external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #43 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2017-12-07 18:13:50 -05:00 committed by GitHub
commit bf49e9b35f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 1006 additions and 312 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
iiab-network
View file

@ -4,25 +4,34 @@
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
if [ ! -f iiab-network.yml ]
then
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit
if [ ! -f iiab-network.yml ]; then
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit 1
fi
if [ ! -f /etc/iiab/config_vars.yml ]
then
touch /etc/iiab/config_vars.yml
if [ ! -f /etc/iiab/config_vars.yml ]; then
mkdir -p /etc/iiab
echo "{}" > /etc/iiab/config_vars.yml
fi
if [ -f /etc/iiab/iiab.env ]; then
source /etc/iiab/iiab.env
else
OS="unknown"
fi
Start=`date`
ansible-playbook -i ansible_hosts iiab-network.yml --connection=local
End=`date`
echo "" >> iiab-network.log
if [ ! "OS" == "debian" ]; then
# redhat path
if [ ! "OS" == "debian" ] && [ ! "OS" == "unknown" ]; then
ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log
fi
# ubuntu destop might be using NM - split out.
if [ $(which nmcli) ]; then
nmcli d >> iiab-network.log
nmcli c >> iiab-network.log
fi

40
roles/calibre/tasks/main.yml
View file

@ -11,6 +11,24 @@
when: is_rpi or (is_debian and calibre_debs_on_debian)
#when: is_rpi or is_debian # (is_debian also covers & includes is_rpi)
- name: Create calibre-serve.service and calibre.conf
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
backup: no
register: calibre_config
with_items:
- { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'}
- { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
- name: Forcing systemd to reread configs
systemd:
daemon_reload: yes
when: calibre_config.changed
# 2. STOP CALIBRE SERVICE IF IT EXISTS (REQUIRED FOR DB ACTIVITY...AND IF not calibre_enabled)
#- name: Check if Calibre systemd service exists
@ -25,7 +43,7 @@
state: stopped
#enabled: no
# register: command_result # gist.github.com/tyrells/0a79681de339237cb04c
failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!)
# failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!)
# when: calibre_svc.stat.exists
# 3. CREATE DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x)
@ -39,20 +57,7 @@
include_tasks: create-db.yml
when: not calibre_db.stat.exists
# 4. WRAP UP: CALIBRE SERVICE, http://box/books ETC
- name: Create calibre-serve.service and calibre.conf
template:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'}
- { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
when: calibre_enabled
# 4. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC
# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/books ARE A MESS (BOOKS RARELY DISPLAY)
- name: Create calibre.conf link for UNTESTED http://box/books etc (debuntu)
@ -77,6 +82,11 @@
#async: 900
#poll: 5
- name: Forcing apache to reread configs
service:
name: "{{ apache_service }}"
state: reloaded
- name: Add 'calibre' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"

9
roles/iiab-admin/tasks/access.yml
View file

@ -1,8 +1,9 @@
- name: Install textmode remote access packages
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- screen
- lynx
- screen
- lynx
tags:
- download

78
roles/iiab-admin/tasks/admin-user.yml
View file

@ -1,57 +1,69 @@
- name: Create iiab-admin user and password
user: name={{ iiab_admin_user }}
password={{ iiab_admin_passw_hash }}
update_password=on_create
user:
name: "{{ iiab_admin_user }}"
password: "{{ iiab_admin_passw_hash }}"
update_password: on_create
shell: /bin/bash
- name: Create a wheel group
group: name=wheel
state=present
group:
name: wheel
state: present
- name: Create a sudo group
group: name=sudo
state=present
- name: Create a sudo group (redhat)
group:
name: sudo
state: present
when: is_redhat
- name: Add user to wheel group
user: name={{ iiab_admin_user }} groups=wheel,sudo
user:
name: "{{ iiab_admin_user }}"
groups: wheel,sudo
- name: Create root .ssh
file: path=/root/.ssh
mode=0700
owner=root
group=root
state=directory
file:
path: /root/.ssh
owner: root
group: root
mode: 0700
state: directory
- name: Install dummy root keys as placeholder
copy: src=dummy_authorized_keys
dest=/root/.ssh/authorized_keys
force=no
owner=root
group=root
mode=0600
copy:
src: dummy_authorized_keys
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: 0600
force: no
# backup=yes
- name: Edit the sudoers file -- first make it editable
file: path=/etc/sudoers
mode=0640
file:
path: /etc/sudoers
mode: 0640
- name: Have sudo log all commands it handles
lineinfile: regexp=logfile
line='Defaults logfile = /var/log/sudo.log'
state=present
dest=/etc/sudoers
lineinfile:
regexp: logfile
line: "Defaults logfile = /var/log/sudo.log"
dest: /etc/sudoers
state: present
- name: Lets wheel sudo without password
lineinfile:
line: "%wheel ALL= NOPASSWD: ALL"
dest: /etc/sudoers
line: "%wheel ALL= NOPASSWD: ALL"
dest: /etc/sudoers
- name: Remove the line which requires tty
lineinfile: regexp=requiretty
state=absent
dest=/etc/sudoers
lineinfile:
regexp: requiretty
dest: /etc/sudoers
state: absent
- name: End editing the sudoers file -- protect it again
file: path=/etc/sudoers
mode=0440
file:
path: /etc/sudoers
mode: 0440

