From bbbb878e3cf7b7fc28425cf3bb91d0c97482e584 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Jul 2021 13:00:58 -0400 Subject: [PATCH 01/39] 2-common/tasks/main.yml: Experimentally comment out zzz_iiab.sh --- roles/2-common/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index d05bccc11..3e4e17131 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -43,10 +43,10 @@ #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE # UNMAINTAINED -- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH - template: - dest: /etc/profile.d/zzz_iiab.sh - src: zzz_iiab.sh +#- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH +# template: +# dest: /etc/profile.d/zzz_iiab.sh +# src: zzz_iiab.sh # UNMAINTAINED - include_tasks: net_mods.yml From 7de6c96b37c94ef6aa403b62de8030c157a76428 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Jul 2021 13:01:33 -0400 Subject: [PATCH 02/39] Rename zzz_iiab.sh to zzz_iiab.sh.unused --- roles/2-common/templates/{zzz_iiab.sh => zzz_iiab.sh.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/templates/{zzz_iiab.sh => zzz_iiab.sh.unused} (100%) diff --git a/roles/2-common/templates/zzz_iiab.sh b/roles/2-common/templates/zzz_iiab.sh.unused similarity index 100% rename from roles/2-common/templates/zzz_iiab.sh rename to roles/2-common/templates/zzz_iiab.sh.unused From 9b25ada48cef2a7f1223c7ae39992249668479c5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Jul 2021 18:51:50 -0400 Subject: [PATCH 03/39] Update packages.yml --- roles/2-common/tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index e78076907..bcb36cae1 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -42,7 +42,7 @@ #- make # 2021-07-27: Currently used by roles/pbx and no other roles - mlocate - net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - #- ntfs-3g # 2021-07-27: Should no longer be nec, similar to exfat packages above -- but see this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g + #- ntfs-3g # 2021-07-27: RaspiOS installs this regardless -- but this should no longer be nec, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml - pandoc # For /usr/bin/iiab-refresh-wiki-docs - pastebinit # For /usr/bin/iiab-diagnostics From cdf7db76ee3b35360d15abbd985531ebabfde07f Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Jul 2021 18:53:21 -0400 Subject: [PATCH 04/39] 4-server-options/tasks/main.yml: comment tweak --- roles/4-server-options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 1759c5b7d..faa5ce574 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -18,7 +18,7 @@ name: pylibs #when: pylibs_install # Flag might be created in future? -- name: SSHD - also run by roles/1-prep/tasks/main.yml as required by OpenVPN +- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN include_role: name: sshd when: sshd_install From cad49f76f9d33a7ba5371e3dc4ca9070e7b5b74a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Jul 2021 18:59:20 -0400 Subject: [PATCH 05/39] 2-common/tasks/packages.yml readability: Move to top --- roles/2-common/tasks/packages.yml | 32 +++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index bcb36cae1..f0948aa90 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,19 +1,3 @@ -#- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" -# package: -# name: -# - avahi -# - avahi-tools -# - createrepo -# - linux-firmware -# - nss-mdns -# - openssl # FC 18 does not supply, but pear requires -# - syslog -# - wpa_supplicant -# - xml-common -# - yum-utils -# state: present -# when: is_redhat - - name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml' meta: noop @@ -57,3 +41,19 @@ - wget - wpasupplicant # 2021-07-27: RaspiOS installs this regardless -- client library for connections to a WiFi AP state: present + +#- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" +# package: +# name: +# - avahi +# - avahi-tools +# - createrepo +# - linux-firmware +# - nss-mdns +# - openssl # FC 18 does not supply, but pear requires +# - syslog +# - wpa_supplicant +# - xml-common +# - yum-utils +# state: present +# when: is_redhat From 661b8486a5ca454011dc3add5d4f37346e5c011c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Jul 2021 19:02:55 -0400 Subject: [PATCH 06/39] Update iiab-diagnostics.README.md --- scripts/iiab-diagnostics.README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 00ae4ddc7..aef45d8fd 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -8,7 +8,7 @@ The ``pastebinit`` command can then be used to auto-upload this file, creating a But first off, the file is compiled by harvesting 1 + 6 kinds of things: -0. Filename Header + Git Hashes + Raspberry Pi Model + OS +0. Filename Header + Git Hashes + Raspberry Pi Model + OS + CPU Architecture(s) 1. Files specially requested (if you run ``sudo iiab-diagnostics PATH/FILE1 PATH/FILE2``) @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-222 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-224 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. From c23661bb56192957a174f289988527ce44ab0eee Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 27 Jul 2021 19:14:03 -0400 Subject: [PATCH 07/39] 2-common/tasks/packages.yml: Clarify ntfs-3g w/ 5.4+ kernels --- roles/2-common/tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index f0948aa90..3362c0ce5 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -26,7 +26,7 @@ #- make # 2021-07-27: Currently used by roles/pbx and no other roles - mlocate - net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - #- ntfs-3g # 2021-07-27: RaspiOS installs this regardless -- but this should no longer be nec, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g + #- ntfs-3g # 2021-07-27: RaspiOS installs this regardless -- but this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml - pandoc # For /usr/bin/iiab-refresh-wiki-docs - pastebinit # For /usr/bin/iiab-diagnostics From 50e0cde9a3892c8842dfdea681585a82e7132673 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Jul 2021 22:36:07 -0400 Subject: [PATCH 08/39] iiab-check-firmware