port dnsmasq over from nginx-rebase-eth0 - rebased edits

iiab-network

@@ -24,7 +24,8 @@ then
    touch /etc/iiab/config_vars.yml
 fi
 
-export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
+Start=`date`
+export ANSIBLE_LOG_PATH="$XSCE_DIR/iiab-network.log"
 ansible-playbook -i ansible_hosts iiab-network.yml --connection=local
 echo "" >> iiab-network.log
 ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log
@@ -32,8 +33,12 @@ if [ ! "OS" == "debian" ]; then
    nmcli d >> iiab-network.log
    nmcli c >> iiab-network.log
 fi
+echo "" >> iiab-network.log
 brctl show >> iiab-network.log
-echo "run on:" >> iiab-network.log
+echo "" >> iiab-network.log
+echo "run start:" >> iiab-network.log
+echo "$Start" >> iiab-network.log
+echo "run end:" >> iiab-network.log
 date >> iiab-network.log
 echo "" >> iiab-network.log
 echo "" >> iiab-network.log

roles/0-vars/defaults/main.yml

@@ -0,0 +1 @@
+/opt/iiab/iiab/roles/1-prep/defaults/main.yml

roles/0-vars/tasks/main.yml

@@ -0,0 +1,2 @@
+- include: roles/1-prep/tasks/computed_vars.yml     
+- include: roles/1-prep/tasks/detected_network.yml

roles/network/defaults/main.yml

@@ -46,3 +46,12 @@ network_config_dir: /etc/network/interfaces.d
 iiab_network_mode: "Gateway"
 dns_jail_enabled: False
 services_externally_visible: False
+
+# following variables set for old apache,dhcpd,named usage
+dhcpd_install: True
+dhcpd_enabled: True
+named_install: True
+named_enabled: True
+dnsmasq_install: True
+dnsmasq_enabled: True
+captive_portal_enabled: False

roles/network/tasks/computed_services.yml

@@ -17,30 +17,28 @@
 - name: LAN configured - 'Gateway' mode
   set_fact:
     iiab_network_mode: "Gateway"
-  when: 'iiab_lan_iface != "none" and iiab_wan_iface != "none"'
+  when: iiab_lan_iface != "none" and iiab_wan_iface != "none"
 
 - name: No LAN configured - non-dnsmasq
   set_fact:
     named_enabled: True
     dhcpd_enabled: False
-    dns_service2: "{{ dns_service }}"
+    dhcp_service2: "dhcpd"
-  when: iiab_lan_iface == "none" or user_lan_iface == "none" and dns_service!= "dnsmasq"
+  when: not dnsmasq_enabled and iiab_network_mode == "Appliance"
-#  when: iiab_lan_iface == "none" or user_lan_iface == "none" and not dnsmasq_enabled"
 
 - name: LAN configured - non-dnsmasq
   set_fact:
     named_enabled: True
     dhcpd_enabled: True
-    dns_service2: "{{ dns_service }}"
+    dhcp_service2: "dhcpd"
-    when: dns_service != "dnsmasq" and iiab_network_mode != "Appliance"
+  when: not dnsmasq_enabled and iiab_network_mode != "Appliance"
-#    when: not dnsmasq_enabled and iiab_network_mode != "Appliance"
 
-#- name: LAN configured - dnsmasq
+- name: LAN configured - dnsmasq
-#  set_fact:
+  set_fact:
-#    named_enabled: False
+    named_enabled: False
-#    dhcpd_enabled: False
+    dhcpd_enabled: False
-#    dns_service2: dnsmasq
+    dhcp_service2: "dnsmasq"
-#    when: dnsmasq_enabled and iiab_network_mode != "Appliance"
+  when: dnsmasq_install and dnsmasq_enabled and iiab_network_mode != "Appliance"
 