31
roles/iiab-admin/tasks/main.yml
View file

@ -7,11 +7,12 @@
tags:
- base
- name: Add iiab-admin parameters to ini file
ini_file: dest='{{ service_filelist }}'
section=iiab-admin
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: iiab-admin
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: iiab-admin
@ -21,19 +22,23 @@
value: "{{ iiab_admin_user }}"
- name: Set up to issue warning if iiab-admin password is still default
template: src=profile_ssh_warn.sh
dest=/etc/profile.d/
template:
src: profile_ssh_warn.sh
dest: /etc/profile.d/
- name: Is this LXDE?
stat: path=/home/pi/.config/lxsession
stat:
path: /home/pi/.config/lxsession
register: lx
- name: Do the same if running on Raspbian
template: src=lxde_ssh_warn.sh
dest=/home/pi/.config/lxsession/LXDE-pi/
template:
src: lxde_ssh_warn.sh
dest: /home/pi/.config/lxsession/LXDE-pi/
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
- name: Put an autostart line to check for default password in LXDE
lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh
dest=/home/pi/.config/lxsession/LXDE-pi/autostart
- name: Put an autostart line to check for default password in LXDE (raspbian)
lineinfile:
line: "@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh"
dest: /home/pi/.config/lxsession/LXDE-pi/autostart
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu

3
roles/network/defaults/main.yml
View file

@ -4,7 +4,6 @@ wireless_lan_present: False
strict_networking: False
iiab_demo_mode: False
gui_static_wan: False
has_NM: False
# Set defaults for discovery process as strings
wifi1: "not found-1"
@ -29,6 +28,8 @@ has_wifi_gw: "none"
#Debian
dhcpcd_result: ""
wan_in_interfaces: False
network_manager_active: False
systemd_networkd_active: False
# The values here are default local variables.
gui_wan_iface: "unset"

39
roles/network/tasks/NM-debian.yml Normal file
View file

@ -0,0 +1,39 @@
# NM-debian.yml
- name: Stopping services
include_tasks: down-debian.yml
# provide keyfile layout like the XO's used way back.
- name: Create uuid for NM's keyfile store
shell: uuidgen
register: uuid_response
- name: Put the uuid in place
set_fact:
gen_uuid: "{{ uuid_response.stdout_lines[0] }}"
# NM might have a watcher on this path and we don't have to restart NM
- name: Copy the bridge script for NetworkManager
template:
dest: /etc/NetworkManager/system-connections/
src: network/bridge-br0
- name: Reload systemd
shell: systemctl daemon-reload
- name: Restart the NetworkManager service
service:
name: network-manager
state: restarted
when: not nobridge is defined and not no_net_restart
- name: Restart hostapd when WiFi is present
service:
name: hostapd
state: restarted
when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
- name: dhcp_server may be affected - starting - user choice
service:
name: "{{ dhcp_service2 }}"
state: started
when: iiab_network_mode != "Appliance"

36
roles/network/tasks/debian.yml
View file

@ -9,7 +9,7 @@
# 4. In lan_controller: wan is off, eth0 and wlan0 under br0
# 5. In gateway: eth0 is wan, and wlan0 is under br0 (only one adapter under br0)
# 6. As a slight concess to auto config, if eth1 exists, make it wan, and force gateway
#- name: In upgrade from earlier IIAB 6.2, delete the resolvconf
# package: name=resolvconf
# state=absent
@ -37,7 +37,7 @@
- name: Copy the bridge script
template: dest=/etc/network/interfaces.d/iiab
src=network/systemd.j2
when: not is_rpi and not has_NM and (iiab_lan_iface == "br0" or wan_ip != "dhcp")
when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp")
- name: Copy the bridge script for RPi
template: dest=/etc/network/interfaces.d/iiab
@ -57,34 +57,6 @@
service: name=dnsmasq state=stopped
when: dnsmasq_install
# do this
#- name: Copy NetworkManager.conf for has_NM
# template: dest=/etc/NetworkManager/NetworkManager.conf
# src=network/NetworkManager.conf
# when: has_NM and iiab_lan_iface == "br0"
#- name: Copy the bridge script for has_NM
# template: dest=/etc/network/interfaces
# src=network/systemd.j2
# when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0"
# or provide keyfile layout like the XO's used way back.
- name: Create uuid for NM
shell: uuidgen
register: uuid_response
when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0"
- name: Put the uuid in place
set_fact:
gen_uuid: "{{ uuid_response.stdout_lines[0] }}"
when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0"
# NM might have a watcher on this path and we don't have to restart NM
- name: Copy the bridge script for has_NM
template: dest=/etc/NetworkManager/system-connections/
src=network/bridge-br0
when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0"
- name: Reload systemd
shell: systemctl daemon-reload
@ -95,8 +67,8 @@
- name: Restart the networking service
service: name=networking state=restarted
when: not nobridge is defined and not has_NM and not no_net_restart
when: not nobridge is defined and not no_net_restart
- name: Restart hostapd when WiFi is present
service: name=hostapd state=restarted
when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"

16
roles/network/tasks/detected_network.yml
View file

@ -21,7 +21,17 @@
- name: Setting dhcpcd_test results
set_fact:
dhcpcd_result: '{{ ansible_local.local_facts.dhcpcd }}'
dhcpcd_result: "{{ ansible_local.local_facts.dhcpcd }}"
- name: Setting systemd_networkd results
set_fact:
systemd_networkd_active: True
when: 'ansible_local.local_facts.systemd_networkd == "enabled"'
- name: Setting network_manager results
set_fact:
network_manager_active: True
when: 'ansible_local.local_facts.network_manager == "enabled"'
- name: Check /etc/network/interfaces for gateway
shell: grep {{ device_gw }} /etc/network/interfaces | wc -l
@ -185,6 +195,10 @@
value: '{{ device_gw2 }}'
- option: 'dhcpcd_result'
value: '{{ dhcpcd_result }}'
- option: 'network_manager_active'
value: '{{ network_manager_active }}'
- option: 'systemd_networkd_active'
value: '{{ systemd_networkd_active }}'
- option: 'wan_in_interfaces'
value: '{{ wan_in_interfaces }}'
- option: 'wireless_list_1(wifi1)'

