diff --git a/roles/0-init/README.rst b/roles/0-init/README.rst index acceaff33..a206b7d09 100644 --- a/roles/0-init/README.rst +++ b/roles/0-init/README.rst @@ -2,8 +2,10 @@ 0-init README ============= -For a higher-level view, please see `IIAB Installation `_ and http://FAQ.IIAB.IO +For a higher-level view of `Internet-in-a-Box (IIAB) `_, please see http://FAQ.IIAB.IO and `IIAB Installation `_. -This 0th stage literally sets the stage for Internet-in-a-Box (IIAB) installation, prior to Ansible running `Stages 1-to-9 <.>`_ and then the `network <../network>`_ stage. +This 0th `stage `_ literally sets the stage for IIAB installation, prior to Ansible running Stages 1-to-9, which are typically then followed by the `network <../network>`_ stage. -This serves to confirm low-level Ansible facts from the OS — e.g. for housekeeping tasks related to TZ (time zone), hostname, FQDN (fully-qualified domain name), unusual systemwide dependencies etc — and whether Internet is live so that IIAB installation can proceed. +But first: This 0th stage (0-init) serves to confirm low-level Ansible facts from the OS — e.g. for housekeeping tasks related to TZ (time zone), hostname, FQDN (fully-qualified domain name), unusual systemwide dependencies etc (and whether Internet is live) — so that IIAB installation can get underway. + +Recap: Similar to 1-prep, 2-common, 3-base-server, 4-server-options and 5-xo-services ⁠— this 0th stage installs core server infra (that is not user-facing). diff --git a/roles/1-prep/README.rst b/roles/1-prep/README.rst index b8fe2d884..d2b3bb8ee 100644 --- a/roles/1-prep/README.rst +++ b/roles/1-prep/README.rst @@ -2,15 +2,21 @@ 1-prep README ============= -This 1st stage (1-prep) is primarily hardware-focused, prior to OS -additions/mods, but also includes critical pieces sometimes needed for +This 1st `stage `_ (1-prep) is primarily hardware-focused, prior to OS +additions/mods — but also includes critical pieces sometimes needed for remote support: +- dnsmasq +- /etc/iiab/uuid +- Customizing /var/log/* for Ubermix on each boot, using /etc/tmpfiles.d - SSH - `iiab-admin `_ username and group to log into Admin Console - OpenVPN software if/as needed later for remote support +- `raspberry_pi.yml `_ including RTC, essential packages, and networking basics Traditionally 1-prep also included preliminaries like hostname and hardware-oriented things specific to a particular platform (such as One Laptop Per Child's XO laptop) i.e. critical setup prior to the bulk of IIAB's software install. + +Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and 5-xo-services ⁠— this 1st stage installs core server infra (that is not user-facing). diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml index 232674dca..41b129853 100644 --- a/roles/1-prep/tasks/raspberry_pi.yml +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -1,12 +1,12 @@ # Specific to Raspberry Pi -- name: Install udev rule /etc/udev/rules.d/92-rtc-i2c.rules from template, to transfer hwclock to system clock at dev creation, if rtc_id is defined and rtc_id != "none" +- name: Install udev rule /etc/udev/rules.d/92-rtc-i2c.rules from template, to transfer hwclock to system clock at dev creation, if rtc_id is defined and rtc_id != "none" (root:root, 0644 by default) template: src: 92-rtc-i2c.rules dest: /etc/udev/rules.d/92-rtc-i2c.rules - owner: root - group: root - mode: 0644 + #owner: root + #group: root + #mode: 0644 when: rtc_id is defined and rtc_id != "none" # RTC requires a change to the device tree (and reboot) @@ -50,7 +50,7 @@ - cloud-guest-utils # Contains 'growpart' for resizing a partition during boot, which is normally done with the aid of cloud-init - dphys-swapfile # 2021-07-27: RaspiOS installs this regardless -- autogenerate and use a swap file - fake-hwclock # 2021-07-27: RaspiOS installs this regardless -- save/restore system clock on machines without working RTC hardware - - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/clone-wifi.service.j2 + - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions state: present @@ -67,15 +67,15 @@ name: dphys-swapfile state: restarted -- name: Install RPi rootfs resizing (iiab-rpi-max-rootfs.sh) and its systemd service (iiab-rpi-root-resize.service), from templates +- name: Install RPi rootfs resizing (/usr/sbin/iiab-rpi-max-rootfs.sh) and its systemd service (/etc/systemd/system/iiab-rpi-root-resize.service), from templates (root:root by default) template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root + #owner: root + #group: root mode: "{{ item.mode }}" with_items: - - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/iiab-rpi-max-rootfs.sh', mode: '0755'} + - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/', mode: '0755'} - { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/iiab-rpi-root-resize.service', mode: '0644'} - name: Enable RPi rootfs resizing (systemd service iiab-rpi-root-resize.service) diff --git a/roles/2-common/README.rst b/roles/2-common/README.rst index 90bee5c7e..be1ccd5c9 100644 --- a/roles/2-common/README.rst +++ b/roles/2-common/README.rst @@ -2,7 +2,13 @@ 2-common README =============== -This 2nd stage is for OS-level roles/packages/tasks *common* to all platforms, -prerequisites to building up a functioning server. +This 2nd `stage `_ is for OS-level basics *common* to all platforms, i.e. core prerequisites to building up a functioning `Internet-in-a-Box (IIAB) `_ server. -As in the case of 3-base-server, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing. +These are (partially) put in place: + +- IIAB directory structure (`file layout `_) +- Common `apt `_ software packages +- Networking (including the `iptables `_ firewall) +- `/usr/libexec/iiab-startup.sh `_ similar to AUTOEXEC.BAT and /etc/rc.local, in order to run jobs on boot + +Recap: As with 0-init, 1-prep, 3-base-server, 4-server-options and 5-xo-services — this 2nd stage installs core server infra (that is not user-facing). diff --git a/roles/2-common/tasks/centos.yml b/roles/2-common/tasks/centos.yml.unused similarity index 100% rename from roles/2-common/tasks/centos.yml rename to roles/2-common/tasks/centos.yml.unused diff --git a/roles/2-common/tasks/fedora.yml b/roles/2-common/tasks/fedora.yml.unused similarity index 100% rename from roles/2-common/tasks/fedora.yml rename to roles/2-common/tasks/fedora.yml.unused diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index d05bccc11..21ae62a6a 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -1,59 +1,44 @@ # Common OS-Level Additions & Mods (that only need to be performed once) - name: ...IS BEGINNING ========================================== - command: echo + meta: noop - name: Create IIAB directory structure ("file layout") include_tasks: fl.yml -# UNMAINTAINED -- include_tasks: centos.yml - when: ansible_distribution == "CentOS" - -# UNMAINTAINED -- include_tasks: fedora.yml - when: ansible_distribution == "Fedora" - -# UNMAINTAINED -- include_tasks: prep.yml - when: not is_debuntu - -# UNMAINTAINED -- include_tasks: xo.yml - when: xo_model != "none" or osbuilder is defined - - include_tasks: packages.yml -- include_tasks: network.yml -# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible - sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot - name: "{{ item.name }}" - value: "{{ item.value }}" - with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } - #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled - #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET - #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE - -# UNMAINTAINED -- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH - template: - dest: /etc/profile.d/zzz_iiab.sh - src: zzz_iiab.sh - -# UNMAINTAINED -- include_tasks: net_mods.yml - when: not is_debuntu and not is_F18 +- name: 'Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml' + include_tasks: network.yml - include_tasks: iiab-startup.yml +# UNMAINTAINED +#- include_tasks: centos.yml +# when: ansible_distribution == "CentOS" + +# UNMAINTAINED +#- include_tasks: fedora.yml +# when: ansible_distribution == "Fedora" + +# UNMAINTAINED +#- include_tasks: prep.yml +# when: not is_debuntu + +# UNMAINTAINED +#- include_tasks: xo.yml +# when: xo_model != "none" or osbuilder is defined + +# UNMAINTAINED +#- include_tasks: net_mods.yml +# when: not