to /usr/bin ; rename systemd services to iiab-* --- roles/1-prep/tasks/raspberry_pi.yml | 18 +++++++++--------- .../captiveportal/tasks/enable-or-disable.yml | 4 ++-- roles/captiveportal/tasks/install.yml | 2 +- roles/firmware/tasks/install.yml | 12 ++++++------ ...are.service => iiab-check-firmware.service} | 5 ++--- .../{fw_warn.sh => iiab-firmware-warn.sh} | 0 roles/iiab-admin/tasks/admin-user.yml | 4 ++-- roles/network/tasks/hostapd.yml | 16 ++++++++-------- roles/network/tasks/rpi_debian.yml | 2 +- roles/network/tasks/sysd-netd-debian.yml | 2 +- roles/network/templates/hostapd/README.ap0 | 4 ++-- .../templates/hostapd/hostapd.service.j2 | 4 ++-- ...i.service.j2 => iiab-clone-wifi.service.j2} | 0 .../hostapd/{test-wifi => iiab-test-wifi.j2} | 2 +- ...st.service.j2 => iiab-wifi-test.service.j2} | 2 +- .../network/templates/network/iiab-hotspot-off | 6 +++--- .../network/templates/network/iiab-hotspot-on | 4 ++-- roles/usb_lib/tasks/install.yml | 4 ++-- 18 files changed, 45 insertions(+), 46 deletions(-) rename roles/firmware/templates/{check-firmware.service => iiab-check-firmware.service} (59%) rename roles/firmware/templates/{fw_warn.sh => iiab-firmware-warn.sh} (100%) rename roles/network/templates/hostapd/{clone-wifi.service.j2 => iiab-clone-wifi.service.j2} (100%) rename roles/network/templates/hostapd/{test-wifi => iiab-test-wifi.j2} (98%) rename roles/network/templates/hostapd/{wifi-test.service.j2 => iiab-wifi-test.service.j2} (92%) diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml index 232674dca..41b129853 100644 --- a/roles/1-prep/tasks/raspberry_pi.yml +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -1,12 +1,12 @@ # Specific to Raspberry Pi -- name: Install udev rule /etc/udev/rules.d/92-rtc-i2c.rules from template, to transfer hwclock to system clock at dev creation, if rtc_id is defined and rtc_id != "none" +- name: Install udev rule /etc/udev/rules.d/92-rtc-i2c.rules from template, to transfer hwclock to system clock at dev creation, if rtc_id is defined and rtc_id != "none" (root:root, 0644 by default) template: src: 92-rtc-i2c.rules dest: /etc/udev/rules.d/92-rtc-i2c.rules - owner: root - group: root - mode: 0644 + #owner: root + #group: root + #mode: 0644 when: rtc_id is defined and rtc_id != "none" # RTC requires a change to the device tree (and reboot) @@ -50,7 +50,7 @@ - cloud-guest-utils # Contains 'growpart' for resizing a partition during boot, which is normally done with the aid of cloud-init - dphys-swapfile # 2021-07-27: RaspiOS installs this regardless -- autogenerate and use a swap file - fake-hwclock # 2021-07-27: RaspiOS installs this regardless -- save/restore system clock on machines without working RTC hardware - - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/clone-wifi.service.j2 + - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions state: present @@ -67,15 +67,15 @@ name: dphys-swapfile state: restarted -- name: Install RPi rootfs resizing (iiab-rpi-max-rootfs.sh) and its systemd service (iiab-rpi-root-resize.service), from templates +- name: Install RPi rootfs resizing (/usr/sbin/iiab-rpi-max-rootfs.sh) and its systemd service (/etc/systemd/system/iiab-rpi-root-resize.service), from templates (root:root by default) template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root + #owner: root + #group: root mode: "{{ item.mode }}" with_items: - - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/iiab-rpi-max-rootfs.sh', mode: '0755'} + - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/', mode: '0755'} - { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/iiab-rpi-root-resize.service', mode: '0644'} - name: Enable RPi rootfs resizing (systemd service iiab-rpi-root-resize.service) diff --git a/roles/captiveportal/tasks/enable-or-disable.yml b/roles/captiveportal/tasks/enable-or-disable.yml index c1b390a6d..0abb05c8a 100644 --- a/roles/captiveportal/tasks/enable-or-disable.yml +++ b/roles/captiveportal/tasks/enable-or-disable.yml @@ -36,8 +36,8 @@ state: absent when: not captiveportal_enabled -- name: Run iiab-divert-to-nginx to generate diversion lists for NGINX - shell: /usr/sbin/iiab-divert-to-nginx +- name: Run /usr/sbin/iiab-divert-to-nginx to generate diversion lists for NGINX + command: /usr/sbin/iiab-divert-to-nginx when: captiveportal_enabled - name: Delete /etc/dnsmasq.d/capture to make sure dnsmasq is not diverting (if not captiveportal_enabled) diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index 01c1d932a..af022f0e9 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -43,7 +43,7 @@ - simple.template - mac.template -- name: Run iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf) +- name: Run /usr/sbin/iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf) command: /usr/sbin/iiab-make-cp-servers.py args: creates: /etc/nginx/sites-available/capture.conf diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 94c219d5c..2e0bd1e06 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -2,19 +2,19 @@ include_tasks: download.yml when: firmware_downloaded is undefined # SEE ALSO firmware_installed below -- name: 'Install from template: check-firmware.service, iiab-check-firmware & fw_warn.sh' +- name: 'Install from template: /usr/bin/iiab-check-firmware, /etc/systemd/iiab-check-firmware.service & /etc/profile.d/iiab-firmware-warn.