diff --git a/iiab-network b/iiab-network index eb9f1b239..82e4ca6db 100755 --- a/iiab-network +++ b/iiab-network @@ -4,25 +4,34 @@ CWD=`pwd` export ANSIBLE_LOG_PATH="$CWD/iiab-network.log" -if [ ! -f iiab-network.yml ] -then - echo "IIAB Playbook not found." - echo "Please run this command from the top level of the git repo." - echo "Exiting." - exit +if [ ! -f iiab-network.yml ]; then + echo "IIAB Playbook not found." + echo "Please run this command from the top level of the git repo." + echo "Exiting." + exit 1 fi -if [ ! -f /etc/iiab/config_vars.yml ] -then - touch /etc/iiab/config_vars.yml +if [ ! -f /etc/iiab/config_vars.yml ]; then + mkdir -p /etc/iiab + echo "{}" > /etc/iiab/config_vars.yml +fi + +if [ -f /etc/iiab/iiab.env ]; then + source /etc/iiab/iiab.env +else + OS="unknown" fi Start=`date` ansible-playbook -i ansible_hosts iiab-network.yml --connection=local End=`date` echo "" >> iiab-network.log -if [ ! "OS" == "debian" ]; then +# redhat path +if [ ! "OS" == "debian" ] && [ ! "OS" == "unknown" ]; then ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log +fi +# ubuntu destop might be using NM - split out. +if [ $(which nmcli) ]; then nmcli d >> iiab-network.log nmcli c >> iiab-network.log fi diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index b7c2ba9cf..556ead031 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -11,6 +11,24 @@ when: is_rpi or (is_debian and calibre_debs_on_debian) #when: is_rpi or is_debian # (is_debian also covers & includes is_rpi) +- name: Create calibre-serve.service and calibre.conf + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + backup: no + register: calibre_config + with_items: + - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'} + - { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'} + +- name: Forcing systemd to reread configs + systemd: + daemon_reload: yes + when: calibre_config.changed + # 2. STOP CALIBRE SERVICE IF IT EXISTS (REQUIRED FOR DB ACTIVITY...AND IF not calibre_enabled) #- name: Check if Calibre systemd service exists @@ -25,7 +43,7 @@ state: stopped #enabled: no # register: command_result # gist.github.com/tyrells/0a79681de339237cb04c - failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!) +# failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!) # when: calibre_svc.stat.exists # 3. CREATE DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x) @@ -39,20 +57,7 @@ include_tasks: create-db.yml when: not calibre_db.stat.exists -# 4. WRAP UP: CALIBRE SERVICE, http://box/books ETC - -- name: Create calibre-serve.service and calibre.conf - template: - backup: no - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - with_items: - - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'} - - { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'} - when: calibre_enabled +# 4. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC # http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/books ARE A MESS (BOOKS RARELY DISPLAY) - name: Create calibre.conf link for UNTESTED http://box/books etc (debuntu) @@ -77,6 +82,11 @@ #async: 900 #poll: 5 +- name: Forcing apache to reread configs + service: + name: "{{ apache_service }}" + state: reloaded + - name: Add 'calibre' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" diff --git a/roles/iiab-admin/tasks/access.yml b/roles/iiab-admin/tasks/access.yml index dbbff4bbc..6762e5b43 100644 --- a/roles/iiab-admin/tasks/access.yml +++ b/roles/iiab-admin/tasks/access.yml @@ -1,8 +1,9 @@ - name: Install textmode remote access packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - - screen - - lynx + - screen + - lynx tags: - download diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index f9c06ca26..8dc95d8ef 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -1,57 +1,69 @@ - name: Create iiab-admin user and password - user: name={{ iiab_admin_user }} - password={{ iiab_admin_passw_hash }} - update_password=on_create + user: + name: "{{ iiab_admin_user }}" + password: "{{ iiab_admin_passw_hash }}" + update_password: on_create + shell: /bin/bash - name: Create a wheel group - group: name=wheel - state=present + group: + name: wheel + state: present -- name: Create a sudo group - group: name=sudo - state=present +- name: Create a sudo group (redhat) + group: + name: sudo + state: present when: is_redhat - name: Add user to wheel group - user: name={{ iiab_admin_user }} groups=wheel,sudo + user: + name: "{{ iiab_admin_user }}" + groups: wheel,sudo - name: Create root .ssh - file: path=/root/.ssh - mode=0700 - owner=root - group=root - state=directory + file: + path: /root/.ssh + owner: root + group: root + mode: 0700 + state: directory - name: Install dummy root keys as placeholder - copy: src=dummy_authorized_keys - dest=/root/.ssh/authorized_keys - force=no - owner=root - group=root - mode=0600 + copy: + src: dummy_authorized_keys + dest: /root/.ssh/authorized_keys + owner: root + group: root + mode: 0600 + force: no # backup=yes - name: Edit the sudoers file -- first make it editable - file: path=/etc/sudoers - mode=0640 + file: + path: /etc/sudoers + mode: 0640 - name: Have sudo log all commands it handles - lineinfile: regexp=logfile - line='Defaults logfile = /var/log/sudo.log' - state=present - dest=/etc/sudoers + lineinfile: + regexp: logfile + line: "Defaults logfile = /var/log/sudo.log" + dest: /etc/sudoers + state: present - name: Lets wheel sudo without password lineinfile: - line: "%wheel ALL= NOPASSWD: ALL" - dest: /etc/sudoers + line: "%wheel ALL= NOPASSWD: ALL" + dest: /etc/sudoers - name: Remove the line which requires tty - lineinfile: regexp=requiretty - state=absent - dest=/etc/sudoers + lineinfile: + regexp: requiretty + dest: /etc/sudoers + state: absent - name: End editing the sudoers file -- protect it again - file: path=/etc/sudoers - mode=0440 + file: + path: /etc/sudoers + mode: 0440 diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 5f609238b..b13a3d6cb 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -7,11 +7,12 @@ tags: - base -- name: Add iiab-admin parameters to ini file - ini_file: dest='{{ service_filelist }}' - section=iiab-admin - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: iiab-admin + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: iiab-admin @@ -21,19 +22,23 @@ value: "{{ iiab_admin_user }}" - name: Set up to issue warning if iiab-admin password is still default - template: src=profile_ssh_warn.sh - dest=/etc/profile.d/ + template: + src: profile_ssh_warn.sh + dest: /etc/profile.d/ - name: Is this LXDE? - stat: path=/home/pi/.config/lxsession + stat: + path: /home/pi/.config/lxsession register: lx - name: Do the same if running on Raspbian - template: src=lxde_ssh_warn.sh - dest=/home/pi/.config/lxsession/LXDE-pi/ + template: + src: lxde_ssh_warn.sh + dest: /home/pi/.config/lxsession/LXDE-pi/ when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu -- name: Put an autostart line to check for default password in LXDE - lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh - dest=/home/pi/.config/lxsession/LXDE-pi/autostart +- name: Put an autostart line to check for default password in LXDE (raspbian) + lineinfile: + line: "@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh" + dest: /home/pi/.config/lxsession/LXDE-pi/autostart when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 59d7d238d..8c2c66c58 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -4,7 +4,6 @@ wireless_lan_present: False strict_networking: False iiab_demo_mode: False gui_static_wan: False -has_NM: False # Set defaults for discovery process as strings wifi1: "not found-1" @@ -29,6 +28,8 @@ has_wifi_gw: "none" #Debian dhcpcd_result: "" wan_in_interfaces: False +network_manager_active: False +systemd_networkd_active: False # The values here are default local variables. gui_wan_iface: "unset" diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml new file mode 100644 index 000000000..726796339 --- /dev/null +++ b/roles/network/tasks/NM-debian.yml @@ -0,0 +1,39 @@ +# NM-debian.yml +- name: Stopping services + include_tasks: down-debian.yml + +# provide keyfile layout like the XO's used way back. +- name: Create uuid for NM's keyfile store + shell: uuidgen + register: uuid_response + +- name: Put the uuid in place + set_fact: + gen_uuid: "{{ uuid_response.stdout_lines[0] }}" + +# NM might have a watcher on this path and we don't have to restart NM +- name: Copy the bridge script for NetworkManager + template: + dest: /etc/NetworkManager/system-connections/ + src: network/bridge-br0 + +- name: Reload systemd + shell: systemctl daemon-reload + +- name: Restart the NetworkManager service + service: + name: network-manager + state: restarted + when: not nobridge is defined and not no_net_restart + +- name: Restart hostapd when WiFi is present + service: + name: hostapd + state: restarted + when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" + +- name: dhcp_server may be affected - starting - user choice + service: + name: "{{ dhcp_service2 }}" + state: started + when: iiab_network_mode != "Appliance" diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 8eb25081d..69ae60cbd 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -9,7 +9,7 @@ # 4. In lan_controller: wan is off, eth0 and wlan0 under br0 # 5. In gateway: eth0 is wan, and wlan0 is under br0 (only one adapter under br0) # 6. As a slight concess to auto config, if eth1 exists, make it wan, and force gateway - + #- name: In upgrade from earlier IIAB 6.2, delete the resolvconf # package: name=resolvconf # state=absent @@ -37,7 +37,7 @@ - name: Copy the bridge script template: dest=/etc/network/interfaces.d/iiab src=network/systemd.j2 - when: not is_rpi and not has_NM and (iiab_lan_iface == "br0" or wan_ip != "dhcp") + when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp") - name: Copy the bridge script for RPi template: dest=/etc/network/interfaces.d/iiab @@ -57,34 +57,6 @@ service: name=dnsmasq state=stopped when: dnsmasq_install -# do this -#- name: Copy NetworkManager.conf for has_NM -# template: dest=/etc/NetworkManager/NetworkManager.conf -# src=network/NetworkManager.conf -# when: has_NM and iiab_lan_iface == "br0" - -#- name: Copy the bridge script for has_NM -# template: dest=/etc/network/interfaces -# src=network/systemd.j2 -# when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0" - -# or provide keyfile layout like the XO's used way back. -- name: Create uuid for NM - shell: uuidgen - register: uuid_response - when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0" - -- name: Put the uuid in place - set_fact: - gen_uuid: "{{ uuid_response.stdout_lines[0] }}" - when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0" - -# NM might have a watcher on this path and we don't have to restart NM -- name: Copy the bridge script for has_NM - template: dest=/etc/NetworkManager/system-connections/ - src=network/bridge-br0 - when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0" - - name: Reload systemd shell: systemctl daemon-reload @@ -95,8 +67,8 @@ - name: Restart the networking service service: name=networking state=restarted - when: not nobridge is defined and not has_NM and not no_net_restart - + when: not nobridge is defined and not no_net_restart + - name: Restart hostapd when WiFi is present service: name=hostapd state=restarted when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index a918c6e02..d8d6c0e95 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -21,7 +21,17 @@ - name: Setting dhcpcd_test results set_fact: - dhcpcd_result: '{{ ansible_local.local_facts.dhcpcd }}' + dhcpcd_result: "{{ ansible_local.local_facts.dhcpcd }}" + +- name: Setting systemd_networkd results + set_fact: + systemd_networkd_active: True + when: 'ansible_local.local_facts.systemd_networkd == "enabled"' + +- name: Setting network_manager results + set_fact: + network_manager_active: True + when: 'ansible_local.local_facts.network_manager == "enabled"' - name: Check /etc/network/interfaces for gateway shell: grep {{ device_gw }} /etc/network/interfaces | wc -l @@ -185,6 +195,10 @@ value: '{{ device_gw2 }}' - option: 'dhcpcd_result' value: '{{ dhcpcd_result }}' + - option: 'network_manager_active' + value: '{{ network_manager_active }}' + - option: 'systemd_networkd_active' + value: '{{ systemd_networkd_active }}' - option: 'wan_in_interfaces' value: '{{ wan_in_interfaces }}' - option: 'wireless_list_1(wifi1)' diff --git a/roles/network/tasks/down-debian.yml b/roles/network/tasks/down-debian.yml new file mode 100644 index 000000000..393d7fd4e --- /dev/null +++ b/roles/network/tasks/down-debian.yml @@ -0,0 +1,25 @@ +# down-debian.yml + +#- name: Supply resolvconf.conf +# template: +# dest: /etc/resolvconf.conf +# src: network/resolvconf.j2 + +- name: bind may be affected + service: + name: "{{ dns_service }}" + state: stopped + when: named_install and dnsmasq_enabled + +# dhcpd_server release the interface +- name: dhcpd_server may be affected - stopping dhcpd + service: + name: dhcpd + state: stopped + when: dhcpd_install + +- name: dhcpd_server may be affected - stopping dnsmasq + service: + name: dnsmasq + state: stopped + when: dnsmasq_install diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 55b2a2eba..95981e1eb 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -84,23 +84,41 @@ #### end services #### Start network layout - -- include_tasks: ifcfg_mods.yml +- name: Redhat networking + include_tasks: ifcfg_mods.yml tags: - - network + - network when: is_redhat and not installing -- include_tasks: debian.yml +- name: NetworkManager in use + include_tasks: NM-debian.yml tags: - - network - when: is_debuntu -#and not is_rpi and not installing + - network + when: is_debuntu and network_manager_active +#and not installing -#- include_tasks: rpi_debian.yml -# tags: -# - network -# when: is_debuntu and is_rpi and not installing +- name: systemd-networkd in use + include_tasks: sysd-netd-debian.yml + tags: + - network + when: is_debuntu and systemd_networkd_active +#and not installing +- name: RPi's have dhcpcd in use + include_tasks: rpi_debian.yml + tags: + - network + when: is_debuntu and is_rpi +#and not installing + +- name: Not RPi, Not NetworkManager, Not systemd-networkd in use + include_tasks: debian.yml + tags: + - network + when: not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu +#and not installing + +# this is moving - name: Record iiab_wan_device lineinfile: dest=/etc/iiab/iiab.env regexp='^IIAB_WAN_DEVICE=*' @@ -108,7 +126,7 @@ state=present when: not installing tags: - - network + - network - name: Record iiab_lan_device lineinfile: dest=/etc/iiab/iiab.env @@ -117,15 +135,15 @@ state=present when: not installing tags: - - network + - network #### end network layout - include_tasks: restart.yml when: not installing tags: - - network - - named - - dhcpd - - dnsmasq - - squid - - AP + - network + - named + - dhcpd + - dnsmasq + - squid + - AP diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 49fff4e68..a8c22c727 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -4,7 +4,7 @@ - name: Start named service service: name={{ dns_service }} - state=started + state=restarted when: named_enabled and named_install - name: Stop Squid service diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 525fe4f19..d44ce6ea5 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -5,78 +5,53 @@ # a. gui_desired_network_role # b. hostapd_enabled # c. gui_static_wan_ip -# 3. In appliance mode: wan (and wlan0) is either static or dhcp under br0, and hostapd off +# 3. In appliance mode: wan is either wired dhcp/static or wlan0 and hostapd off # 4. In lan_controller: wan is off, eth0 and wlan0 under br0 -# 5. In gateway: eth0 is wan, and wlan0 is under br0 (only one adapter under br0) -# 6. As a slight concess to auto config, if eth1 exists, make it wan, and force gateway +# 5. In gateway: user gateway is wan, and wlan0 under br0 if not acting as +# the gateway -- name: Raspbian stock has openresolv which is not available in Debian, off it - package: name=openresolv - state=absent +- name: Supply resolvconf.conf + template: + dest: /etc/resolvconf.conf + src: network/resolvconf.j2 -- name: Get the stock resolv.conf manager - package: name=resolvconf - state=absent +- name: Supply dhcpcd.conf + template: + dest: /etc/dhcpcd.conf + src: network/dhcpcd.conf.j2 -- name: On upgrade from earlier IIAB versions, remove /etc/network/interfaces.d/br0 - file: path=/etc/network/interfaces.d/br0 - state=absent - when: iiab_lan_iface != "br0" and wan_ip == "dhcp" +- name: Copy the bridge script for RPi + template: + dest: /etc/network/interfaces.d/iiab + src: network/rpi.j2 + when: iiab_lan_iface == "br0" -- name: Default to 'LanController' - set_fact: - gui_desired_network_role: "LanController" - when: not gui_desired_network_role is defined +- name: Stopping services + include_tasks: down-debian.yml -- name: Rewrite the /etc/network/interfaces file which we corrupted - template: dest=/etc/network/interfaces - src=network/interfaces.j2 - -- name: Supply our own dhcpcd.conf - template: dest=/etc/dhcpcd.conf - src=network/dhcpcd.conf.j2 - when: iiab_lan_iface == "br0" or wan_ip != "dhcp" - -- name: Copy the network config script - template: dest=/etc/network/interfaces.d/iiab - src=network/systemd.j2 - register: interface - when: iiab_lan_iface == "br0" or wan_ip != "dhcp" - -- name: If this was a change, things need to shift - service: name=hostapd state=stopped - when: interface.changed - -- name: dhcpcd may be affected - service: name=dhcpcd state=stopped - when: interface.changed - -- name: Tear down any bridge and start fresh - command: ip link set br0 down - ignore_errors: True - when: interface.changed - -- name: And remove the device - command: brctl delbr br0 - ignore_errors: True - when: interface.changed - -- name: Reset the eth0 interface - command: ifdown eth0 - ignore_errors: True - when: interface.changed - -- name: Start up dhcpcd again - service: name=dhcpcd state=started +- name: Reload systemd + shell: systemctl daemon-reload # now pick up denyinterfaces - name: Restart dhcpcd - service: name=dhcpcd state=restarted + service: + name: dhcpcd + state: restarted - name: Restart the networking service - service: name=networking state=restarted + service: + name: networking + enabled: yes + state: restarted + when: not nobridge is defined and not no_net_restart -#create lan br0 if lan_controller or gateway -#create wan br0 if appliance -#allocate wlan0 under br0 in all cases -#allocate eth0 under br0 if appliance, alone if gateway +- name: Restart hostapd when WiFi is present + service: + name: hostapd + enabled: yes + state: restarted + when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" + +#- name: dhcp_server may be affected - starting - user choice +# service: name={{ dhcp_service2 }} state=started +# when: iiab_network_mode != "Appliance" diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml new file mode 100644 index 000000000..6e94c9c1f --- /dev/null +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -0,0 +1,40 @@ +# sysd-netd-debian.yml +- name: Copy the bridge script - Creates br0 + template: + dest: /etc/systemd/network/IIAB-Bridge.netdev + src: network/systemd-br0.j2 + +- name: Copy the bridge script - Assigns IP address + template: + dest: /etc/systemd/network/IIAB-Bridge.network + src: network/systemd-br0-network.j2 + +- name: Copy the bridge script - Assigns br0 wired slaves + template: + dest: /etc/systemd/network/IIAB-Slave.network + src: network/systemd-br0-slave.j2 + when: iiab_wired_lan_iface is defined + +- name: Stopping services + include_tasks: down-debian.yml + +- name: Reload systemd + shell: systemctl daemon-reload + +- name: Restart the systemd-networkd service + service: + name: systemd-networkd + enabled: yes + state: restarted + when: not nobridge is defined and not no_net_restart + +- name: Restart hostapd when WiFi is present + service: + name: hostapd + enabled: yes + state: restarted + when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" + +#- name: dhcp_server may be affected - starting - user choice +# service: name={{ dhcp_service2 }} state=started +# when: iiab_network_mode != "Appliance" diff --git a/roles/network/templates/network/systemd-br0-network.j2 b/roles/network/templates/network/systemd-br0-network.j2 new file mode 100644 index 000000000..c524a50a7 --- /dev/null +++ b/roles/network/templates/network/systemd-br0-network.j2 @@ -0,0 +1,15 @@ +# /etc/systemd/network/IIAB-Bridge.network +[Match] +Name=br0 + +[Network] +Bridge=br0 +LinkLocalAddressing=no +DNS={{ lan_ip }} +Domains={{ iiab_domain }} + +[Address] +Address={{ lan_ip }}/19 + +[Route] +Gateway="" diff --git a/roles/network/templates/network/systemd-br0-slave.j2 b/roles/network/templates/network/systemd-br0-slave.j2 new file mode 100644 index 000000000..8a31fef2e --- /dev/null +++ b/roles/network/templates/network/systemd-br0-slave.j2 @@ -0,0 +1,5 @@ +# /etc/systemd/network/IIAB-Slave.network +[Match] +Name={{ iiab_wired_lan_iface }} +[Network] +Bridge=br0 diff --git a/roles/network/templates/network/systemd-br0.j2 b/roles/network/templates/network/systemd-br0.j2 new file mode 100644 index 000000000..73afe7878 --- /dev/null +++ b/roles/network/templates/network/systemd-br0.j2 @@ -0,0 +1,4 @@ +# /etc/systemd/network/IIAB-Bridge.netdev +[NetDev] +Name=br0 +Kind=bridge diff --git a/roles/nodogsplash/defaults/main.yml b/roles/nodogsplash/defaults/main.yml new file mode 100644 index 000000000..6398ca9d6 --- /dev/null +++ b/roles/nodogsplash/defaults/main.yml @@ -0,0 +1,3 @@ +nodogsplash_install : False +nodogsplash_enabled : False +nodogsplash_arm_deb : nodogsplash_2.0.0-1_armhf.deb diff --git a/roles/nodogsplash/tasks/main.yml b/roles/nodogsplash/tasks/main.yml new file mode 100644 index 000000000..909fca4b1 --- /dev/null +++ b/roles/nodogsplash/tasks/main.yml @@ -0,0 +1,3 @@ +- name: Install nodogsplash (Raspbian only) + include_tasks: rpi.yml + when: is_rpi diff --git a/roles/nodogsplash/tasks/rpi.yml b/roles/nodogsplash/tasks/rpi.yml new file mode 100644 index 000000000..0354a708f --- /dev/null +++ b/roles/nodogsplash/tasks/rpi.yml @@ -0,0 +1,68 @@ +- name: nodogsplash dependencies + package: + name: libmicrohttpd12 + state: present + +- name: Get the nodogsplash software + get_url: + url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}" + dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}" + when: internet_available + async: 300 + poll: 5 + +- name: Install nodogsplash + apt: + deb="{{ downloads_dir }}/{{ nodogsplash_arm_deb }}" + +#- name: Create nodogsplash.service # deb file has one +# template: +# backup: no +# src: nodogsplash.service.j2 +# dest: "/etc/systemd/system/nodogsplash.service" +# owner: root +# group: root +# mode: 0644 + +- name: Install custom files + template: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + with_items: + - { src: 'nodogsplash.conf.j2', dest: '/etc/nodogsplash/nodogsplash.conf', mode: '0644'} + - { src: 'splash.html.j2', dest: '/etc/nodogsplash/htdocs/splash.html', mode: '0644'} + +# We should probably only start this service on next boot +- name: Enable nodogsplash service + service: + name: nodogsplash + enabled: yes + state: started + when: nodogsplash_enabled + +- name: Disable nodogsplash service + service: + name: nodogsplash + enabled: no + state: stopped + when: not nodogsplash_enabled + +- name: Add 