25
roles/network/tasks/down-debian.yml Normal file
View file

@ -0,0 +1,25 @@
# down-debian.yml
#- name: Supply resolvconf.conf
# template:
# dest: /etc/resolvconf.conf
# src: network/resolvconf.j2
- name: bind may be affected
service:
name: "{{ dns_service }}"
state: stopped
when: named_install and dnsmasq_enabled
# dhcpd_server release the interface
- name: dhcpd_server may be affected - stopping dhcpd
service:
name: dhcpd
state: stopped
when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq
service:
name: dnsmasq
state: stopped
when: dnsmasq_install

56
roles/network/tasks/main.yml
View file

@ -84,23 +84,41 @@
#### end services
#### Start network layout
- include_tasks: ifcfg_mods.yml
- name: Redhat networking
include_tasks: ifcfg_mods.yml
tags:
- network
- network
when: is_redhat and not installing
- include_tasks: debian.yml
- name: NetworkManager in use
include_tasks: NM-debian.yml
tags:
- network
when: is_debuntu
#and not is_rpi and not installing
- network
when: is_debuntu and network_manager_active
#and not installing
#- include_tasks: rpi_debian.yml
# tags:
# - network
# when: is_debuntu and is_rpi and not installing
- name: systemd-networkd in use
include_tasks: sysd-netd-debian.yml
tags:
- network
when: is_debuntu and systemd_networkd_active
#and not installing
- name: RPi's have dhcpcd in use
include_tasks: rpi_debian.yml
tags:
- network
when: is_debuntu and is_rpi
#and not installing
- name: Not RPi, Not NetworkManager, Not systemd-networkd in use
include_tasks: debian.yml
tags:
- network
when: not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu
#and not installing
# this is moving
- name: Record iiab_wan_device
lineinfile: dest=/etc/iiab/iiab.env
regexp='^IIAB_WAN_DEVICE=*'
@ -108,7 +126,7 @@
state=present
when: not installing
tags:
- network
- network
- name: Record iiab_lan_device
lineinfile: dest=/etc/iiab/iiab.env
@ -117,15 +135,15 @@
state=present
when: not installing
tags:
- network
- network
#### end network layout
- include_tasks: restart.yml
when: not installing
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
- AP
- network
- named
- dhcpd
- dnsmasq
- squid
- AP

2
roles/network/tasks/restart.yml
View file

@ -4,7 +4,7 @@
- name: Start named service
service: name={{ dns_service }}
state=started
state=restarted
when: named_enabled and named_install
- name: Stop Squid service

101
roles/network/tasks/rpi_debian.yml
View file

@ -5,78 +5,53 @@
# a. gui_desired_network_role
# b. hostapd_enabled
# c. gui_static_wan_ip
# 3. In appliance mode: wan (and wlan0) is either static or dhcp under br0, and hostapd off
# 3. In appliance mode: wan is either wired dhcp/static or wlan0 and hostapd off
# 4. In lan_controller: wan is off, eth0 and wlan0 under br0
# 5. In gateway: eth0 is wan, and wlan0 is under br0 (only one adapter under br0)
# 6. As a slight concess to auto config, if eth1 exists, make it wan, and force gateway
# 5. In gateway: user gateway is wan, and wlan0 under br0 if not acting as
# the gateway
- name: Raspbian stock has openresolv which is not available in Debian, off it
package: name=openresolv
state=absent
- name: Supply resolvconf.conf
template:
dest: /etc/resolvconf.conf
src: network/resolvconf.j2
- name: Get the stock resolv.conf manager
package: name=resolvconf
state=absent
- name: Supply dhcpcd.conf
template:
dest: /etc/dhcpcd.conf
src: network/dhcpcd.conf.j2
- name: On upgrade from earlier IIAB versions, remove /etc/network/interfaces.d/br0
file: path=/etc/network/interfaces.d/br0
state=absent
when: iiab_lan_iface != "br0" and wan_ip == "dhcp"
- name: Copy the bridge script for RPi
template:
dest: /etc/network/interfaces.d/iiab
src: network/rpi.j2
when: iiab_lan_iface == "br0"
- name: Default to 'LanController'
set_fact:
gui_desired_network_role: "LanController"
when: not gui_desired_network_role is defined
- name: Stopping services
include_tasks: down-debian.yml
- name: Rewrite the /etc/network/interfaces file which we corrupted
template: dest=/etc/network/interfaces
src=network/interfaces.j2
- name: Supply our own dhcpcd.conf
template: dest=/etc/dhcpcd.conf
src=network/dhcpcd.conf.j2
when: iiab_lan_iface == "br0" or wan_ip != "dhcp"
- name: Copy the network config script
template: dest=/etc/network/interfaces.d/iiab
src=network/systemd.j2
register: interface
when: iiab_lan_iface == "br0" or wan_ip != "dhcp"
- name: If this was a change, things need to shift
service: name=hostapd state=stopped
when: interface.changed
- name: dhcpcd may be affected
service: name=dhcpcd state=stopped
when: interface.changed
- name: Tear down any bridge and start fresh
command: ip link set br0 down
ignore_errors: True
when: interface.changed
- name: And remove the device
command: brctl delbr br0
ignore_errors: True
when: interface.changed
- name: Reset the eth0 interface
command: ifdown eth0
ignore_errors: True
when: interface.changed
- name: Start up dhcpcd again
service: name=dhcpcd state=started
- name: Reload systemd
shell: systemctl daemon-reload
# now pick up denyinterfaces
- name: Restart dhcpcd
service: name=dhcpcd state=restarted
service:
name: dhcpcd
state: restarted
- name: Restart the networking service
service: name=networking state=restarted
service:
name: networking
enabled: yes
state: restarted
when: not nobridge is defined and not no_net_restart
#create lan br0 if lan_controller or gateway
#create wan br0 if appliance
#allocate wlan0 under br0 in all cases
#allocate eth0 under br0 if appliance, alone if gateway
- name: Restart hostapd when WiFi is present
service:
name: hostapd
enabled: yes
state: restarted
when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
#- name: dhcp_server may be affected - starting - user choice
# service: name={{ dhcp_service2 }} state=started
# when: iiab_network_mode != "Appliance"