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - - { src: 'check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } - - { src: 'iiab-check-firmware', dest: '/usr/sbin/', mode: '0755' } - - { src: 'fw_warn.sh', dest: '/etc/profile.d/', mode: '0644' } + - { src: 'iiab-check-firmware', dest: '/usr/bin/', mode: '0755' } + - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' } + - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' } -- name: Enable & (Re)Start check-firmware.service (also runs on each boot) +- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot) systemd: - name: check-firmware.service + name: iiab-check-firmware.service daemon_reload: yes state: restarted enabled: yes diff --git a/roles/firmware/templates/check-firmware.service b/roles/firmware/templates/iiab-check-firmware.service similarity index 59% rename from roles/firmware/templates/check-firmware.service rename to roles/firmware/templates/iiab-check-firmware.service index 43c7adf8c..bebf5a43d 100644 --- a/roles/firmware/templates/check-firmware.service +++ b/roles/firmware/templates/iiab-check-firmware.service @@ -1,11 +1,10 @@ [Unit] Description=Check Firmware service -Before=clone-wifi.service +Before=iiab-clone-wifi.service [Service] Type=oneshot -ExecStart=/usr/sbin/iiab-check-firmware +ExecStart=/usr/bin/iiab-check-firmware [Install] WantedBy=multi-user.target - diff --git a/roles/firmware/templates/fw_warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh similarity index 100% rename from roles/firmware/templates/fw_warn.sh rename to roles/firmware/templates/iiab-firmware-warn.sh diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index e19ea8e7d..c61ca57c5 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -14,7 +14,7 @@ name: "{{ admin_console_group }}" state: present -- name: Configure user '{{ iiab_admin_user }}' with group '{{ admin_console_group }}' for login to IIAB's Admin Console (http://box.lan/admin) AND for IIAB community support commands (/usr/bin/iiab-* and /usr/sbin/iiab-*) at the command-line +- name: Configure user '{{ iiab_admin_user }}' with group '{{ admin_console_group }}' for login to IIAB's Admin Console (http://box.lan/admin) AND for IIAB community support commands (/usr/bin/iiab-*) at the command-line user: name: "{{ iiab_admin_user }}" #group: "{{ iiab_admin_user }}" # Not nec. Anyway this happens during account creation b/c 'USERGROUPS_ENAB yes' is set in any modern /etc/login.defs @@ -34,7 +34,7 @@ # sudo-prereqs.yml needs to have been run! -- name: Add user {{ iiab_admin_user }} to group sudo, for IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware}, if iiab_admin_can_sudo +- name: Add user {{ iiab_admin_user }} to group sudo, for IIAB community support commands in /usr/bin like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware}, if iiab_admin_can_sudo #command: "gpasswd -a {{ iiab_admin_user | quote }} sudo" user: name: "{{ iiab_admin_user }}" diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index b34b32c11..33e0a6468 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -39,7 +39,7 @@ set_fact: ap0_mac_addr: "{{ ap0_mac.stdout }}" -- name: Use custom 'hostapd' systemd service unit file using ap0 +- name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi" template: owner: root group: root @@ -48,9 +48,9 @@ mode: "{{ item.mode }}" with_items: - { src: 'hostapd/hostapd.service.j2', dest: '/etc/systemd/system/hostapd.service', mode: '0644' } - - { src: 'hostapd/clone-wifi.service.j2', dest: '/etc/systemd/system/clone-wifi.service', mode: '0644' } - - { src: 'hostapd/wifi-test.service.j2', dest: '/etc/systemd/system/wifi-test.service', mode: '0644'} - - { src: 'hostapd/test-wifi', dest: '/sbin/test-wifi', mode: '0755' } + - { src: 'hostapd/iiab-clone-wifi.service.j2', dest: '/etc/systemd/system/iiab-clone-wifi.service', mode: '0644' } + - { src: 'hostapd/iiab-wifi-test.service.j2', dest: '/etc/systemd/system/iiab-wifi-test.service', mode: '0644'} + - { src: 'hostapd/iiab-test-wifi.j2', dest: '/usr/sbin/iiab-test-wifi', mode: '0755' } when: discovered_wireless_iface != "none" - name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down @@ -145,8 +145,8 @@ enabled: no daemon_reload: yes with_items: - - clone-wifi.service - - wifi-test.service + - iiab-clone-wifi.service + - iiab-wifi-test.service when: not wifi_up_down - name: Enable the Access Point 'hostapd' and ap0 related services @@ -156,8 +156,8 @@ daemon_reload: yes with_items: - hostapd.service - - clone-wifi.service - - wifi-test.service + - iiab-clone-wifi.service + - iiab-wifi-test.service when: hostapd_enabled and wifi_up_down - name: Record HOSTAPD_ENABLED to {{ iiab_env_file }} diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index dea080d0c..1887a7d15 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -58,7 +58,7 @@ - name: Clone wifi if needed systemd: - name: clone-wifi + name: iiab-clone-wifi state: started when: discovered_wireless_iface != "none" # Whereas sysd-netd-debian.yml uses... diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 622663462..4b3048256 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -53,7 +53,7 @@ - name: Clone wifi if needed systemd: - name: clone-wifi + name: iiab-clone-wifi state: started when: wifi_up_down and discovered_wireless_iface != "none" diff --git a/roles/network/templates/hostapd/README.ap0 b/roles/network/templates/hostapd/README.ap0 index ea53ec1da..0d44b9df1 100644 --- a/roles/network/templates/hostapd/README.ap0 +++ b/roles/network/templates/hostapd/README.ap0 @@ -1,8 +1,8 @@ start up order # network-pre bridge is created -clone-wifi +iiab-clone-wifi wpa_supplicant #--dbus version does not start the interface directly -test-wifi # uses dbus to scan the network grabbing the channel alters hostapd.conf if needed +iiab-test-wifi # uses dbus to scan the network grabbing the channel alters hostapd.conf if needed hostapd # network diff --git a/roles/network/templates/hostapd/hostapd.service.j2 b/roles/network/templates/hostapd/hostapd.service.j2 index 3c19dfcf8..78ed478d0 100644 --- a/roles/network/templates/hostapd/hostapd.service.j2 +++ b/roles/network/templates/hostapd/hostapd.service.j2 @@ -2,8 +2,8 @@ Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Wants=network-pre.target After=network-pre.target -After=clone-wifi.service -Requires=clone-wifi.service +After=iiab-clone-wifi.service +Requires=iiab-clone-wifi.service Before=dhcpcd.service Before=wpa_supplicant@{{ discovered_wireless_iface }}.service Before=NetworkManager.service diff --git a/roles/network/templates/hostapd/clone-wifi.service.j2 b/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 