is_debuntu and not is_F18 + +# UNMAINTAINED +#- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH +# template: +# dest: /etc/profile.d/zzz_iiab.sh +# src: zzz_iiab.sh + - name: Recording STAGE 2 HAS COMPLETED ========================== lineinfile: path: "{{ iiab_env_file }}" diff --git a/roles/2-common/tasks/net_mods.yml b/roles/2-common/tasks/net_mods.yml.unused similarity index 100% rename from roles/2-common/tasks/net_mods.yml rename to roles/2-common/tasks/net_mods.yml.unused diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index cc1615a58..9b3257e09 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -24,3 +24,20 @@ src: iptables dest: /etc/network/if-pre-up.d/iptables mode: '0755' + +# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: +- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET + #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index e78076907..3362c0ce5 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,19 +1,3 @@ -#- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" -# package: -# name: -# - avahi -# - avahi-tools -# - createrepo -# - linux-firmware -# - nss-mdns -# - openssl # FC 18 does not supply, but pear requires -# - syslog -# - wpa_supplicant -# - xml-common -# - yum-utils -# state: present -# when: is_redhat - - name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml' meta: noop @@ -42,7 +26,7 @@ #- make # 2021-07-27: Currently used by roles/pbx and no other roles - mlocate - net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - #- ntfs-3g # 2021-07-27: Should no longer be nec, similar to exfat packages above -- but see this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g + #- ntfs-3g # 2021-07-27: RaspiOS installs this regardless -- but this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml - pandoc # For /usr/bin/iiab-refresh-wiki-docs - pastebinit # For /usr/bin/iiab-diagnostics @@ -57,3 +41,19 @@ - wget - wpasupplicant # 2021-07-27: RaspiOS installs this regardless -- client library for connections to a WiFi AP state: present + +#- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" +# package: +# name: +# - avahi +# - avahi-tools +# - createrepo +# - linux-firmware +# - nss-mdns +# - openssl # FC 18 does not supply, but pear requires +# - syslog +# - wpa_supplicant +# - xml-common +# - yum-utils +# state: present +# when: is_redhat diff --git a/roles/2-common/tasks/prep.yml b/roles/2-common/tasks/prep.yml.unused similarity index 100% rename from roles/2-common/tasks/prep.yml rename to roles/2-common/tasks/prep.yml.unused diff --git a/roles/2-common/tasks/xo.yml b/roles/2-common/tasks/xo.yml.unused similarity index 100% rename from roles/2-common/tasks/xo.yml rename to roles/2-common/tasks/xo.yml.unused diff --git a/roles/2-common/tasks/yum-historical.yml b/roles/2-common/tasks/yum-historical.yml.unused similarity index 100% rename from roles/2-common/tasks/yum-historical.yml rename to roles/2-common/tasks/yum-historical.yml.unused diff --git a/roles/2-common/templates/ansible.repo b/roles/2-common/templates/ansible.repo.unused similarity index 100% rename from roles/2-common/templates/ansible.repo rename to roles/2-common/templates/ansible.repo.unused diff --git a/roles/2-common/templates/iiab-centos.repo b/roles/2-common/templates/iiab-centos.repo.unused similarity index 100% rename from roles/2-common/templates/iiab-centos.repo rename to roles/2-common/templates/iiab-centos.repo.unused diff --git a/roles/2-common/templates/iiab-extra.repo b/roles/2-common/templates/iiab-extra.repo.unused similarity index 99% rename from roles/2-common/templates/iiab-extra.repo rename to roles/2-common/templates/iiab-extra.repo.unused index d8977bb36..8218e57a8 100644 --- a/roles/2-common/templates/iiab-extra.repo +++ b/roles/2-common/templates/iiab-extra.repo.unused @@ -13,4 +13,3 @@ baseurl=http://download.iiab.io/repos/xsce-extra/ enabled=1 metadata_expire=1d gpgcheck=0 - diff --git a/roles/2-common/templates/iiab-testing.repo b/roles/2-common/templates/iiab-testing.repo.unused similarity index 100% rename from roles/2-common/templates/iiab-testing.repo rename to roles/2-common/templates/iiab-testing.repo.unused diff --git