40
roles/network/tasks/sysd-netd-debian.yml Normal file
View file

@ -0,0 +1,40 @@
# sysd-netd-debian.yml
- name: Copy the bridge script - Creates br0
template:
dest: /etc/systemd/network/IIAB-Bridge.netdev
src: network/systemd-br0.j2
- name: Copy the bridge script - Assigns IP address
template:
dest: /etc/systemd/network/IIAB-Bridge.network
src: network/systemd-br0-network.j2
- name: Copy the bridge script - Assigns br0 wired slaves
template:
dest: /etc/systemd/network/IIAB-Slave.network
src: network/systemd-br0-slave.j2
when: iiab_wired_lan_iface is defined
- name: Stopping services
include_tasks: down-debian.yml
- name: Reload systemd
shell: systemctl daemon-reload
- name: Restart the systemd-networkd service
service:
name: systemd-networkd
enabled: yes
state: restarted
when: not nobridge is defined and not no_net_restart
- name: Restart hostapd when WiFi is present
service:
name: hostapd
enabled: yes
state: restarted
when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
#- name: dhcp_server may be affected - starting - user choice
# service: name={{ dhcp_service2 }} state=started
# when: iiab_network_mode != "Appliance"

15
roles/network/templates/network/systemd-br0-network.j2 Normal file
View file

@ -0,0 +1,15 @@
# /etc/systemd/network/IIAB-Bridge.network
[Match]
Name=br0
[Network]
Bridge=br0
LinkLocalAddressing=no
DNS={{ lan_ip }}
Domains={{ iiab_domain }}
[Address]
Address={{ lan_ip }}/19
[Route]
Gateway=""

5
roles/network/templates/network/systemd-br0-slave.j2 Normal file
View file

@ -0,0 +1,5 @@
# /etc/systemd/network/IIAB-Slave.network
[Match]
Name={{ iiab_wired_lan_iface }}
[Network]
Bridge=br0

4
roles/network/templates/network/systemd-br0.j2 Normal file
View file

@ -0,0 +1,4 @@
# /etc/systemd/network/IIAB-Bridge.netdev
[NetDev]
Name=br0
Kind=bridge

3
roles/nodogsplash/defaults/main.yml Normal file
View file

@ -0,0 +1,3 @@
nodogsplash_install : False
nodogsplash_enabled : False
nodogsplash_arm_deb : nodogsplash_2.0.0-1_armhf.deb

3
roles/nodogsplash/tasks/main.yml Normal file
View file

@ -0,0 +1,3 @@
- name: Install nodogsplash (Raspbian only)
include_tasks: rpi.yml
when: is_rpi

68
roles/nodogsplash/tasks/rpi.yml Normal file
View file

@ -0,0 +1,68 @@
- name: nodogsplash dependencies
package:
name: libmicrohttpd12
state: present
- name: Get the nodogsplash software
get_url:
url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}"
dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}"
when: internet_available
async: 300
poll: 5
- name: Install nodogsplash
apt:
deb="{{ downloads_dir }}/{{ nodogsplash_arm_deb }}"
#- name: Create nodogsplash.service # deb file has one
# template:
# backup: no
# src: nodogsplash.service.j2
# dest: "/etc/systemd/system/nodogsplash.service"
# owner: root
# group: root
# mode: 0644
- name: Install custom files
template:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'nodogsplash.conf.j2', dest: '/etc/nodogsplash/nodogsplash.conf', mode: '0644'}
- { src: 'splash.html.j2', dest: '/etc/nodogsplash/htdocs/splash.html', mode: '0644'}
# We should probably only start this service on next boot
- name: Enable nodogsplash service
service:
name: nodogsplash
enabled: yes
state: started
when: nodogsplash_enabled
- name: Disable nodogsplash service
service:
name: nodogsplash
enabled: no
state: stopped
when: not nodogsplash_enabled
- name: Add 'nodogsplash' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: nodogsplash
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: nodogsplash
- option: description
value: '"Nodogsplash is a lightweight Captive Portal."'
- option: source
value: "{{ nodogsplash_arm_deb }}"
- option: enabled
value: "{{ nodogsplash_enabled }}"

