diff --git a/iiab-install b/iiab-install index e2ef4a173..8a4a18560 100755 --- a/iiab-install +++ b/iiab-install @@ -11,7 +11,7 @@ CWD=`pwd` OS=`grep ^ID= /etc/*release|cut -d= -f2` OS=${OS//\"/} MIN_RPI_KERN=4.19.97 # If using Raspbian, 'rpi-update' should no longer be nec -- please use Raspbian 2020-02-13 or higher: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.8.10 # Ansible 2.8.3 and 2.8.6 have serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.8.11 # Ansible 2.8.3 and 2.8.6 have serious bugs, preventing their use with IIAB. if [ ! -f /etc/iiab/local_vars.yml ]; then diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml index 75d06b593..adb7a0a46 100644 --- a/roles/1-prep/tasks/raspberry_pi.yml +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -24,12 +24,12 @@ state: present when: rtc_id is defined and rtc_id != "none" and is_ubuntu -- name: Enable bluetooth in /boot/firmware/syscfg.txt on Ubuntu (needs reboot) - lineinfile: - path: /boot/firmware/syscfg.txt - regexp: '^include*' - line: 'include btcfg.txt' - when: is_ubuntu +#- name: Enable bluetooth in /boot/firmware/syscfg.txt on Ubuntu (needs reboot) +# lineinfile: +# path: /boot/firmware/syscfg.txt +# regexp: '^include*' +# line: 'include btcfg.txt' +# when: is_ubuntu - name: 'Ensure packages are installed: dphys-swapfile, fake-hwclock, iw, rfkill, wireless-tools' package: diff --git a/roles/captiveportal/templates/checkurls b/roles/captiveportal/templates/checkurls index e71d4f375..61719651f 100755 --- a/roles/captiveportal/templates/checkurls +++ b/roles/captiveportal/templates/checkurls @@ -10,13 +10,13 @@ ipv6.msftncsi.com.edgesuite.net www.msftncsi.com www.msftncsi.com.edgesuite.net www.msftconnecttest.com -www.msn.com +#www.msn.com teredo.ipv6.microsoft.com teredo.ipv6.microsoft.com.nsatc.net captive.apple.com init-p01st.push.apple.com connectivitycheck.android.com -www.google.com +#www.google.com mtalk.google.com alt4-mtalk.google.com alt6-mtalk.google.com diff --git a/roles/kolibri/templates/kolibri.service.j2 b/roles/kolibri/templates/kolibri.service.j2 index 80faf1850..84515d3f8 100644 --- a/roles/kolibri/templates/kolibri.service.j2 +++ b/roles/kolibri/templates/kolibri.service.j2 @@ -10,8 +10,10 @@ Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }} Environment=KOLIBRI_URL_PATH_PREFIX={{ kolibri_url_without_slash }} User={{ kolibri_user }} Group={{ apache_user }} -TimeoutStartSec=infinity -TimeoutStopSec=10 +# 2020-04-18 @jvonau: comment out both timeouts for now, in favor of 90 seconds +# or whatever systemd / Kolibri favor? https://github.com/iiab/iiab/issues/2318 +# TimeoutStartSec=infinity +# TimeoutStopSec=10 ExecStart={{ kolibri_exec_path }} start ExecStop={{ kolibri_exec_path }} stop diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index 2abc6efe5..24258f981 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -103,5 +103,6 @@ value: "{{ transmission_kalite_languages }}" - option: transmission_username value: "{{ transmission_username }}" - - option: transmission_password - value: "{{ transmission_password }}" + # 2020-04-14: better to redact passwords from /etc/iiab/iiab.ini etc, so iiab-diagnostics command doesn't publish these, etc + #- option: transmission_password + # value: "{{ transmission_password }}" diff --git a/scripts/ansible b/scripts/ansible index 2e7875ea5..985d1d636 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -1,7 +1,7 @@ #!/bin/bash -e CURR_VER="undefined" # Ansible version you currently have installed -GOOD_VER="2.9.6" # For XO laptops (pip install) & CentOS (yum install rpm) +GOOD_VER="2.9.7" # For XO laptops (pip install) & CentOS (yum install rpm) # On other OS's we attempt the latest from PPA, which might be more recent export DEBIAN_FRONTEND=noninteractive diff --git a/scripts/ansible-2.8.x b/scripts/ansible-2.8.x index 4d57bd1d1..304ee6f85 100755 --- a/scripts/ansible-2.8.x +++ b/scripts/ansible-2.8.x @@ -1,7 +1,7 @@ #!/bin/bash -e CURR_VER="undefined" # Ansible version you currently have installed -GOOD_VER="2.8.10" # For XO laptops (pip install) & CentOS (yum install rpm) +GOOD_VER="2.8.11" # For XO laptops (pip install) & CentOS (yum install rpm) # On other OS's we attempt the latest from PPA, which might be more recent export DEBIAN_FRONTEND=noninteractive diff --git a/scripts/ansible-2.9.x b/scripts/ansible-2.9.x index 81bfce59a..1f071bb9e 100755 --- a/scripts/ansible-2.9.x +++ b/scripts/ansible-2.9.x @@ -1,7 +1,7 @@ #!