 - name: Add location section to config file
   ini_file: dest='{{ iiab_config_file }}'
@@ -50,3 +48,7 @@
   with_items:
   - option: 'iiab_network_mode_applied'
     value: '{{ iiab_network_mode }}'
+  - option: 'dhcp_service2'
+    value: '{{ dhcp_service2 }}'
+  - option: 'dnsmasq_enabled'
+    value: '{{ dnsmasq_enabled }}'

roles/network/tasks/debian.yml

@@ -44,13 +44,18 @@
   service: name=hostapd state=stopped
   when: interface.changed
 
-#- name: dhcpcd may be affected
+- name: bind may be affected
-#  service: name=dhcpcd state=stopped
+  service: name={{ dns_service }} state=stopped
-#  when: interface.changed and dhcpcd_result == "enabled"
+  when: named_install and dnsmasq_enabled
 
-- name: dns may be affected
+# dhcpd_server release the interface
-  service: name={{ dns_service2 }} state=stopped
+- name: dhcpd_server may be affected - stopping dhcpd
-  when: interface.changed
+  service: name=dhcpd state=stopped
+  when: dhcpd_install
+
+- name: dhcpd_server may be affected - stopping dnsmasq
+  service: name=dnsmasq state=stopped
+  when: dnsmasq_install
 
 - name: reload systemd
   shell: systemctl daemon-reload
@@ -63,45 +68,3 @@
 - name: restart the networking service
   service: name=networking state=restarted
   when: interface.changed
-  
-- name: dns may be affected
-  service: name={{ dns_service2 }} state=started
-  when: interface.changed
-
-#create lan br0 if lan_controller or gateway
-#create wan br0 if appliance
-#allocate wlan0 under br0 in all cases
-#allocate eth0 under br0 if appliance, alone if gateway
-
-- name: Add location section to config file
-  ini_file: dest='{{ iiab_config_file }}'
-            section=network
-            option='{{ item.option }}'
-            value='{{ item.value }}'
-  with_items:
-  - option: 'gateway_active'
-    value:  '{{ gw_active }}'
-  - option: 'internet_available'
-    value:  '{{ internet_available }}'
-  - option: 'gateway_ifcfg'
-    value: '{{ has_ifcfg_gw }}'
-  - option: 'detected_gateway'
-    value: '{{ discovered_wan_iface }}'
-  - option: 'prior_gateway'
-    value: '{{ device_gw2 }}'
-  - option: 'wireless_list_1'
-    value: '{{ wifi1 }}'
-  - option: 'wireless_list_2'
-    value: '{{ wifi2 }}'
-  - option: 'num_wifi_interfaces'
-    value: '{{ num_wifi_interfaces }}'
-  - option: 'discovered_wireless_iface'
-    value: '{{ discovered_wireless_iface }}'
-  - option: 'iiab_wireless_lan_iface'
-    value: '{{ iiab_wireless_lan_iface }}'
-  - option: 'num_lan_interfaces'
-    value: '{{ num_lan_interfaces }}'
-  - option: 'detected_lan'
-    value: '{{ discovered_lan_iface }}'
-  - option: 'static_wan'
-    value: '{{ gui_static_wan }}'

roles/network/tasks/dhcpd.yml

@@ -15,6 +15,7 @@
 - name: Create non-privileged user
   user: name=dhcpd
         createhome=no
+  when: is_debuntu
 
 - name: Configure dhcpd
   template: src={{ item.src }}

roles/network/tasks/dnsmasq.yml

@@ -0,0 +1,12 @@
+- name: Install dnsmasq
+  package: name=dnsmasq state=present
+
+- name: Configure dhcpd
+  template: src={{ item.src }}
+            dest={{ item.dest }}
+            owner=root
+            group=root
+            mode={{ item.mode }}
+  with_items:
+   - { src: 'network/dnsmasq.service.rh', dest: '/etc/systemd/system/dnsmasq.service', mode: '0644' }
+

roles/network/tasks/enable_services.yml

@@ -1,13 +1,13 @@
 - name: Disable dhcpd service
   service: name=dhcpd
            enabled=no
-  when: not dhcpd_enabled
+  when: not dhcpd_enabled and dhcpd_install
 