413
roles/nodogsplash/templates/nodogsplash.conf.j2 Normal file
View file

@ -0,0 +1,413 @@
#
# Nodogsplash Configuration File
#
# Parameter: GatewayInterface
# Default: NONE
#
# GatewayInterface is not autodetected, has no default, and must be set here.
# Set GatewayInterface to the interface on your router
# that is to be managed by Nodogsplash.
# Typically br0 for the wired and wireless lan on OpenWrt White Russian.
# May be br-lan on OpenWrt Kamikaze.
#
GatewayInterface br0
# FirewallRuleSet: authenticated-users
#
# Control access for users after authentication.
# These rules are inserted at the beginning of the
# FORWARD chain of the router's filter table, and
# apply to packets that have come in to the router
# over the GatewayInterface from MAC addresses that
# have authenticated with Nodogsplash, and that are
# destined to be routed through the router. The rules are
# considered in order, and the first rule that matches
# a packet applies to it.
# If there are any rules in this ruleset, an authenticated
# packet that does not match any rule is rejected.
# N.B.: This ruleset is completely independent of
# the preauthenticated-users ruleset.
#
FirewallRuleSet authenticated-users {
# You may want to open access to a machine on a local
# subnet that is otherwise blocked (for example, to
# serve a redirect page; see RedirectURL). If so,
# allow that explicitly here, e.g:
# FirewallRule allow tcp port 80 to 192.168.254.254
# Your router may have several interfaces, and you
# probably want to keep them private from the GatewayInterface.
# If so, you should block the entire subnets on those interfaces, e.g.:
FirewallRule block to 192.168.0.0/16
FirewallRule block to 10.0.0.0/8
# Typical ports you will probably want to open up include
# 53 udp and tcp for DNS,
# 80 for http,
# 443 for https,
# 22 for ssh:
FirewallRule allow tcp port 53
FirewallRule allow udp port 53
FirewallRule allow tcp port 80
FirewallRule allow tcp port 443
FirewallRule allow tcp port 22
# You might use ipset to easily allow/block range of ips, e.g.:
# FirewallRule allow ipset WHITELISTED_IPS
# FirewallRule allow tcp port 80 ipset WHITELISTED_IPS
}
# end FirewallRuleSet authenticated-users
# FirewallRuleSet: preauthenticated-users
#
# Control access for users before authentication.
# These rules are inserted in the PREROUTING chain
# of the router's nat table, and in the
# FORWARD chain of the router's filter table.
# These rules apply to packets that have come in to the
# router over the GatewayInterface from MAC addresses that
# are not on the BlockedMACList or TrustedMACList,
# are *not* authenticated with Nodogsplash. The rules are
# considered in order, and the first rule that matches
# a packet applies to it. A packet that does not match
# any rule here is rejected.
# N.B.: This ruleset is completely independent of
# the authenticated-users and users-to-router rulesets.
#
FirewallRuleSet preauthenticated-users {
# For preauthenticated users to resolve IP addresses in their initial
# request not using the router itself as a DNS server,
# you probably want to allow port 53 udp and tcp for DNS.
FirewallRule allow tcp port 53
FirewallRule allow udp port 53
# For splash page content not hosted on the router, you
# will want to allow port 80 tcp to the remote host here.
# Doing so circumvents the usual capture and redirect of
# any port 80 request to this remote host.
# Note that the remote host's numerical IP address must be known
# and used here.
# FirewallRule allow tcp port 80 to 123.321.123.321
}
# end FirewallRuleSet preauthenticated-users
# FirewallRuleSet: users-to-router
#
# Control access to the router itself from the GatewayInterface.
# These rules are inserted at the beginning of the
# INPUT chain of the router's filter table, and
# apply to packets that have come in to the router
# over the GatewayInterface from MAC addresses that
# are not on the TrustedMACList, and are destined for
# the router itself. The rules are
# considered in order, and the first rule that matches
# a packet applies to it.
# If there are any rules in this ruleset, a
# packet that does not match any rule is rejected.
#
FirewallRuleSet users-to-router {
# Nodogsplash automatically allows tcp to GatewayPort,
# at GatewayAddress, to serve the splash page.
# However you may want to open up other ports, e.g.
# 53 for DNS and 67 for DHCP if the router itself is
# providing these services.
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
# You may want to allow ssh, http, and https to the router
# for administration from the GatewayInterface. If not,
# comment these out.
FirewallRule allow tcp port 22
FirewallRule allow tcp port 80
FirewallRule allow tcp port 443
# FirewallRule allow tcp port 3000
}
# end FirewallRuleSet users-to-router
# EmptyRuleSetPolicy directives
# The FirewallRuleSets that NoDogSplash permits are:
#
# authenticated-users
# preauthenticated-users
# users-to-router
# trusted-users
# trusted-users-to-router
#
# For each of these, an EmptyRuleSetPolicy can be specified.
# An EmptyRuleSet policy applies to a FirewallRuleSet if the
# FirewallRuleSet is missing from this configuration file,
# or if it exists but contains no FirewallRules.
#
# The possible values of an EmptyRuleSetPolicy are:
# allow -- packets are accepted
# block -- packets are rejected
# passthrough -- packets are passed through to pre-existing firewall rules
#
# Default EmptyRuleSetPolicies are set as follows:
# EmptyRuleSetPolicy authenticated-users passthrough
# EmptyRuleSetPolicy preauthenticated-users block
EmptyRuleSetPolicy users-to-router allow