a/roles/2-common/templates/iptables-config b/roles/2-common/templates/iptables-config.unused similarity index 100% rename from roles/2-common/templates/iptables-config rename to roles/2-common/templates/iptables-config.unused diff --git a/roles/2-common/templates/li.nux.ro.repo b/roles/2-common/templates/li.nux.ro.repo.unused similarity index 98% rename from roles/2-common/templates/li.nux.ro.repo rename to roles/2-common/templates/li.nux.ro.repo.unused index 299d01fe5..2e0a28112 100644 --- a/roles/2-common/templates/li.nux.ro.repo +++ b/roles/2-common/templates/li.nux.ro.repo.unused @@ -4,5 +4,3 @@ baseurl=http://li.nux.ro/download/nux/dextop/el7/x86_64/ enabled=0 gpgcheck=1 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro - - diff --git a/roles/2-common/templates/local.repo b/roles/2-common/templates/local.repo.unused similarity index 100% rename from roles/2-common/templates/local.repo rename to roles/2-common/templates/local.repo.unused diff --git a/roles/2-common/templates/rpmfusion-free-updates.repo b/roles/2-common/templates/rpmfusion-free-updates.repo.unused similarity index 99% rename from roles/2-common/templates/rpmfusion-free-updates.repo rename to roles/2-common/templates/rpmfusion-free-updates.repo.unused index 9ac901387..e10a34ab6 100644 --- a/roles/2-common/templates/rpmfusion-free-updates.repo +++ b/roles/2-common/templates/rpmfusion-free-updates.repo.unused @@ -21,4 +21,3 @@ mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-rele enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-$releasever - diff --git a/roles/2-common/templates/zzz_iiab.sh b/roles/2-common/templates/zzz_iiab.sh.unused similarity index 100% rename from roles/2-common/templates/zzz_iiab.sh rename to roles/2-common/templates/zzz_iiab.sh.unused diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index a7abce597..e458d7be0 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -2,7 +2,7 @@ 3-base-server README ==================== -This 3rd stage installs base server infra that Internet-in-a-Box requires, including: +This 3rd `stage `_ installs base server infra that `Internet-in-a-Box (IIAB) `_ requires, including: - `MySQL `_ (database underlying many/most user-facing apps). This IIAB role also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** @@ -10,6 +10,6 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, inclu - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** - `www_base `_ (similar to `www_options `_ which runs later in 4-server-options) -Recap: as with 2-common, 4-server-options and 5-xo-services, this 3rd stage installs core server infra (that is not user-facing). +Recap: As with 0-init, 1-prep, 2-common, 4-server-options and 5-xo-services — this 3rd stage installs core server infra (that is not user-facing). The next stage (4-server-options) brings more diverse/optional server infra functionality. diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 61d79f77e..6355f85e7 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -2,8 +2,18 @@ 4-server-options README ======================= -Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /etc/iiab/local_vars.yml +Whereas 3-base-server installs critical packages needed by all, this 4th `stage `_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml `_ -This includes some networking fundamentals, before they're configured later on. +This includes more networking fundamentals, that may further be configured later on. -As in the case of 2-common, 3-base-server and 5-xo-services: this stage installs core server infra, that is not user-facing. +Specifically, these might be installed: + +- Python libraries +- SSH daemon +- Bluetooth for Raspberry Pi +- Instant-sharing of `USB stick content `_ +- CUPS Printing +- Samba for Windows filesystems +- `www_options `_ + +Recap: As with 0-init, 1-prep, 2-common, 3-base-server and 5-xo-services ⁠— this 4th stage installs core server infra (that is not user-facing). diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 1759c5b7d..faa5ce574 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -18,7 +18,7 @@ name: pylibs #when: pylibs_install # Flag might be created in future? -- name: SSHD - also run