefined +- name: Create /usr/bin/iiab-hotspot-on from template + template: + src: hostapd/iiab-hotspot-on + dest: /usr/bin/iiab-hotspot-on + owner: root + group: root + mode: 0755 + +- name: Create /usr/bin/iiab-hotspot-off from template + template: + src: hostapd/iiab-hotspot-off + dest: /usr/bin/iiab-hotspot-off + owner: root + group: root + mode: 0755 + - name: Configuring Network if enabled block: # - name: Configure wondershaper From 9e6f96bd33cf42b25931c4ab5dd4643c8616b730 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Jul 2022 14:37:28 -0400 Subject: [PATCH 11/13] 1-prep: Also enforce "network_installed is undefined" --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 911e31df5..96ff6779d 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -31,7 +31,7 @@ - name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 include_tasks: roles/network/tasks/install.yml - when: network_install + when: network_install and network_installed is undefined - include_tasks: uuid.yml - include_tasks: ubermix.yml From d67b2751a6f9e44aebe1bf20709bf383af289ca1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 11 Jul 2022 20:14:15 -0400 Subject: [PATCH 12/13] hostname.yml: Note /etc/hosts & /etc/hostname tkts --- roles/0-init/tasks/hostname.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 427380929..70321cb4a 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -22,7 +22,10 @@ # 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904) # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" -# should the first entry match just hostname and domain move to after localhost? +# 2022-07-11: Should the first entry match just hostname and domain move to +# after localhost? Background: +# 1. /etc/hosts -- #1815 solved by PR #1847 +# 2. /etc/hostname -- #2904 solved by PR #2973 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' lineinfile: path: /etc/hosts From fafaf693eaa9cf47197a1eb5358a8b360c0e6d92 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 12 Jul 2022 08:35:42 -0400 Subject: [PATCH 13/13] 0-init/tasks/hostname.yml: Note discussion(s) of /etc/hosts --- roles/0-init/tasks/hostname.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 70321cb4a..ed79ccf3b 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -23,7 +23,7 @@ # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" # 2022-07-11: Should the first entry match just hostname and domain move to -# after localhost? Background: +# after localhost? See PR's #1 & #8 -- with discussion on #3302 -- and also: # 1. /etc/hosts -- #1815 solved by PR #1847 # 2. /etc/hostname -- #2904 solved by PR #2973 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"'