# EmptyRuleSetPolicy trusted-users allow
# EmptyRuleSetPolicy trusted-users-to-router allow
# Parameter: GatewayName
# Default: NoDogSplash
#
# Set GatewayName to the name of your gateway. This value
# will be available as variable $gatewayname in the splash page source
# and in status output from ndsctl, but otherwise doesn't matter.
# If none is supplied, the value "NoDogSplash" is used.
#
# GatewayName NoDogSplash
# Parameter: GatewayAddress
# Default: Discovered from GatewayInterface
#
# This should be autodetected on an OpenWRT system, but if not:
# Set GatewayAddress to the IP address of the router on
# the GatewayInterface. This is the address that the Nodogsplash
# server listens on.
#
# GatewayAddress 192.168.1.1
# Parameter: RedirectURL
# Default: none
#
# After authentication, normally a user is redirected
# to their initially requested page.
# If RedirectURL is set, the user is redirected to this URL instead.
#
# RedirectURL http://www.ilesansfil.org/
# Parameter: GatewayPort
# Default: 2050
#
# Nodogsplash's own http server uses GatewayAddress as its IP address.
# The port it listens to at that IP can be set here; default is 2050.
#
# GatewayPort 2050
# Parameter: MaxClients
# Default: 20
#
# Set MaxClients to the maximum number of users allowed to
# connect at any time. (Does not include users on the TrustedMACList,
# who do not authenticate.)
#
# MaxClients 20
# ClientIdleTimeout
# Parameter: ClientIdleTimeout
# Default: 10
#
# Set ClientIdleTimeout to the desired of number of minutes
# of inactivity before a user is automatically 'deauthenticated'.
#
# ClientIdleTimeout 10
# Parameter: ClientForceTimeout
# Default: 360
#
# Set ClientForceTimeout to the desired number of minutes before
# a user is automatically 'deauthenticated', whether active or not
#
# ClientForceTimeout 360
# Parameter: AuthenticateImmediately
# Default: no
#
# Set to yes (or true or 1), to immediately authenticate users
# who make a http port 80 request on the GatewayInterface (that is,
# do not serve a splash page, just redirect to the user's request,
# or to RedirectURL if set).
#
# AuthenticateImmediately no
# Parameter: MACMechanism
# Default: block
#
# Either block or allow.
# If 'block', MAC addresses on BlockedMACList are blocked from
# authenticating, and all others are allowed.
# If 'allow', MAC addresses on AllowedMACList are allowed to
# authenticate, and all other (non-trusted) MAC's are blocked.
#
# MACMechanism block
# Parameter: BlockedMACList
# Default: none
#
# Comma-separated list of MAC addresses who will be completely blocked
# from the GatewayInterface. Ignored if MACMechanism is allow.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# BlockedMACList 00:00:DE:AD:BE:EF,00:00:C0:1D:F0:0D
# Parameter: AllowedMACList
# Default: none
#
# Comma-separated list of MAC addresses who will not be completely
# blocked from the GatewayInterface. Ignored if MACMechanism is block.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# AllowedMACList 00:00:12:34:56:78
# Parameter: TrustedMACList
# Default: none
#
# Comma-separated list of MAC addresses who are not subject to
# authentication, and are not restricted by any FirewallRuleSet.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0D
# Parameter: PasswordAuthentication
# Default: no
# Set to yes (or true or 1), to require a password matching
# the Password parameter to be supplied when authenticating.
#
#
# PasswordAuthentication no
# Parameter: Password
# Default: none
# Whitespace delimited string that is compared to user-supplied
# password when authenticating.
#
#
# Password nodog
# Parameter: UsernameAuthentication
# Default: no
# Set to yes (or true or 1), to require a username matching
# the Username parameter to be supplied when authenticating.
#
#
# UsernameAuthentication no
# Parameter: Username
# Default: none
# Whitespace delimited string that is compared to user-supplied
# username when authenticating.
#
#
# Username guest
# Parameter: PasswordAttempts
# Default: 5
# Integer number of failed password/username entries before
# a user is forced to reauthenticate.
#
#
# PasswordAttempts 5
# Parameter: TrafficControl
# Default: no
#
# Set to yes (or true or 1), to enable traffic control in Nodogsplash.
#
# TrafficControl no
# Parameter: DownloadLimit
# Default: 0
#
# If TrafficControl is enabled, this sets the maximum download
# speed to the GatewayInterface, in kilobits per second.
# For example if you have an ADSL connection with 768 kbit
# download speed, and you want to allow about half of that
# bandwidth for the GatewayInterface, set this to 384.
# A value of 0 means no download limiting is done.
#
# DownloadLimit 384
# Parameter: UploadLimit
# Default: 0
#
# If TrafficControl is enabled, this sets the maximum upload
# speed from the GatewayInterface, in kilobits per second.
# For example if you have an ADSL connection with 128 kbit
# upload speed, and you want to allow about half of that
# bandwidth for the GatewayInterface, set this to 64.
# A value of 0 means no upload limiting is done.
#
# UploadLimit 64
# Parameter: GatewayIPRange
# Default: 0.0.0.0/0
#
# By setting this parameter, you can specify a range of IP addresses
# on the GatewayInterface that will be responded to and managed by
# Nodogsplash. Addresses outside this range do not have their packets
# touched by Nodogsplash at all.
# Defaults to 0.0.0.0/0, that is, all addresses.
#
# GatewayIPRange 0.0.0.0/0
# Parameter: ImagesDir
# Default: images
#
# Set the directory from which images are served.
# Use $imagesdir in HTML files to reference this directory.
#
# ImagesDir images
# Parameter: BinVoucher
# Default: None
#
# Enable Voucher Support.
# If set, an alphanumeric voucher HTTP parameter is accepted
# and passed to a command line call along with the clients MAC:
#
# $<BinVoucher> auth_voucher <mac> <voucher>
#
# BinVoucher must point to a program that will be called as described above.
# The call is expected to output the number of seconds the client
# is to be authenticated. Zero or negative seconds will cause the
# authentification request to be rejected.
# The output may contain a user specific download and upload limit in KBit/s:
# <seconds> <upload> <download>
#
# BinVoucher "/bin/myauth"
# Parameter: ForceVoucher
# Default: no
#
# Force the use of a voucher. Authentification is not possible without voucher.
#
# ForceVoucher no
# Parameter: EnablePreAuth
# Default: no
#
# Enable pre-authentication support.
# Pass the MAC of a client to a command line call before the splash page
# would be send:
#
# $<BinVoucher> auth_status <mac>
#
# The call is expected to output the number of seconds the client
# is to be authenticated. Zero or negative seconds will cause the
# splash page to be displayed.
# The output may contain a user specific download and upload limit in KBit/s:
# <seconds> <download> <upload>
#
# EnablePreAuth no
# Parameter: FW_MARK_BLOCKED
# Default: 0x100
#
# Parameter: FW_MARK_TRUSTED
# Default: 0x200
#
# Parameter: FW_MARK_AUTHENTICATED
# Default: 0x400
#
# Nodogsplash uses specific values to mark packet using iptables.
# In rare cases these might conflict with other programs and need
# to be changed.