similarity index 100% rename from roles/network/templates/hostapd/clone-wifi.service.j2 rename to roles/network/templates/hostapd/iiab-clone-wifi.service.j2 diff --git a/roles/network/templates/hostapd/test-wifi b/roles/network/templates/hostapd/iiab-test-wifi.j2 similarity index 98% rename from roles/network/templates/hostapd/test-wifi rename to roles/network/templates/hostapd/iiab-test-wifi.j2 index b2ed7c971..be13af4c6 100755 --- a/roles/network/templates/hostapd/test-wifi +++ b/roles/network/templates/hostapd/iiab-test-wifi.j2 @@ -5,7 +5,7 @@ NETPLAN=0 SSID="NA" # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None # of the backends that use wpa_supplicant should be active yet based on the Before= After= lines -# in the wifi-test.service unit file. +# in the iiab-wifi-test.service unit file. # covers systemd-networkd if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then diff --git a/roles/network/templates/hostapd/wifi-test.service.j2 b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 similarity index 92% rename from roles/network/templates/hostapd/wifi-test.service.j2 rename to roles/network/templates/hostapd/iiab-wifi-test.service.j2 index 875a12f50..682680a07 100644 --- a/roles/network/templates/hostapd/wifi-test.service.j2 +++ b/roles/network/templates/hostapd/iiab-wifi-test.service.j2 @@ -12,7 +12,7 @@ Before=network.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/sbin/test-wifi +ExecStart=/usr/sbin/iiab-test-wifi [Install] WantedBy=multi-user.target diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index d3f811365..78d86cdd1 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -3,9 +3,9 @@ sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} systemctl disable hostapd systemctl stop hostapd {% if wifi_up_down %} -systemctl disable clone-wifi.service -systemctl disable wifi-test.service -systemctl stop clone-wifi.service +systemctl disable iiab-clone-wifi.service +systemctl disable iiab-wifi-test.service +systemctl stop iiab-clone-wifi.service echo " IIAB hotspot access point Disabled" exit 0 {% else %} diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/network/iiab-hotspot-on index 34d1cda46..d92cb5f21 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/network/iiab-hotspot-on @@ -1,9 +1,9 @@ #!/bin/bash sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} -systemctl enable clone-wifi.service +systemctl enable iiab-clone-wifi.service systemctl enable hostapd -systemctl enable wifi-test.service +systemctl enable iiab-wifi-test.service echo -e "\nPlease reboot to activate hostapd feature.\n" exit 0 {% else %} diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 3304a0f16..a84b02439 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -55,14 +55,14 @@ group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) mode: '0775' -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off' +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } + - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' } From 77bf1099cdeaffc9282908ce6b21c222e1a0e381 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Jul 2021 22:44:52 -0400 Subject: [PATCH 09/39] roles/firmware/tasks/install.yml: Fix path typo in comment --- roles/firmware/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml index 2e0bd1e06..ce7004ea2 100644 --- a/roles/firmware/tasks/install.yml +++ b/roles/firmware/tasks/install.yml @@ -2,7 +2,7 @@ include_tasks: download.yml when: firmware_downloaded is undefined # SEE ALSO firmware_installed below -- name: 'Install from template: /usr/bin/iiab-check-firmware, /etc/systemd/iiab-check-firmware.service & /etc/profile.d/iiab-firmware-warn.sh' +- name: 'Install from template: /usr/bin/iiab-check-firmware, /etc/systemd/system/iiab-check-firmware.service & /etc/profile.d/iiab-firmware-warn.sh' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 357eff658507a4b10aa8a39fa9c7b4965c55390a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:03:28 -0400 Subject: [PATCH 10/39] Rename centos.yml to centos.yml.unused --- roles/2-common/tasks/{centos.yml => centos.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/tasks/{centos.yml => centos.yml.unused} (100%) diff --git a/roles/2-common/tasks/centos.yml b/roles/2-common/tasks/centos.yml.unused similarity index 100% rename from roles/2-common/tasks/centos.yml rename to roles/2-common/tasks/centos.yml.unused From d7c9c29b34c88dcc99669bca7b49ca12b63a5066 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:03:42 -0400 Subject: [PATCH 11/39] Rename fedora.yml to fedora.yml.unused --- roles/2-common/tasks/{fedora.yml => fedora.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/tasks/{fedora.yml => fedora.yml.unused} (100%) diff --git a/roles/2-common/tasks/fedora.yml b/roles/2-common/tasks/fedora.yml.unused similarity index 100% rename from roles/2-common/tasks/fedora.yml rename to roles/2-common/tasks/fedora.yml.unused From 1a790cc51c213f059a324d77cf42802ff7e32560 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:04:12 -0400 Subject: [PATCH 12/39] Rename net_mods.yml to net_mods.yml.unused --- roles/2-common/tasks/{net_mods.yml => net_mods.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/tasks/{net_mods.yml => net_mods.yml.unused} (100%) diff --git a/roles/2-common/tasks/net_mods.yml b/roles/2-common/tasks/net_mods.yml.unused similarity index 100% rename from roles/2-common/tasks/net_mods.yml rename to roles/2-common/tasks/net_mods.yml.unused From d7218a54f7c7d72481f6182e39e778f910be25e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:04:45 -0400 Subject: [PATCH 13/39] Rename prep.yml to prep.yml.unused --- roles/2-common/tasks/{prep.yml => prep.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/tasks/{prep.yml => prep.yml.unused} (100%) diff --git a/roles/2-common/tasks/prep.yml b/roles/2-common/tasks/prep.yml.unused similarity index 100% rename from roles/2-common/tasks/prep.yml rename to roles/2-common/tasks/prep.yml.unused From b16c402b126827b13244cf69c431172ca33a8622 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:05:01 -0400 Subject: [PATCH 14/39] Rename xo.yml to xo.yml.unused --- roles/2-common/tasks/{xo.yml => xo.