by roles/1-prep/tasks/main.yml as required by OpenVPN +- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN include_role: name: sshd when: sshd_install diff --git a/roles/5-xo-services/README.rst b/roles/5-xo-services/README.rst index 1cb725bf7..42c73832c 100644 --- a/roles/5-xo-services/README.rst +++ b/roles/5-xo-services/README.rst @@ -2,6 +2,6 @@ 5-xo-services README ==================== -This 5th stage provides underlying services for One Laptop Per Child's XO laptops. +This 5th `stage `_ provides underlying services for One Laptop Per Child's XO laptops. -As in the case of 2-common, 3-base-server and 4-server-options: this stage installs core server infra, that is not user-facing. +Recap: As with 0-init, 1-prep, 2-common, 3-base-server and 4-server-options — this 5th stage installs core server infra (that is not user-facing). diff --git a/roles/captiveportal/tasks/enable-or-disable.yml b/roles/captiveportal/tasks/enable-or-disable.yml index c1b390a6d..0abb05c8a 100644 --- a/roles/captiveportal/tasks/enable-or-disable.yml +++ b/roles/captiveportal/tasks/enable-or-disable.yml @@ -36,8 +36,8 @@ state: absent when: not captiveportal_enabled -- name: Run iiab-divert-to-nginx to generate diversion lists for NGINX - shell: /usr/sbin/iiab-divert-to-nginx +- name: Run /usr/sbin/iiab-divert-to-nginx to generate diversion lists for NGINX + command: /usr/sbin/iiab-divert-to-nginx when: captiveportal_enabled - name: Delete /etc/dnsmasq.d/capture to make sure dnsmasq is not diverting (if not captiveportal_enabled) diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index 01c1d932a..af022f0e9 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -43,7 +43,7 @@ - simple.template - mac.template -- name: Run iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf) +- name: Run /usr/sbin/iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf) command: /usr/sbin/iiab-make-cp-servers.py args: creates: /etc/nginx/sites-available/capture.conf diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 94c219d5c..ce7004ea2 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -2,19 +2,19 @@ include_tasks: download.yml when: firmware_downloaded is undefined # SEE ALSO firmware_installed below -- name: 'Install from template: check-firmware.service, iiab-check-firmware & fw_warn.sh' +- name: 'Install from template: /usr/bin/iiab-check-firmware, /etc/systemd/system/iiab-check-firmware.service & /etc/profile.d/iiab-firmware-warn.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - - { src: 'check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } - - { src: 'iiab-check-firmware', dest: '/usr/sbin/', mode: '0755' } - - { src: 'fw_warn.sh', dest: '/etc/profile.d/', mode: '0644' } + - { src: 'iiab-check-firmware', dest: '/usr/bin/', mode: '0755' } + - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } + - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' } -- name: Enable & (Re)Start check-firmware.service (also runs on each boot) +- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) systemd: - name: check-firmware.service + name: iiab-check-firmware.service daemon_reload: yes state: restarted enabled: yes diff --git a/roles/firmware/templates/check-firmware.service b/roles/firmware/templates/iiab-check-firmware.service similarity index 59% rename from roles/firmware/templates/check-firmware.service rename to roles/firmware/templates/iiab-check-firmware.service index 43c7adf8c..bebf5a43d 100644 --- a/roles/firmware/templates/check-firmware.service +++ b/roles/firmware/templates/iiab-check-firmware.service @@ -1,11 +1,10 @@ [Unit] Description=Check Firmware service -Before=clone-wifi.service +Before=iiab-clone-wifi.service [Service] Type=oneshot -ExecStart=/usr/sbin/iiab-check-firmware +ExecStart=/usr/bin/iiab-check-firmware [Install] WantedBy=multi-user.target - diff --git a/roles/firmware/templates/fw_warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh similarity index 100% rename from roles/firmware/templates/fw_warn.sh rename to roles/firmware/templates/iiab-firmware-warn.sh diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index e19ea8e7d..c61ca57c5 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -14,7 +14,7 @@ name: "{{ admin_console_group }}" state: present -- name: Configure user '{{ iiab_admin_user }}' with group '{{ admin_console_group }}' for login to IIAB's Admin Console (http://box.lan/admin) AND for IIAB community support commands (/usr/bin/iiab-* and /usr/sbin/iiab-*) at the command-line +- name: Configure user '{{ iiab_admin_user }}' with group '{{ admin_console_group }}' for login to IIAB's Admin Console (http://box.lan/admin) AND for IIAB community support commands (/usr/bin/iiab-*) at the command-line user: name: "{{ iiab_admin_user }}" #group: "{{ iiab_admin_user }}" # Not nec. Anyway this happens during account creation b/c 'USERGROUPS_ENAB yes' is set in any modern /etc/login.defs @@ -34,7 +34,7 @@ # sudo-prereqs.yml needs to have been run! -- name: Add user {{ iiab_admin_user }} to group sudo, for IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware}, if iiab_admin_can_sudo +- name: Add user {{ iiab_admin_user }} to group sudo, for IIAB community support commands in /usr/bin like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware}, if iiab_admin_can_sudo #command: "gpasswd -a {{ iiab_admin_user | quote }} sudo" user: name: "{{ iiab_admin_user }}" diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index b34b32c11..33e0a6468 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -39,7 +39,7 @@ set_fact: ap0_mac_addr: "{{ ap0_mac.stdout }}" -- name: Use custom 'hostapd' systemd service unit file using ap0 +- name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi" template: owner: root group: root @@ -48,9 +48,9 @@ mode: "{{ item.mode }}" with_items: - { src: 'hostapd/hostapd.service.j2', dest: '/etc/systemd/system/hostapd.service', mode: '0644' } - - { src: 'hostapd/clone-wifi.service.j2', dest: '/etc/systemd/system/clone-wifi.service', mode: '0644' } - - { src: 'hostapd/wifi-test.service.j2', dest: '/etc/systemd/system/wifi-test.service', mode: '0644'} - - { src: 'hostapd/test-wifi', dest: '/sbin/test-wifi', mode: '0755' } + - { src: 'hostapd/iiab-clone-wifi.service.j2', dest: '/etc/systemd/system/iiab-clone-wifi.service', mode: '0644' } + - { src: 'hostapd/iiab-wifi-test.service.j2', dest: '/etc/systemd/system/iiab-wifi-test.service', mode: '0644'} + - { src: 'hostapd/iiab-test-wifi.j2', dest: '/usr/sbin/iiab-test-wifi', mode: '0755' } when: discovered_wireless_iface != "none" - name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down @@ -145,8 +145,8 @@ enabled: no daemon_reload: yes with_items: - - clone-wifi.service - - wifi-test.service + - iiab-clone-wifi.service + - iiab-wifi-test.service when: not wifi_up_down - name: Enable the Access Point 'hostapd' and ap0 related services @@ -156,8 +156,8 @@ daemon_reload: yes with_items: - hostapd.service - - clone-wifi.service - - wifi-test.service + - iiab-clone-wifi.service + - iiab-wifi-test.service when: hostapd_enabled and wifi_up_down - name: Record HOSTAPD_ENABLED to {{ iiab_env_file }} diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index dea080d0c..1887a7d15 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -58,7 +58,7 @@ - name: Clone wifi if needed systemd: - name: clone-wifi + name: iiab-clone-wifi state: started when: discovered_wireless_iface != "none" # Whereas sysd-netd-debian.yml uses... diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 622663462..4b3048256 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -53,7 +53,7 @@ - name: Clone wifi if needed systemd: - name: clone-wifi + name: iiab-clone-wifi state: started when: wifi_up_down and discovered_wireless_iface != "none" diff --git a/roles/network/templates/hostapd/README.ap0 b/roles/network/templates/hostapd/README.ap0 index ea53ec1da..0d44b9df1 100644 --- a/roles/network/templates/hostapd/README.ap0 +++ b/roles/network/templates/hostapd/README.ap0 @@ -1,8 +1,8 @@ start up order # network-pre bridge is created -clone-wifi +iiab-clone-wifi wpa_supplicant #--dbus version does not start the interface directly -test-wifi # uses dbus to scan the network grabbing the channel alters hostapd.conf if needed +iiab-test-wifi # uses dbus to scan the network grabbing the channel alters hostapd.conf if needed hostapd # network diff --git a/roles/network/templates/hostapd/hostapd.service.j2 b/roles/network/templates/hostapd/hostapd.service.j2 index 3c19dfcf8..78ed478d0 100644 --- a/roles/network/templates/hostapd/hostapd.service.j2 +++ b/roles/network/templates/hostapd/hostapd.service.j2 @@ -2,8 +2,8 @@ Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Wants=network-pre.target After=network-pre.target -After=clone-wifi.service -Requires=clone-wifi.service +After=iiab-clone-wifi.service +Requires=iiab-clone-wifi.