12
roles/nodogsplash/templates/nodogsplash.service.j2 Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=NoDogSplash Captive Portal
After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/nodogsplash -d 5 $OPTIONS
ExecStop=/usr/bin/ndsctl stop
Restart=on-failure
[Install]
WantedBy=multi-user.target

95
roles/nodogsplash/templates/splash.html.j2 Normal file
View file

@ -0,0 +1,95 @@
<!DOCTYPE html>
<html>
<head>
<!--
A client is authenticated by requesting the page $authtarget.
So, href to it here, with an img or link text the user can click on.
Alternatively submit an HTTP form method=get, passing $authaction, $tok and $redir
Also, note that any images you reference must reside in the
subdirectory that is the value of $imagesdir (default: "images").
Available variables:
error_msg: $error_msg
gatewayname: $gatewayname
tok: $tok
redir: $redir
authaction: $authaction
denyaction: $denyaction
authtarget: $authtarget
clientip: $clientip
clientmac: $clientmac
gatewaymac: $gatewaymac
nclients: $nclients
maxclients: $maxclients
uptime: $uptime
imagesdir: $imagesdir
pagesdir: $pagesdir
Additional Variables that can also be passed back via HTTP get.
Or just append them to the authentication link:
nodoguser
nodogpass
info
voucher
-->
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel='shortcut icon' href='$imagesdir/splash.jpg' type='image/x-icon' />
<title>$gatewayname Entry</title>
<style>
body
{
background-color:lightgrey;
color:black;
max-width: 500px;
margin: auto;
text-align: left;
}
img
{
width: 40%;
max-width: 180px;
margin-left: 0%;
margin-right: 5%;
}
input[type=submit]
{
color:black;
margin-left: 0%;
margin-right: 5%;
text-align:left;
font-size: 1.0em;
line-height: 2.5em;
font-weight: bold;
border: 1px solid;
}
</style>
</head>
<body>
<br>
<h3>Redirecting to Internet in a Box ...</h3>
<h3>If not redirected automatically, <BR>Please click Continue Button.</h3>
<br>
<br>
<form method='get' action='$authaction' name='redirectForm'>
<input type='hidden' name='tok' value='$tok'>
<input type='hidden' name='redir' value='http://{{ iiab_hostname }}.{{ iiab_domain }}{{ iiab_home_url }}'>
<input type='submit' value='Continue to Internet in a Box'>
</form>
<script type="text/javascript">
setTimeout(function () {
document.forms["redirectForm"].submit();
}, 1000);
</script>
</body>
</html>

182
scripts/ansible
View file

@ -1,135 +1,81 @@
#!/bin/bash -e
# required to start loading IIAB with ansible
GOOD_VER="2.4.2"
FOUND=""
FAMILY=""
VER=""
# below are unused for future use
GOOD_VER=""
URL="NA"
# TODO add check for version - to revese patching if upgrading
if [ $(which ansible-playbook) ]; then
VER=`ansible --version|head -n 1|cut -f 2 -d " "`
GOOD_VER=`echo $VER | grep ^2.4`
# 2.2.0.0 -> 2.4.1+ patching was not applied -just upgrade via pip
if [ $GOOD_VER = "" ]; then
echo "Ansible $VER installed updating to 2.4.1"
pip install --upgrade ansible==2.4.1 --disable-pip-version-check
exit 0
fi
# keep an eye out for 2.4.1.X in the future
if [ $VER = "2.4.1.0" ]; then
echo "Ansible $VER installed exiting..."
exit 0
fi
fi
# TODO add check for version - to revese patching if upgrading
#if [ $(which ansible-playbook) ]; then
# VER=`ansible --version|head -n 1|cut -f 2 -d " "`
echo "Installing --- Please Wait"
if [ -f /etc/fedora-release ]; then
VER=`grep VERSION_ID /etc/*elease | cut -d= -f2`
URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$VER.yml
dnf -y upgrade
dnf -y install ansible git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
dnf -y install python-pip python-setuptools python-wheel patch
FOUND="yes"
FAMILY="redhat"
fi
# might have to revisit dependencies with a redhat dialect
# ansible python-kerberos python-selinux python-winrm python-xmltodict sshpass bzip2 file findutils gzip tar unzip zip python-keyczar python-boto python-dnspython python-pyrax python-sphere
if [ -f /etc/centos-release ]; then
yum -y upgrade
yum -y install ca-certificates nss epel-release
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch
yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.4.1.0-1.el7.ans.noarch.rpm
FOUND="yes"
FAMILY="redhat"
fi
if [ -f /etc/olpc-release ]; then
yum -y upgrade
yum -y install ca-certificates nss
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch
pip install --upgrade pip setuptools wheel #EOL just do it
FOUND="yes"
FAMILY="olpc"
fi
if [ -f /etc/debian_version ]; then
echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" >> /etc/apt/sources.list
apt-get -y install dirmngr
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
apt-get -y update
apt-get -y install ansible git python-pip python-setuptools python-wheel patch
# apt-get install ansible python-kerberos python-selinux python-winrm python-xmltodict sshpass bzip2 file findutils gzip tar unzip zip python-keyczar python-boto python-dnspython python-pyrax python-sphere
FOUND="yes"
FAMILY="debian"
fi
# Has 2.2.1
if [ `grep -qi raspbian /etc/*elease` ]; then
echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" >> /etc/apt/sources.list
apt-get -y install dirmngr
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
apt-get -y update
apt-get -y install ansible git python-pip python-setuptools python-wheel patch
# apt-get install ansible python-kerberos python-selinux python-winrm python-xmltodict sshpass bzip2 file findutils gzip tar unzip zip python-keyczar python-boto python-dnspython python-pyrax python-sphere
FOUND="yes"
FAMILY="debian"
fi
if [ ! $FOUND = "yes" ]; then
if [ `grep -qi ubuntu /etc/lsb-release` ] || [ `grep -qi ubuntu /etc/os-release` ]; then
export DEBIAN_FRONTEND=noninteractive
if ! [ $(which ansible-playbook) ]; then
echo "Installing --- Please Wait"
if [ -f /etc/centos-release ]; then
yum -y install ca-certificates nss epel-release
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch
yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.4.2.0-1.el7.ans.noarch.rpm
FOUND="yes"
FAMILY="redhat"
# elif [ -f /etc/fedora-release ]; then
# VER=`grep VERSION_ID /etc/*elease | cut -d= -f2`
# URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$VER.yml
# dnf -y install ansible git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
# dnf -y install python-pip python-setuptools python-wheel patch
# FOUND="yes"
# FAMILY="redhat"
elif [ -f /etc/olpc-release ]; then
yum -y install ca-certificates nss
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch
pip install --upgrade pip setuptools wheel #EOL just do it
pip install ansible==$GOOD_VER --disable-pip-version-check
FOUND="yes"
FAMILY="olpc"
elif [ -f /etc/debian_version ] || [ `grep -qi raspbian /etc/*elease` ]; then
if [ ! `grep -qi ansible /etc/apt/sources.list` ] && [ ! -f /etc/apt/sources.list.d/ansible ]; then
apt-get -y install dirmngr python-pip python-setuptools python-wheel patch
echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" \
>> /etc/apt/sources.list.d/ansible.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
fi
FOUND="yes"
FAMILY="debian"
elif [ `grep -qi ubuntu /etc/lsb-release` ] || [ `grep -qi ubuntu /etc/os-release` ]; then
apt-get -y install python-pip python-setuptools python-wheel patch
apt-add-repository -y ppa:ansible/ansible
apt-get -y update
apt-get -y install ansible git python-pip python-setuptools python-wheel patch
# apt-get install ansible python-kerberos python-selinux python-winrm python-xmltodict sshpass bzip2 file findutils gzip tar unzip zip python-keyczar python-boto python-dnspython python-pyrax python-sphere
FOUND="yes"
FAMILY="debian"
fi
fi
if [ ! $FOUND = "yes" ]; then
echo 'WARN: Could not detect distro or distro unsupported'
exit 1
fi
# latest pip 2.2 is 2.2.3.0 on 2017-07-07
# ansible-2.3.1.0-1.el7.noarch.rpm from 2017-06-01
### start ansible pip install TODO add venv location /opt/iiab/anisble
if [ $FAMILY = "olpc" ]; then
pip install ansible==2.4.1 --disable-pip-version-check
if [ ! $FOUND = "yes" ]; then
echo 'WARN: Could not detect distro or distro unsupported'
exit 1
fi
else
VER=`ansible --version|head -n 1|cut -f 2 -d " "`
echo "ansible version installed via pip $VER"
fi
# handle 2.2.1 -> 2.4.1+ deb install undo patching
# unsure if install above will upgrade or skip - cover that now
if [ $FAMILY = "debian" ]; then
if [ ! $VER == "" ]; then
sed -i 's/LooseVersion/StrictVersion/g' /usr/lib/python2.7/dist-packages/ansible/modules/core/web_infrastructure/htpasswd.py
apt-get -y upgrade ansible
echo "Current ansible version installed is $VER"
if [ -f /etc/centos-release ] || [ -f /etc/fedora-release ]; then
echo "Please use your system's package manager to update ansible"
exit 0
fi
if [ -f /etc/olpc-release ]; then
echo "Please use pip package manager to update ansible"
exit 0
fi
if [[ `grep -qi ansible /etc/apt/sources.list` ]] || [ -f /etc/apt/sources.list.d/ansible*.list ]; then
echo "repos found"
else
echo "Upstream ansible source repo not found, please uninstall ansible and re-run this script"
exit 1
fi
fi
VER=`ansible --version|head -n 1|cut -f 2 -d " "`
echo "Current ansible version installed is $VER"
# sample only
#if [ $FAMILY = "debian" ]; then
# rpm -e ansible
# pip install ansible==2.2.1 --disable-pip-version-check
#fi
if [ ! -f /etc/centos-release ] && [ ! -f /etc/fedora-release ] && \
[ ! -f /etc/olpc-release ]; then
echo "Using OS package manager to check for ansible updates"
apt-get -y update
apt-get -y install ansible
fi
#if [ $FAMILY = "debian" ]; then
# echo 'WARN: Trying to install ansible via pip without some dependencies'
# echo 'WARN: Not all functionality of ansible may be available'
# pip install ansible==2.3.1 --disable-pip-version-check
#fi
# needed?
mkdir -p /etc/ansible/
echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts
### end ansible routine
###
# other pip upgrades here if needed
###

11
scripts/local_facts.fact
View file

@ -6,6 +6,7 @@ VERSION_ID=${VERSION_ID//\"/}
VERSION_ID=${VERSION_ID%%.*}
OS_VER=$OS-$VERSION_ID
DHCPCD_PATH=`which dhcpcd`
NM_PATH=`which NetworkManager`
case $OS_VER in
"fedora-18" | \
@ -59,10 +60,20 @@ if [ ! x$DHCPCD_PATH = x ]
then
DHCPCD=`systemctl is-enabled dhcpcd`
fi
# the check is debian family only is_redhad would use NetworkManager as the
# service name.
if [ ! x$NM_PATH = x ]
then
NM=`systemctl is-enabled network-manager`
fi
SYSD_NETD=`systemctl is-enabled systemd-networkd`
cat <<EOF
{"phplib_dir" : "$PHPLIB_DIR",
"stage" : "$STAGE",
"dhcpcd" : "$DHCPCD",
"network_manager" : "$NM",
"systemd_networkd" : "$SYSD_NETD",
"iiab_branch" : "$BRANCH",
"iiab_commit" : "$COMMIT",
"xo_model" : "$XO_VERSION",

1
vars/ubuntu-17.yml
View file

@ -1,6 +1,5 @@
is_debuntu: True
is_ubuntu: True
has_NM: True
dns_service: bind9
dns_user: bind
dhcp_service: isc-dhcp-server

1
vars/ubuntu-18.yml
View file

@ -1,6 +1,5 @@
is_debuntu: True
is_ubuntu: True
has_NM: True
dns_service: bind9
dns_user: bind
dhcp_service: isc-dhcp-server