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/tasks/{xo.yml => xo.yml.unused} (100%) diff --git a/roles/2-common/tasks/xo.yml b/roles/2-common/tasks/xo.yml.unused similarity index 100% rename from roles/2-common/tasks/xo.yml rename to roles/2-common/tasks/xo.yml.unused From 36d163333fce5f411c933d4181fb07c8559c1371 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:05:19 -0400 Subject: [PATCH 15/39] Rename yum-historical.yml to yum-historical.yml.unused --- .../tasks/{yum-historical.yml => yum-historical.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/tasks/{yum-historical.yml => yum-historical.yml.unused} (100%) diff --git a/roles/2-common/tasks/yum-historical.yml b/roles/2-common/tasks/yum-historical.yml.unused similarity index 100% rename from roles/2-common/tasks/yum-historical.yml rename to roles/2-common/tasks/yum-historical.yml.unused From 969d093c3cf899df75af22d0cccf6add6cbeac9b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:42:11 -0400 Subject: [PATCH 16/39] 2-common/tasks/main.yml: Comment out unused code --- roles/2-common/tasks/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 3e4e17131..f4d86732e 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -7,20 +7,20 @@ include_tasks: fl.yml # UNMAINTAINED -- include_tasks: centos.yml - when: ansible_distribution == "CentOS" +#- include_tasks: centos.yml +# when: ansible_distribution == "CentOS" # UNMAINTAINED -- include_tasks: fedora.yml - when: ansible_distribution == "Fedora" +#- include_tasks: fedora.yml +# when: ansible_distribution == "Fedora" # UNMAINTAINED -- include_tasks: prep.yml - when: not is_debuntu +#- include_tasks: prep.yml +# when: not is_debuntu # UNMAINTAINED -- include_tasks: xo.yml - when: xo_model != "none" or osbuilder is defined +#- include_tasks: xo.yml +# when: xo_model != "none" or osbuilder is defined - include_tasks: packages.yml - include_tasks: network.yml @@ -49,8 +49,8 @@ # src: zzz_iiab.sh # UNMAINTAINED -- include_tasks: net_mods.yml - when: not is_debuntu and not is_F18 +#- include_tasks: net_mods.yml +# when: not is_debuntu and not is_F18 - include_tasks: iiab-startup.yml From d305e138528fc1426e7e73422059b840249a3fae Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:48:14 -0400 Subject: [PATCH 17/39] 2-common/tasks/network.yml: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible --- roles/2-common/tasks/network.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index cc1615a58..9b3257e09 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -24,3 +24,20 @@ src: iptables dest: /etc/network/if-pre-up.d/iptables mode: '0755' + +# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: +- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET + #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE From 5aa1a21c079d0af8b21dfaa9a4d1060a59831f56 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:57:19 -0400 Subject: [PATCH 18/39] 2-common/tasks/main.yml made far more readable --- roles/2-common/tasks/main.yml | 37 +++++++++++------------------------ 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index f4d86732e..048b455c7 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -1,11 +1,18 @@ # Common OS-Level Additions & Mods (that only need to be performed once) - name: ...IS BEGINNING ========================================== - command: echo + meta: noop - name: Create IIAB directory structure ("file layout") include_tasks: fl.yml +- include_tasks: packages.yml + +- name: 'Network prep, including partial setup of iptables (firewall). SEE ALSO: 1-prep/tasks/raspberry_pi.yml' + include_tasks: network.yml + +- include_tasks: iiab-startup.yml + # UNMAINTAINED #- include_tasks: centos.yml # when: ansible_distribution == "CentOS" @@ -22,25 +29,9 @@ #- include_tasks: xo.yml # when: xo_model != "none" or osbuilder is defined -- include_tasks: packages.yml -- include_tasks: network.yml - -# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible - sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot - name: "{{ item.name }}" - value: "{{ item.value }}" - with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } - #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled - #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET - #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE +# UNMAINTAINED +#- include_tasks: net_mods.yml +# when: not is_debuntu and not is_F18 # UNMAINTAINED #- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH @@ -48,12 +39,6 @@ # dest: /etc/profile.d/zzz_iiab.sh # src: zzz_iiab.sh -# UNMAINTAINED -#- include_tasks: net_mods.yml -# when: not is_debuntu and not is_F18 - -- include_tasks: iiab-startup.yml - - name: Recording STAGE 2 HAS COMPLETED ========================== lineinfile: path: "{{ iiab_env_file }}" From 8f2bfef24b41a93b6301ad18eef00ecde4da7f73 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:58:15 -0400 Subject: [PATCH 19/39] Tweak 2-common/tasks/main.yml --- roles/2-common/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 048b455c7..21ae62a6a 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,7 +8,7 @@ - include_tasks: packages.yml -- name: 'Network prep, including partial setup of iptables (firewall). SEE ALSO: 1-prep/tasks/raspberry_pi.yml' +- name: 'Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml' include_tasks: network.yml - include_tasks: iiab-startup.yml From 1e9bd4d90b64863cf554e3fd712fdb71f4ae1a43 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:59:43 -0400 Subject: [PATCH 20/39] Rename iptables-config to iptables-config.unused --- .../templates/{iptables-config => iptables-config.