/bin/bash -e CURR_VER="undefined" # Ansible version you currently have installed -GOOD_VER="2.9.6" # For XO laptops (pip install) & CentOS (yum install rpm) +GOOD_VER="2.9.7" # For XO laptops (pip install) & CentOS (yum install rpm) # On other OS's we attempt the latest from PPA, which might be more recent export DEBIAN_FRONTEND=noninteractive diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index f5ab6b9c9..302c9c6e3 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -38,7 +38,8 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail echo "FILE EXISTS BUT IS EMPTY!" >> $outfile elif [ $# -eq 1 ]; then echo >> $outfile - cat $1 | iconv -t UTF-8//IGNORE >> $outfile + # Redact most passwords from /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/iiab/local_vars.yml -- not much to worry about in /etc/iiab/iiab.ini + cat $1 | sed -e 's/^\(\s*psk=\).*/\1[REDACTED]/; s/^\(\s*wpa_passphrase=\).*/\1[REDACTED]/; s/^\([^#].*assword:\).*/\1 [REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile @@ -150,13 +151,13 @@ cat_file /etc/iiab/openvpn_handle cat_file /.iiab-image cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.ini -cat_file /etc/iiab/local_vars.yml +cat_file /etc/iiab/local_vars.yml # Redacts most passwords above cat_file /etc/iiab/iiab_state.yml -cat_file /etc/iiab/config_vars.yml +#cat_file /etc/iiab/config_vars.yml # No longer common cat_file /etc/resolv.conf cat_file /etc/network/interfaces -cat_file /etc/hostapd/hostapd.conf # Auto-redact password? -#cat_file /etc/wpa_supplicant/wpa_supplicant.conf # Auto-redact password? +cat_file /etc/hostapd/hostapd.conf # Redacts most passwords above +cat_file /etc/wpa_supplicant/wpa_supplicant.conf # Redacts most passwords above # Record all Ansible variables: SLOW! OUTPUT TOO LARGE? #pushd /opt/iiab/iiab > /dev/null @@ -169,8 +170,8 @@ echo -e "\n\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile cat_dir /etc/network/interfaces.d cat_dir /etc/systemd/network cat_dir /etc/NetworkManager/system-connections -cat_dir /etc/netplan -#cat_dir /etc/sysconfig/network-scripts/if-cfg* # No longer common. +cat_dir /etc/netplan # Redacts most passwords above +#cat_dir /etc/sysconfig/network-scripts/if-cfg* # No longer common #cat_dir /etc/network # Above file /etc/network/interfaces suffices echo -e "\n 4. Output of Commands:\n" @@ -187,15 +188,16 @@ cat_cmd 'ip route' 'Routing table' cat_cmd 'netstat -rn' 'Routing table (old view)' cat_cmd 'brctl show' 'Bridge for LAN side' cat_cmd 'sudo netstat -natp' 'Ports/Services in use' -cat_cmd 'systemctl status dnsmasq' 'Is dnsmasq Ok?' +cat_cmd 'systemctl status dnsmasq' 'Is dnsmasq running?' cat_cmd 'sudo journalctl -b 0 -u dnsmasq' 'dnsmasq log' cat_cmd 'networkctl' 'systemd-networkd status' cat_cmd 'nmcli d' 'NetworkManager status' cat_cmd 'sudo journalctl -b 0 -u networkd-dispatcher' 'networkd-dispatcher log' cat_cmd 'iw dev' 'List wireless interfaces' -cat_cmd 'systemctl status hostapd' 'Is hostapd Ok?' +cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' +cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' -cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi WiFi firmware' +cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' cat_cmd 'env' 'Environment variables' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 0b968226d..782720f40 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -2,7 +2,9 @@ To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable small file, that can be easily circulated online AND offline. -The ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it easier to pass around. +Passwords (including Wi-Fi passwords) are auto-redacted from this file, to protect your community confidentiality. + +The ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it much easier to circulate among [volunteers](http://internet-in-a-box.org/pages/contributing.html). But first off, the file is compiled by harvesting 1 + 6 kinds of things: @@ -60,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 104-214 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 105-216 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.