 # service is restarted with NM dispatcher.d script
 - name: Enable dhcpd service
   service: name=dhcpd
            enabled=yes
-  when: dhcpd_enabled
+  when: dhcpd_enabled and dhcpd_install
 
 - name: Copy /etc/sysconfig/dhcpd file
   template: src={{ item.src }}
@@ -17,7 +17,7 @@
             mode={{ item.mode }}
   with_items:
    - { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
-  when: dhcpd_enabled
+  when: dhcpd_enabled and dhcpd_install
 
 - name: Copy named file
   template: src={{ item.src }}
@@ -32,28 +32,26 @@
 - name: Enable named service
   service: name={{ dns_service }}
            enabled=yes
-  when: named_enabled
+  when: named_enabled and named_install
 
 - name: Disable named service
   service: name={{ dns_service }}
            enabled=no
-  when: not named_enabled
+  when: not named_enabled and named_install
 
-#- name: Enable dnsmasq
+- name: Disable dnsmasq
-#  service: name=dnsmasq
+  service: name=dnsmasq
-#           enabled=no
+           enabled=no
-#  when: dnsmasq_enabled
+  when: not dnsmasq_enabled and dnsmasq_install
 
-# copy config file
+- name: dnsmasq copy config file to /etc
-#- name: Supply dnsmasq.conf
+  template: src=network/dnsmasq.conf dest=/etc/
-#  template: dest=
+  when: dnsmasq_enabled and dnsmasq_install
-#            src=
-#  when: dnsmasq_enabled
 
-#- name: Enable dnsmasq
+- name: Enable dnsmasq
-#  service: name=dnsmasq
+  service: name=dnsmasq
-#           enabled=yes
+           enabled=yes
-#  when: dnsmasq_enabled
+  when: dnsmasq_enabled and dnsmasq_install
 
 - name: Enable dansguardian
   service: name=dansguardian

roles/network/tasks/ifcfg_mods.yml

@@ -24,6 +24,18 @@
   with_items:
     - "{{ discovered_lan_iface }}"
 
+- name: bind may be affected
+  service: name={{ dns_service }} state=stopped
+  when: named_install and dnsmasq_enabled
+
+- name: dhcpd_server may be affected - stopping dhcpd
+  service: name=dhcpd state=stopped
+  when: dhcpd_install
+
+- name: dhcpd_server may be affected - stopping dnsmasq
+  service: name=dnsmasq state=stopped
+  when: dnsmasq_install
+
 - name: Stop the LAN/Bridge deleting iiab-LAN
   shell: nmcli con delete id iiab-LAN
   ignore_errors: True
@@ -98,4 +110,5 @@
   with_items:
       - "{{ lan_list_result.stdout_lines }}"
 
-# testpoint confirm with 'nmcli c show' 'brctl show'
+- name: dhcp_server may be affected - starting - user choice
+  service: name={{ dhcp_service2 }} state=started

roles/network/tasks/main.yml

@@ -56,11 +56,19 @@
   tags:
     - named
     - network
+  when: named_install
 
 - include: dhcpd.yml
   tags:
     - dhcpd
     - network
+  when: dhcpd_install
+
+- include: dnsmasq.yml
+  tags:
+    - dnsmasq
+    - network
+  when: dnsmasq_install
 
 - include: squid.yml
   tags:
@@ -92,6 +100,10 @@
     - network
     - network-discover
 
+- include: computed_services.yml
+  tags:
+    - network
+
 # templates needed from above install section live here
 - include: enable_services.yml
   tags:
@@ -130,10 +142,6 @@
 #### end network layout
 #### start services
 
-- include: computed_services.yml
-  tags:
-    - network
-
 - include: restart.yml
   when: not installing
   tags:

roles/network/tasks/restart.yml

@@ -1,28 +1,7 @@
-# dhcpd service is restarted with NM dispatcher.d script
-- name: Stop dhcpd
-  service: name=dhcpd
-           state=stopped
-  when: not dhcpd_enabled
-
-# assume NM is not running
-- name: Start dhcpd
-  service: name=dhcpd
-           state=started
-  when: dhcpd_enabled and is_debuntu
-
-- name: Stop named service
-  service: name={{ dns_service }}
-           state=stopped
-  when: not named_enabled
-
-#- name: Stop dnsmasq service
-#  service: name=dnsmasq
-#           state=stopped
-#  when: not dnsmasq_enabled
-
 - name: Start named service
-  service: name={{ dns_service2 }}
+  service: name={{ dns_service }}
            state=started
+  when: named_enabled and named_install
 