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/templates/{iptables-config => iptables-config.unused} (100%) diff --git a/roles/2-common/templates/iptables-config b/roles/2-common/templates/iptables-config.unused similarity index 100% rename from roles/2-common/templates/iptables-config rename to roles/2-common/templates/iptables-config.unused From 3017480dfff539f05c1958eae4a8bee0cd77921d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 02:16:37 -0400 Subject: [PATCH 21/39] Rename ansible.repo to ansible.repo.unused --- roles/2-common/templates/{ansible.repo => ansible.repo.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/templates/{ansible.repo => ansible.repo.unused} (100%) diff --git a/roles/2-common/templates/ansible.repo b/roles/2-common/templates/ansible.repo.unused similarity index 100% rename from roles/2-common/templates/ansible.repo rename to roles/2-common/templates/ansible.repo.unused From 2d7b0a1ebdaa669c4c8b6e02bf88db0842e6c4d7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 02:16:50 -0400 Subject: [PATCH 22/39] Rename iiab-centos.repo to iiab-centos.repo.unused --- .../templates/{iiab-centos.repo => iiab-centos.repo.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/templates/{iiab-centos.repo => iiab-centos.repo.unused} (100%) diff --git a/roles/2-common/templates/iiab-centos.repo b/roles/2-common/templates/iiab-centos.repo.unused similarity index 100% rename from roles/2-common/templates/iiab-centos.repo rename to roles/2-common/templates/iiab-centos.repo.unused From b305528d54cff207ba27881ae1a8d4d9833ea3b5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 02:17:24 -0400 Subject: [PATCH 23/39] Update and rename iiab-extra.repo to iiab-extra.repo.unused --- .../templates/{iiab-extra.repo => iiab-extra.repo.unused} | 1 - 1 file changed, 1 deletion(-) rename roles/2-common/templates/{iiab-extra.repo => iiab-extra.repo.unused} (99%) diff --git a/roles/2-common/templates/iiab-extra.repo b/roles/2-common/templates/iiab-extra.repo.unused similarity index 99% rename from roles/2-common/templates/iiab-extra.repo rename to roles/2-common/templates/iiab-extra.repo.unused index d8977bb36..8218e57a8 100644 --- a/roles/2-common/templates/iiab-extra.repo +++ b/roles/2-common/templates/iiab-extra.repo.unused @@ -13,4 +13,3 @@ baseurl=http://download.iiab.io/repos/xsce-extra/ enabled=1 metadata_expire=1d gpgcheck=0 - From 752fd1ee72d1b4f398b5ada705497bd9e6ea98e7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 02:17:49 -0400 Subject: [PATCH 24/39] Rename iiab-testing.repo to iiab-testing.repo.unused --- .../templates/{iiab-testing.repo => iiab-testing.repo.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/templates/{iiab-testing.repo => iiab-testing.repo.unused} (100%) diff --git a/roles/2-common/templates/iiab-testing.repo b/roles/2-common/templates/iiab-testing.repo.unused similarity index 100% rename from roles/2-common/templates/iiab-testing.repo rename to roles/2-common/templates/iiab-testing.repo.unused From 06c4543828913d63f8b3b1e3b7bdb868a75379f0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 02:18:08 -0400 Subject: [PATCH 25/39] Update and rename li.nux.ro.repo to li.nux.ro.repo.unused --- .../templates/{li.nux.ro.repo => li.nux.ro.repo.unused} | 2 -- 1 file changed, 2 deletions(-) rename roles/2-common/templates/{li.nux.ro.repo => li.nux.ro.repo.unused} (98%) diff --git a/roles/2-common/templates/li.nux.ro.repo b/roles/2-common/templates/li.nux.ro.repo.unused similarity index 98% rename from roles/2-common/templates/li.nux.ro.repo rename to roles/2-common/templates/li.nux.ro.repo.unused index 299d01fe5..2e0a28112 100644 --- a/roles/2-common/templates/li.nux.ro.repo +++ b/roles/2-common/templates/li.nux.ro.repo.unused @@ -4,5 +4,3 @@ baseurl=http://li.nux.ro/download/nux/dextop/el7/x86_64/ enabled=0 gpgcheck=1 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro - - From c5b5b4c213f7037a618baf26f9b05408e765d585 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 02:18:20 -0400 Subject: [PATCH 26/39] Rename local.repo to local.repo.unused --- roles/2-common/templates/{local.repo => local.repo.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/2-common/templates/{local.repo => local.repo.unused} (100%) diff --git a/roles/2-common/templates/local.repo b/roles/2-common/templates/local.repo.unused similarity index 100% rename from roles/2-common/templates/local.repo rename to roles/2-common/templates/local.repo.unused From 45515f3ceb0962f98407e8ded5b46b5e7040a0bf Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 02:19:04 -0400 Subject: [PATCH 27/39] Update and rename rpmfusion-free-updates.repo to rpmfusion-free-updates.repo.unused --- ...sion-free-updates.repo => rpmfusion-free-updates.repo.unused} | 1 - 1 file changed, 1 deletion(-) rename roles/2-common/templates/{rpmfusion-free-updates.repo => rpmfusion-free-updates.repo.unused} (99%) diff --git a/roles/2-common/templates/rpmfusion-free-updates.repo b/roles/2-common/templates/rpmfusion-free-updates.repo.unused similarity index 99% rename from roles/2-common/templates/rpmfusion-free-updates.repo rename to roles/2-common/templates/rpmfusion-free-updates.repo.unused index 9ac901387..e10a34ab6 100644 --- a/roles/2-common/templates/rpmfusion-free-updates.repo +++ b/roles/2-common/templates/rpmfusion-free-updates.repo.unused @@ -21,4 +21,3 @@ mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-rele enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-$releasever - From ce6c5c507dbe81c24da78b28ebb2e485073e1315 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:02:23 -0400 Subject: [PATCH 28/39] Update 2-common/README.rst --- roles/2-common/README.rst | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/2-common/README.rst b/roles/2-common/README.rst index 90bee5c7e..5e1724d20 100644 --- a/roles/2-common/README.rst +++ b/roles/2-common/README.rst @@ -2,7 +2,13 @@ 2-common README =============== -This 2nd stage is for OS-level roles/packages/tasks *common* to all platforms, -prerequisites to building up a functioning server. +This 2nd `stage `_ is for OS-level basics *common* to all platforms, i.e. core prerequisites to building up a functioning `Internet-in-a-Box (IIAB) `_ server. -As in the case