'nodogsplash' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: nodogsplash + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: nodogsplash + - option: description + value: '"Nodogsplash is a lightweight Captive Portal."' + - option: source + value: "{{ nodogsplash_arm_deb }}" + - option: enabled + value: "{{ nodogsplash_enabled }}" diff --git a/roles/nodogsplash/templates/nodogsplash.conf.j2 b/roles/nodogsplash/templates/nodogsplash.conf.j2 new file mode 100644 index 000000000..b8be95ab4 --- /dev/null +++ b/roles/nodogsplash/templates/nodogsplash.conf.j2 @@ -0,0 +1,413 @@ +# +# Nodogsplash Configuration File +# + +# Parameter: GatewayInterface +# Default: NONE +# +# GatewayInterface is not autodetected, has no default, and must be set here. +# Set GatewayInterface to the interface on your router +# that is to be managed by Nodogsplash. +# Typically br0 for the wired and wireless lan on OpenWrt White Russian. +# May be br-lan on OpenWrt Kamikaze. +# +GatewayInterface br0 + +# FirewallRuleSet: authenticated-users +# +# Control access for users after authentication. +# These rules are inserted at the beginning of the +# FORWARD chain of the router's filter table, and +# apply to packets that have come in to the router +# over the GatewayInterface from MAC addresses that +# have authenticated with Nodogsplash, and that are +# destined to be routed through the router. The rules are +# considered in order, and the first rule that matches +# a packet applies to it. +# If there are any rules in this ruleset, an authenticated +# packet that does not match any rule is rejected. +# N.B.: This ruleset is completely independent of +# the preauthenticated-users ruleset. +# +FirewallRuleSet authenticated-users { + + # You may want to open access to a machine on a local + # subnet that is otherwise blocked (for example, to + # serve a redirect page; see RedirectURL). If so, + # allow that explicitly here, e.g: + # FirewallRule allow tcp port 80 to 192.168.254.254 + + # Your router may have several interfaces, and you + # probably want to keep them private from the GatewayInterface. + # If so, you should block the entire subnets on those interfaces, e.g.: + FirewallRule block to 192.168.0.0/16 + FirewallRule block to 10.0.0.0/8 + + # Typical ports you will probably want to open up include + # 53 udp and tcp for DNS, + # 80 for http, + # 443 for https, + # 22 for ssh: + FirewallRule allow tcp port 53 + FirewallRule allow udp port 53 + FirewallRule allow tcp port 80 + FirewallRule allow tcp port 443 + FirewallRule allow tcp port 22 + + # You might use ipset to easily allow/block range of ips, e.g.: + # FirewallRule allow ipset WHITELISTED_IPS + # FirewallRule allow tcp port 80 ipset WHITELISTED_IPS +} +# end FirewallRuleSet authenticated-users + + +# FirewallRuleSet: preauthenticated-users +# +# Control access for users before authentication. +# These rules are inserted in the PREROUTING chain +# of the router's nat table, and in the +# FORWARD chain of the router's filter table. +# These rules apply to packets that have come in to the +# router over the GatewayInterface from MAC addresses that +# are not on the BlockedMACList or TrustedMACList, +# are *not* authenticated with Nodogsplash. The rules are +# considered in order, and the first rule that matches +# a packet applies to it. A packet that does not match +# any rule here is rejected. +# N.B.: This ruleset is completely independent of +# the authenticated-users and users-to-router rulesets. +# +FirewallRuleSet preauthenticated-users { + # For preauthenticated users to resolve IP addresses in their initial + # request not using the router itself as a DNS server, + # you probably want to allow port 53 udp and tcp for DNS. + FirewallRule allow tcp port 53 + FirewallRule allow udp port 53 + # For splash page content not hosted on the router, you + # will want to allow port 80 tcp to the remote host here. + # Doing so circumvents the usual capture and redirect of + # any port 80 request to this remote host. + # Note that the remote host's numerical IP address must be known + # and used here. + # FirewallRule allow tcp port 80 to 123.321.123.321 +} +# end FirewallRuleSet preauthenticated-users + + +# FirewallRuleSet: users-to-router +# +# Control access to the router itself from the GatewayInterface. +# These rules are inserted at the beginning of the +# INPUT chain of the router's filter table, and +# apply to packets that have come in to the router +# over the GatewayInterface from MAC addresses that +# are not on the TrustedMACList, and are destined for +# the router itself. The rules are +# considered in order, and the first rule that matches +# a packet applies to it. +# If there are any rules in this ruleset, a +# packet that does not match any rule is rejected. +# +FirewallRuleSet users-to-router { + # Nodogsplash automatically allows tcp to GatewayPort, + # at GatewayAddress, to serve the splash page. + # However you may want to open up other ports, e.g. + # 53 for DNS and 67 for DHCP if the router itself is + # providing these services. + FirewallRule allow udp port 53 + FirewallRule allow tcp port 53 + FirewallRule allow udp port 67 + # You may want to allow ssh, http, and https to the router + # for administration from the GatewayInterface. If not, + # comment these out. + FirewallRule allow tcp port 22 + FirewallRule allow tcp port 80 + FirewallRule allow tcp port 443 + # FirewallRule allow tcp port 3000 +} +# end FirewallRuleSet users-to-router + +# EmptyRuleSetPolicy directives +# The FirewallRuleSets that NoDogSplash permits are: +# +# authenticated-users +# preauthenticated-users +# users-to-router +# trusted-users +# trusted-users-to-router +# +# For each of these, an EmptyRuleSetPolicy can be specified. +# An EmptyRuleSet policy applies to a FirewallRuleSet if the +# FirewallRuleSet is missing from