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service Before=NetworkManager.service diff --git a/roles/network/templates/hostapd/clone-wifi.service.j2 b/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 similarity index 100% rename from roles/network/templates/hostapd/clone-wifi.service.j2 rename to roles/network/templates/hostapd/iiab-clone-wifi.service.j2 diff --git a/roles/network/templates/hostapd/test-wifi b/roles/network/templates/hostapd/iiab-test-wifi.j2 similarity index 98% rename from roles/network/templates/hostapd/test-wifi rename to roles/network/templates/hostapd/iiab-test-wifi.j2 index b2ed7c971..be13af4c6 100755 --- a/roles/network/templates/hostapd/test-wifi +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -5,7 +5,7 @@ NETPLAN=0 SSID="NA" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None # of the backends that use wpa_supplicant should be active yet based on the Before= After= lines -# in the wifi-test.service unit file. +# in the iiab-wifi-test.service unit file. # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then diff --git a/roles/network/templates/hostapd/wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 similarity index 92% rename from roles/network/templates/hostapd/wifi-test.service.j2 rename to roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 875a12f50..682680a07 100644 --- a/roles/network/templates/hostapd/wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -12,7 +12,7 @@ Before=network.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/sbin/test-wifi +ExecStart=/usr/sbin/iiab-test-wifi [Install] WantedBy=multi-user.target diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index d3f811365..78d86cdd1 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -3,9 +3,9 @@ sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} systemctl disable hostapd systemctl stop hostapd {% if wifi_up_down %} -systemctl disable clone-wifi.service -systemctl disable wifi-test.service -systemctl stop clone-wifi.service +systemctl disable iiab-clone-wifi.service +systemctl disable iiab-wifi-test.service +systemctl stop iiab-clone-wifi.service echo " IIAB hotspot access point Disabled" exit 0 {% else %} diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/network/iiab-hotspot-on index 34d1cda46..d92cb5f21 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/network/iiab-hotspot-on @@ -1,9 +1,9 @@ #!/bin/bash sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} -systemctl enable clone-wifi.service +systemctl enable iiab-clone-wifi.service systemctl enable hostapd -systemctl enable wifi-test.service +systemctl enable iiab-wifi-test.service echo -e "\nPlease reboot to activate hostapd feature.\n" exit 0 {% else %} diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 2cfd2f9bb..c34042781 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -55,14 +55,14 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: 0775 -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } + - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 00ae4ddc7..aef45d8fd 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -8,7 +8,7 @@ The ``pastebinit`` command can then be used to auto-upload this file, creating a But first off, the file is compiled by harvesting 1 + 6 kinds of things: -0. Filename Header + Git Hashes + Raspberry Pi Model + OS +0. Filename Header + Git Hashes + Raspberry Pi Model + OS + CPU Architecture(s) 1. Files specially requested (if you run ``sudo iiab-diagnostics PATH/FILE1 PATH/FILE2``) @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-222 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-224 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.