of 3-base-server, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing. +These are (partially) put in place: + +- IIAB directory structure (`file layout `_) +- Common `apt `_ software packages +- Networking (including the `iptables `_ firewall) +- `/usr/libexec/iiab-startup.sh `_ similar to AUTOEXEC.BAT and /etc/rc.local, in order to run jobs on boot + +As with 0-init, 1-prep, 3-base-server, 4-server-options and 5-xo-services, this stage installs core server infra (that is not user-facing). From 79003cdeb33c3a583b42b342c6a7c9184cc8b7bd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:04:37 -0400 Subject: [PATCH 29/39] Update 3-base-server/README.rst --- roles/3-base-server/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index a7abce597..1fae65ca0 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -2,7 +2,7 @@ 3-base-server README ==================== -This 3rd stage installs base server infra that Internet-in-a-Box requires, including: +This 3rd `stage `_ installs base server infra that `Internet-in-a-Box (IIAB) `_ requires, including: - `MySQL `_ (database underlying many/most user-facing apps). This IIAB role also installs apt package: - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** @@ -10,6 +10,6 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, inclu - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** - `www_base `_ (similar to `www_options `_ which runs later in 4-server-options) -Recap: as with 2-common, 4-server-options and 5-xo-services, this 3rd stage installs core server infra (that is not user-facing). +Recap: as with 0-init, 1-prep, 2-common, 4-server-options and 5-xo-services, this 3rd stage installs core server infra (that is not user-facing). The next stage (4-server-options) brings more diverse/optional server infra functionality. From ac855c4a17a3a36ee0693e97e8582dbc20ba8c87 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:05:45 -0400 Subject: [PATCH 30/39] Update 2-common/README.rst --- roles/2-common/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/README.rst b/roles/2-common/README.rst index 5e1724d20..df00cf7e1 100644 --- a/roles/2-common/README.rst +++ b/roles/2-common/README.rst @@ -11,4 +11,4 @@ These are (partially) put in place: - Networking (including the `iptables `_ firewall) - `/usr/libexec/iiab-startup.sh `_ similar to AUTOEXEC.BAT and /etc/rc.local, in order to run jobs on boot -As with 0-init, 1-prep, 3-base-server, 4-server-options and 5-xo-services, this stage installs core server infra (that is not user-facing). +Recap: as with 0-init, 1-prep, 3-base-server, 4-server-options and 5-xo-services, this 2nd stage installs core server infra (that is not user-facing). From 342942d46c1c8e31e1e1b7f33b64324f342a2f4a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:23:06 -0400 Subject: [PATCH 31/39] Update 4-server-options/README.rst --- roles/4-server-options/README.rst | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 61d79f77e..7384135b4 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -2,8 +2,18 @@ 4-server-options README ======================= -Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /etc/iiab/local_vars.yml +Whereas 3-base-server installs critical packages needed by all, this 4th `stage `_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml `_ -This includes some networking fundamentals, before they're configured later on. +This includes more networking fundamentals, that may further be configured later on. -As in the case of 2-common, 3-base-server and 5-xo-services: this stage installs core server infra, that is not user-facing. +Specifically, these might be installed: + +- Python libraries +- SSH daemon +- Bluetooth for Raspberry Pi +- Instant-sharing of `USB stick content `_ +- CUPS Printing +- Samba for Windows filesystems +- `www_options `_ + +Recap: as in the case of 0-init, 1-prep, 2-common, 3-base-server and 5-xo-services ⁠— this 4th stage installs core server infra (that is not user-facing). From 331d1e03d04823700a503ce5ec5051ff5292e2cf Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:24:08 -0400 Subject: [PATCH 32/39] Tweak 4-server-options/README.rst --- roles/4-server-options/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 7384135b4..6eb3fb46e 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -16,4 +16,4 @@ Specifically, these might be installed: - Samba for Windows filesystems - `www_options `_ -Recap: as in the case of 0-init, 1-prep, 2-common, 3-base-server and 5-xo-services ⁠— this 4th stage installs core server infra (that is not user-facing). +Recap: as with 0-init, 1-prep, 2-common, 3-base-server and 5-xo-services ⁠— this 4th stage installs core server infra (that is not user-facing). From 62126adc03797d7cb1332b83555c625348b8fcf2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:25:40 -0400 Subject: [PATCH 33/39] Update 5-xo-services/README.rst --- roles/5-xo-services/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/5-xo-services/README.rst b/roles/5-xo-services/README.rst index 1cb725bf7..42c73832c 100644 --- a/roles/5-xo-services/README.rst +++ b/roles/5-xo-services/README.rst @@ -2,6 +2,6 @@ 5-xo-services README ==================== -This 5th stage provides underlying services for One Laptop Per Child's XO laptops. +This 5th `stage `_ provides underlying services for One Laptop Per Child's XO laptops. -As in the case of 2-common, 3-base-server and 4-server-options: this stage installs core server infra, that is not user-facing. +Recap: As with 0-init, 1-prep, 2-common, 3-base-server and 4-server-options — this 5th stage installs core server infra (that is not user-facing). From 97434c98cac54a24f138b87c9322bce29d15d561 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:28:09 -0400 Subject: [PATCH 34/39] Tweak 3-base-server/README.rst --- roles/3-base-server/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 1fae65ca0..e458d7be0 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -10,6 +10,6 @@ This 3rd `stage `_ (similar to `www_options `_ which runs later in 4-server-options) -Recap: as with 0-init, 1-prep, 2-common, 4-server-options and 5-xo-services, this 3rd stage installs core server infra (that is not user-facing). +Recap: As with 0-init, 1-prep, 2-common, 4-server-options and 5-xo-services — this 3rd stage installs core server infra (that is not user-facing). The next stage (4-server-options) brings more diverse/optional server infra functionality. From 647e85d84edca9a2abd9738fc9328f1221ccf8c8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:28:38 -0400 Subject: [PATCH 35/39] Tweak 4-server-options/README.rst --- roles/4-server-options/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 6eb3fb46e..6355f85e7 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -16,4 +16,4 @@ Specifically, these might be installed: - Samba for Windows filesystems - `www_options `_ -Recap: as with 0-init, 1-prep, 2-common, 3-base-server and 5-xo-services ⁠— this 4th stage installs core server infra (that is not user-facing). +Recap: As with 0-init, 1-prep, 2-common, 3-base-server and 5-xo-services ⁠— this 4th stage installs core server infra (that is not user-facing). From dd584a0c6a7238764227270b76986a632cac4beb Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:29:49 -0400 Subject: [PATCH 36/39] Tweak 2-common/README.rst --- roles/2-common/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/README.rst b/roles/2-common/README.rst index df00cf7e1..be1ccd5c9 100644 --- a/roles/2-common/README.rst +++ b/roles/2-common/README.rst @@ -11,4 +11,4 @@ These are (partially) put in place: - Networking (including the `iptables `_ firewall) - `/usr/libexec/iiab-startup.sh `_ similar to AUTOEXEC.BAT and /etc/rc.local, in order to run jobs on boot -Recap: as with 0-init, 1-prep, 3-base-server, 4-server-options and 5-xo-services, this 2nd stage installs core server infra (that is not user-facing). +Recap: As with 0-init, 1-prep, 3-base-server, 4-server-options and 5-xo-services — this 2nd stage installs core server infra (that is not user-facing). From ce01a544bc6c23c5694fa8d4091aaa71f4d05393 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:33:23 -0400 Subject: [PATCH 37/39] Update 1-prep/README.rst --- roles/1-prep/README.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/README.rst b/roles/1-prep/README.rst index b8fe2d884..ef512e620 100644 --- a/roles/1-prep/README.rst +++ b/roles/1-prep/README.rst @@ -2,8 +2,8 @@ 1-prep README ============= -This 1st stage (1-prep) is primarily hardware-focused, prior to OS -additions/mods, but also includes critical pieces sometimes needed for +This 1st `stage `_ (1-prep) is primarily hardware-focused, prior to OS +additions/mods — but also includes critical pieces sometimes needed for remote support: - SSH @@ -14,3 +14,5 @@ Traditionally 1-prep also included preliminaries like hostname and hardware-oriented things specific to a particular platform (such as One Laptop Per Child's XO laptop) i.e. critical setup prior to the bulk of IIAB's software install. + +Recap: Similar to 0-init, 2-common, 3-base-server and 5-xo-services ⁠— this 1st stage installs core server infra (that is not user-facing). From 83a692cb47f70f77077540b3dc3b588122697e2a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 03:46:42 -0400 Subject: [PATCH 38/39] Update: 0-init/README.rst --- roles/0-init/README.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/0-init/README.rst b/roles/0-init/README.rst index acceaff33..a206b7d09 100644 --- a/roles/0-init/README.rst +++ b/roles/0-init/README.rst @@ -2,8 +2,10 @@ 0-init README ============= -For a higher-level view, please see `IIAB Installation `_ and http://FAQ.IIAB.IO +For a higher-level view of `Internet-in-a-Box (IIAB) `_, please see http://FAQ.IIAB.IO and `IIAB Installation `_. -This 0th stage literally sets the stage for Internet-in-a-Box (IIAB) installation, prior to Ansible running `Stages 1-to-9 <.>`_ and then the `network <../network>`_ stage. +This 0th `stage `_ literally sets the stage for IIAB installation, prior to Ansible running Stages 1-to-9, which are typically then followed by the `network <../network>`_ stage. -This serves to confirm low-level Ansible facts from the OS — e.g. for housekeeping tasks related to TZ (time zone), hostname, FQDN (fully-qualified domain name), unusual systemwide dependencies etc — and whether Internet is live so that IIAB installation can proceed. +But first: This 0th stage (0-init) serves to confirm low-level Ansible facts from the OS — e.g. for housekeeping tasks related to TZ (time zone), hostname, FQDN (fully-qualified domain name), unusual systemwide dependencies etc (and whether Internet is live) — so that IIAB installation can get underway. + +Recap: Similar to 1-prep, 2-common, 3-base-server, 4-server-options and 5-xo-services ⁠— this 0th stage installs core server infra (that is not user-facing). From ad895d71f34889b40e67982145e917311564dbcc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 04:04:51 -0400 Subject: [PATCH 39/39] Update 1-prep/README.rst --- roles/1-prep/README.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/1-prep/README.rst b/roles/1-prep/README.rst index ef512e620..d2b3bb8ee 100644 --- a/roles/1-prep/README.rst +++ b/roles/1-prep/README.rst @@ -6,13 +6,17 @@ This 1st `stage `_ username and group to log into Admin Console - OpenVPN software if/as needed later for remote support +- `raspberry_pi.yml `_ including RTC, essential packages, and networking basics Traditionally 1-prep also included preliminaries like hostname and hardware-oriented things specific to a particular platform (such as One Laptop Per Child's XO laptop) i.e. critical setup prior to the bulk of IIAB's software install. -Recap: Similar to 0-init, 2-common, 3-base-server and 5-xo-services ⁠— this 1st stage installs core server infra (that is not user-facing). +Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and 5-xo-services ⁠— this 1st stage installs core server infra (that is not user-facing).