this configuration file, +# or if it exists but contains no FirewallRules. +# +# The possible values of an EmptyRuleSetPolicy are: +# allow -- packets are accepted +# block -- packets are rejected +# passthrough -- packets are passed through to pre-existing firewall rules +# +# Default EmptyRuleSetPolicies are set as follows: +# EmptyRuleSetPolicy authenticated-users passthrough +# EmptyRuleSetPolicy preauthenticated-users block +EmptyRuleSetPolicy users-to-router allow +# EmptyRuleSetPolicy trusted-users allow +# EmptyRuleSetPolicy trusted-users-to-router allow + + +# Parameter: GatewayName +# Default: NoDogSplash +# +# Set GatewayName to the name of your gateway. This value +# will be available as variable $gatewayname in the splash page source +# and in status output from ndsctl, but otherwise doesn't matter. +# If none is supplied, the value "NoDogSplash" is used. +# +# GatewayName NoDogSplash + +# Parameter: GatewayAddress +# Default: Discovered from GatewayInterface +# +# This should be autodetected on an OpenWRT system, but if not: +# Set GatewayAddress to the IP address of the router on +# the GatewayInterface. This is the address that the Nodogsplash +# server listens on. +# +# GatewayAddress 192.168.1.1 + +# Parameter: RedirectURL +# Default: none +# +# After authentication, normally a user is redirected +# to their initially requested page. +# If RedirectURL is set, the user is redirected to this URL instead. +# +# RedirectURL http://www.ilesansfil.org/ + +# Parameter: GatewayPort +# Default: 2050 +# +# Nodogsplash's own http server uses GatewayAddress as its IP address. +# The port it listens to at that IP can be set here; default is 2050. +# +# GatewayPort 2050 + +# Parameter: MaxClients +# Default: 20 +# +# Set MaxClients to the maximum number of users allowed to +# connect at any time. (Does not include users on the TrustedMACList, +# who do not authenticate.) +# +# MaxClients 20 + +# ClientIdleTimeout +# Parameter: ClientIdleTimeout +# Default: 10 +# +# Set ClientIdleTimeout to the desired of number of minutes +# of inactivity before a user is automatically 'deauthenticated'. +# +# ClientIdleTimeout 10 + +# Parameter: ClientForceTimeout +# Default: 360 +# +# Set ClientForceTimeout to the desired number of minutes before +# a user is automatically 'deauthenticated', whether active or not +# +# ClientForceTimeout 360 + +# Parameter: AuthenticateImmediately +# Default: no +# +# Set to yes (or true or 1), to immediately authenticate users +# who make a http port 80 request on the GatewayInterface (that is, +# do not serve a splash page, just redirect to the user's request, +# or to RedirectURL if set). +# +# AuthenticateImmediately no + +# Parameter: MACMechanism +# Default: block +# +# Either block or allow. +# If 'block', MAC addresses on BlockedMACList are blocked from +# authenticating, and all others are allowed. +# If 'allow', MAC addresses on AllowedMACList are allowed to +# authenticate, and all other (non-trusted) MAC's are blocked. +# +# MACMechanism block + +# Parameter: BlockedMACList +# Default: none +# +# Comma-separated list of MAC addresses who will be completely blocked +# from the GatewayInterface. Ignored if MACMechanism is allow. +# N.B.: weak security, since MAC addresses are easy to spoof. +# +# BlockedMACList 00:00:DE:AD:BE:EF,00:00:C0:1D:F0:0D + +# Parameter: AllowedMACList +# Default: none +# +# Comma-separated list of MAC addresses who will not be completely +# blocked from the GatewayInterface. Ignored if MACMechanism is block. +# N.B.: weak security, since MAC addresses are easy to spoof. +# +# AllowedMACList 00:00:12:34:56:78 + +# Parameter: TrustedMACList +# Default: none +# +# Comma-separated list of MAC addresses who are not subject to +# authentication, and are not restricted by any FirewallRuleSet. +# N.B.: weak security, since MAC addresses are easy to spoof. +# +# TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0D + + +# Parameter: PasswordAuthentication +# Default: no +# Set to yes (or true or 1), to require a password matching +# the Password parameter to be supplied when authenticating. +# +# +# PasswordAuthentication no + +# Parameter: Password +# Default: none +# Whitespace delimited string that is compared to user-supplied +# password when authenticating. +# +# +# Password nodog + +# Parameter: UsernameAuthentication +# Default: no +# Set to yes (or true or 1), to require a username matching +# the Username parameter to be supplied when authenticating. +# +# +# UsernameAuthentication no + +# Parameter: Username +# Default: none +# Whitespace delimited string that is compared to user-supplied +# username when authenticating. +# +# +# Username guest + +# Parameter: PasswordAttempts +# Default: 5 +# Integer number of failed password/username entries before +# a user is forced to reauthenticate. +# +# +# PasswordAttempts 5 + +# Parameter: TrafficControl +# Default: no +# +# Set to yes (or true or 1), to enable traffic control in Nodogsplash. +# +# TrafficControl no + +# Parameter: DownloadLimit +# Default: 0 +# +# If TrafficControl is enabled, this sets the maximum download +# speed to the GatewayInterface, in kilobits per second. +# For example if you have an ADSL connection with 768 kbit +# download speed, and you want to allow about half of that +# bandwidth for the GatewayInterface, set this to 384. +# A value of 0 means no download limiting is done. +# +# DownloadLimit 384 + +# Parameter: UploadLimit +# Default: 0 +# +# If TrafficControl is enabled, this sets the maximum upload +# speed from the GatewayInterface, in kilobits per second. +# For example if you have an ADSL connection with 128 kbit +# upload speed, and you want to allow about half of that +# bandwidth for the GatewayInterface, set this to 64. +# A value of 0 means no upload limiting is done. +# +# UploadLimit 64 + +# Parameter: GatewayIPRange +# Default: 0.0.0.0/0 +# +# By setting this parameter, you can specify a range of IP addresses +# on the GatewayInterface that will be responded to and managed by +# Nodogsplash. Addresses outside this range do not have their packets +# touched by Nodogsplash at all. +# Defaults to 0.0.0.0/0, that is, all addresses. +# +# GatewayIPRange 0.0.0.0/0 + +# Parameter: ImagesDir +# Default: images +# +# Set the directory from which images are served. +# Use $imagesdir in HTML files to reference this directory. +# +# ImagesDir images + +# Parameter: BinVoucher +# Default: None +# +# Enable Voucher Support. +# If set, an alphanumeric voucher HTTP parameter is accepted +# and passed to a command line call along with the clients MAC: +# +# $ auth_voucher +# +# BinVoucher must point to a program that will be called as described above. +# The call is expected to output the number of seconds the client +# is to be authenticated. Zero or negative seconds will cause the +# authentification request to be rejected. +# The output may contain a user specific download and upload limit in KBit/s: +# +# +# BinVoucher "/bin/myauth" + +# Parameter: ForceVoucher +# Default: no +# +# Force the use of a voucher. Authentification is not possible without voucher. +# +# ForceVoucher no + +# Parameter: EnablePreAuth +# Default: no +# +# Enable pre-authentication support. +# Pass the MAC of a client to a command line call before the splash page +# would be send: +# +# $ auth_status +# +# The call is expected to output the number of seconds the client +# is to be authenticated. Zero or negative seconds will cause the +# splash page to be displayed. +# The output may contain a user specific download and upload limit in KBit/s: +# +# +# EnablePreAuth no + + +# Parameter: FW_MARK_BLOCKED +# Default: 0x100 +# +# Parameter: FW_MARK_TRUSTED +# Default: 0x200 +# +# Parameter: FW_MARK_AUTHENTICATED +# Default: 0x400 +# +# Nodogsplash uses specific values to mark packet using iptables. +# In rare cases these might conflict with other programs and need +# to be changed. diff --git a/roles/nodogsplash/templates/nodogsplash.service.j2 b/roles/nodogsplash/templates/nodogsplash.service.j2 new file mode 100644 index 000000000..0d5b46b08 --- /dev/null +++ b/roles/nodogsplash/templates/nodogsplash.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=NoDogSplash Captive Portal +After=network.target + +[Service] +Type=forking +ExecStart=/usr/bin/nodogsplash -d 5 $OPTIONS +ExecStop=/usr/bin/ndsctl stop +Restart=on-failure + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/nodogsplash/templates/splash.html.j2 b/roles/nodogsplash/templates/splash.html.j2 new file mode 100644 index 000000000..9be78aac2 --- /dev/null +++ b/roles/nodogsplash/templates/splash.html.j2 @@ -0,0 +1,95 @@ + + + + + + + + + + + +$gatewayname Entry + + + + + +
+

Redirecting to Internet in a Box ...

+

If not redirected automatically,
Please click Continue Button.

+
+
+ +
+ + + +
+ + + + diff --git a/scripts/ansible b/scripts/ansible index 5a6028cc6..44fd751b6 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -1,135 +1,81 @@ #!/bin/bash -e # required to start loading IIAB with ansible +GOOD_VER="2.4.2" FOUND="" +FAMILY="" VER="" # below are unused for future use -GOOD_VER="" URL="NA" -# TODO add check for version - to revese patching if upgrading -if [ $(which ansible-playbook) ]; then - VER=`ansible --version|head -n 1|cut -f 2 -d " "` - GOOD_VER=`echo $VER | grep ^2.4` -# 2.2.0.0 -> 2.4.1+ patching was not applied -just upgrade via pip - if [ $GOOD_VER = "" ]; then - echo "Ansible $VER installed updating to 2.4.1" - pip install --upgrade ansible==2.4.1 --disable-pip-version-check - exit 0 - fi -# keep an eye out for 2.4.1.X in the future - if [ $VER = "2.4.1.0" ]; then - echo "Ansible $VER installed exiting..." - exit 0 - fi -fi - -# TODO add check for version - to revese patching if upgrading -#if [ $(which ansible-playbook) ]; then -# VER=`ansible --version|head -n 1|cut -f 2 -d " "` - -echo "Installing --- Please Wait" -if [ -f /etc/fedora-release ]; then - VER=`grep VERSION_ID /etc/*elease | cut -d= -f2` - URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$VER.yml - dnf -y upgrade - dnf -y install ansible git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python - dnf -y install python-pip python-setuptools python-wheel patch - FOUND="yes" - FAMILY="redhat" -fi -# might have to revisit dependencies with a redhat dialect -# ansible python-kerberos python-selinux python-winrm python-xmltodict sshpass bzip2 file findutils gzip tar unzip zip python-keyczar python-boto python-dnspython python-pyrax python-sphere - -if [ -f /etc/centos-release ]; then - yum -y upgrade - yum -y install ca-certificates nss epel-release - yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python - yum -y install python-pip python-setuptools python-wheel patch - yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.4.1.0-1.el7.ans.noarch.rpm - FOUND="yes" - FAMILY="redhat" -fi -if [ -f /etc/olpc-release ]; then - yum -y upgrade - yum -y install ca-certificates nss - yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python - yum -y install python-pip python-setuptools python-wheel patch - pip install --upgrade pip setuptools wheel #EOL just do it - FOUND="yes" - FAMILY="olpc" -fi - -if [ -f /etc/debian_version ]; then - echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" >> /etc/apt/sources.list - apt-get -y install dirmngr - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367 - apt-get -y update - apt-get -y install ansible git python-pip python-setuptools python-wheel patch -# apt-get install ansible python-kerberos python-selinux python-winrm python-xmltodict sshpass bzip2 file findutils gzip tar unzip zip python-keyczar python-boto python-dnspython python-pyrax python-sphere - FOUND="yes" - FAMILY="debian" -fi -# Has 2.2.1 -if [ `grep -qi raspbian /etc/*elease` ]; then - echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" >> /etc/apt/sources.list - apt-get -y install dirmngr - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367 - apt-get -y update - apt-get -y install ansible git python-pip python-setuptools python-wheel patch -# apt-get install ansible python-kerberos python-selinux python-winrm python-xmltodict sshpass bzip2 file findutils gzip tar unzip zip python-keyczar python-boto python-dnspython python-pyrax python-sphere - FOUND="yes" - FAMILY="debian" -fi -if [ ! $FOUND = "yes" ]; then - if [ `grep -qi ubuntu /etc/lsb-release` ] || [ `grep -qi ubuntu /etc/os-release` ]; then +export DEBIAN_FRONTEND=noninteractive +if ! [ $(which ansible-playbook) ]; then + echo "Installing --- Please Wait" + if [ -f /etc/centos-release ]; then + yum -y install ca-certificates nss epel-release + yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python + yum -y install python-pip python-setuptools python-wheel patch + yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.4.2.0-1.el7.ans.noarch.rpm + FOUND="yes" + FAMILY="redhat" +# elif [ -f /etc/fedora-release ]; then +# VER=`grep VERSION_ID /etc/*elease | cut -d= -f2` +# URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$VER.yml +# dnf -y install ansible git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python +# dnf -y install python-pip python-setuptools python-wheel patch +# FOUND="yes" +# FAMILY="redhat" + elif [ -f /etc/olpc-release ]; then + yum -y install ca-certificates nss + yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python + yum -y install python-pip python-setuptools python-wheel patch + pip install --upgrade pip setuptools wheel #EOL just do it + pip install ansible==$GOOD_VER --disable-pip-version-check + FOUND="yes" + FAMILY="olpc" + elif [ -f /etc/debian_version ] || [ `grep -qi raspbian /etc/*elease` ]; then + if [ ! `grep -qi ansible /etc/apt/sources.list` ] && [ ! -f /etc/apt/sources.list.d/ansible ]; then + apt-get -y install dirmngr python-pip python-setuptools python-wheel patch + echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" \ + >> /etc/apt/sources.list.d/ansible.list + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367 + fi + FOUND="yes" + FAMILY="debian" + elif [ `grep -qi ubuntu /etc/lsb-release` ] || [ `grep -qi ubuntu /etc/os-release` ]; then + apt-get -y install python-pip python-setuptools python-wheel patch apt-add-repository -y ppa:ansible/ansible - apt-get -y update - apt-get -y install ansible git python-pip python-setuptools python-wheel patch -# apt-get install ansible python-kerberos python-selinux python-winrm python-xmltodict sshpass bzip2 file findutils gzip tar unzip zip python-keyczar python-boto python-dnspython python-pyrax python-sphere FOUND="yes" FAMILY="debian" fi -fi -if [ ! $FOUND = "yes" ]; then - echo 'WARN: Could not detect distro or distro unsupported' - exit 1 -fi - -# latest pip 2.2 is 2.2.3.0 on 2017-07-07 -# ansible-2.3.1.0-1.el7.noarch.rpm from 2017-06-01 - -### start ansible pip install TODO add venv location /opt/iiab/anisble -if [ $FAMILY = "olpc" ]; then - pip install ansible==2.4.1 --disable-pip-version-check + if [ ! $FOUND = "yes" ]; then + echo 'WARN: Could not detect distro or distro unsupported' + exit 1 + fi +else VER=`ansible --version|head -n 1|cut -f 2 -d " "` - echo "ansible version installed via pip $VER" -fi - -# handle 2.2.1 -> 2.4.1+ deb install undo patching -# unsure if install above will upgrade or skip - cover that now -if [ $FAMILY = "debian" ]; then - if [ ! $VER == "" ]; then - sed -i 's/LooseVersion/StrictVersion/g' /usr/lib/python2.7/dist-packages/ansible/modules/core/web_infrastructure/htpasswd.py - apt-get -y upgrade ansible + echo "Current ansible version installed is $VER" + if [ -f /etc/centos-release ] || [ -f /etc/fedora-release ]; then + echo "Please use your system's package manager to update ansible" + exit 0 + fi + if [ -f /etc/olpc-release ]; then + echo "Please use pip package manager to update ansible" + exit 0 + fi + if [[ `grep -qi ansible /etc/apt/sources.list` ]] || [ -f /etc/apt/sources.list.d/ansible*.list ]; then + echo "repos found" + else + echo "Upstream ansible source repo not found, please uninstall ansible and re-run this script" + exit 1 fi fi -VER=`ansible --version|head -n 1|cut -f 2 -d " "` -echo "Current ansible version installed is $VER" -# sample only -#if [ $FAMILY = "debian" ]; then -# rpm -e ansible -# pip install ansible==2.2.1 --disable-pip-version-check -#fi +if [ ! -f /etc/centos-release ] && [ ! -f /etc/fedora-release ] && \ + [ ! -f /etc/olpc-release ]; then + echo "Using OS package manager to check for ansible updates" + apt-get -y update + apt-get -y install ansible +fi -#if [ $FAMILY = "debian" ]; then -# echo 'WARN: Trying to install ansible via pip without some dependencies' -# echo 'WARN: Not all functionality of ansible may be available' -# pip install ansible==2.3.1 --disable-pip-version-check -#fi +# needed? mkdir -p /etc/ansible/ echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts - -### end ansible routine -### -# other pip upgrades here if needed -### diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 5ae59c5a8..129b7d351 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -6,6 +6,7 @@ VERSION_ID=${VERSION_ID//\"/} VERSION_ID=${VERSION_ID%%.*} OS_VER=$OS-$VERSION_ID DHCPCD_PATH=`which dhcpcd` +NM_PATH=`which NetworkManager` case $OS_VER in "fedora-18" | \ @@ -59,10 +60,20 @@ if [ ! x$DHCPCD_PATH = x ] then DHCPCD=`systemctl is-enabled dhcpcd` fi +# the check is debian family only is_redhad would use NetworkManager as the +# service name. +if [ ! x$NM_PATH = x ] +then + NM=`systemctl is-enabled network-manager` +fi +SYSD_NETD=`systemctl is-enabled systemd-networkd` + cat <