 - name: Stop DansGuardian
   service: name=dansguardian

roles/network/tasks/rpi_debian.yml

@@ -80,36 +80,3 @@
 #create wan br0 if appliance
 #allocate wlan0 under br0 in all cases
 #allocate eth0 under br0 if appliance, alone if gateway
-
-- name: Add location section to config file
-  ini_file: dest='{{ iiab_config_file }}'
-            section=network
-            option='{{ item.option }}'
-            value='{{ item.value }}'
-  with_items:
-  - option: 'gateway_active'
-    value:  '{{ gw_active }}'
-  - option: 'internet_available'
-    value:  '{{ internet_available }}'
-  - option: 'gateway_ifcfg'
-    value: '{{ has_ifcfg_gw }}'
-  - option: 'detected_gateway'
-    value: '{{ discovered_wan_iface }}'
-  - option: 'prior_gateway'
-    value: '{{ device_gw2 }}'
-  - option: 'wireless_list_1'
-    value: '{{ wifi1 }}'
-  - option: 'wireless_list_2'
-    value: '{{ wifi2 }}'
-  - option: 'num_wifi_interfaces'
-    value: '{{ num_wifi_interfaces }}'
-  - option: 'discovered_wireless_iface'
-    value: '{{ discovered_wireless_iface }}'
-  - option: 'iiab_wireless_lan_iface'
-    value: '{{ iiab_wireless_lan_iface }}'
-  - option: 'num_lan_interfaces'
-    value: '{{ num_lan_interfaces }}'
-  - option: 'detected_lan'
-    value: '{{ discovered_lan_iface }}'
-  - option: 'static_wan'
-    value: '{{ gui_static_wan }}'

roles/network/templates/gateway/iiab-gen-iptables

@@ -57,6 +57,7 @@ calibre_port={{ calibre_port }}
 kiwix_port={{ kiwix_port }}
 kalite_server_port={{ kalite_server_port }}
 block_DNS={{ block_DNS }}
+captive_portal_enabled={{ captive_portal_enabled }}
 
 echo "Lan is $lan and WAN is $wan"
 #
@@ -112,7 +113,13 @@ if [ "$block_DNS" == "True" ];then
     $IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
 fi
 
-if [ -f /etc/sysconfig/xs_httpcache_on ]; then
+if [ "$captive_portal_enabled" == "True" ];then
+   $IPTABLES -t mangle -N internet
+   $IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet
+   $IPTABLES -t mangle -A internet -j MARK --set-mark 99
+   $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
+
+elif [ -f /etc/sysconfig/xs_httpcache_on ]; then
     $IPTABLES  -t nat  -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
 fi
 

roles/network/templates/network/dnsmasq.service.rh

@@ -0,0 +1,10 @@
+[Unit]
+Description=DNS caching server.
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/dnsmasq -k
+ExecStop=/bin/killall -9 dnsmasq
+
+[Install]
+WantedBy=multi-user.target

roles/network/templates/network/resolvconf.j2

@@ -0,0 +1,14 @@
+# Supplied by IIAB
+# Configuration for resolvconf(8)
+# See resolvconf.conf(5) for details
+
+resolv_conf=/etc/resolv.conf
+# If you run a local name server, you should uncomment the below line and
+# configure your subscribers configuration files below.
+name_servers=127.0.0.1
+
+# Mirror the Debian package defaults for the below resolvers
+# so that resolvconf integrates seemlessly.
+dnsmasq_resolv=/var/run/dnsmasq/resolv.conf
+pdnsd_conf=/etc/pdnsd.conf
+unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf