From 93694e853bae6eace8435f08fc62e65d188fd476 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 13 Dec 2018 03:09:15 -0600 Subject: [PATCH 01/45] split out netplan --- roles/network/tasks/main.yml | 11 ++++++-- roles/network/tasks/sysd-netd-debian.yml | 36 ++++-------------------- 2 files changed, 15 insertions(+), 32 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index bc210ad21..5da1061e4 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -104,16 +104,23 @@ tags: - network +- name: Netplan in use on ubuntu 18 + include_tasks: netplan.yml + when: is_ubuntu_18 +#and not installing + tags: + - network + - name: NetworkManager in use (if ubuntu-18 and network_manager_active) include_tasks: NM-debian.yml - when: is_ubuntu_18 and network_manager_active + when: not is_ubuntu_18 and network_manager_active #and not installing tags: - network - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml - when: is_debuntu and systemd_networkd_active + when: not is_ubuntu_18 and is_debuntu and systemd_networkd_active #and not installing tags: - network diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 804e314d7..e4b8218a6 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -20,13 +20,11 @@ - name: Stopping services include_tasks: down-debian.yml -- name: Disable and mask systemd-networkd-wait-online - systemd: - name: systemd-networkd-wait-online - enabled: no - masked: yes - state: stopped - when: is_ubuntu_18 +- name: Remove static WAN template + file: + state: absent + dest: /etc/systemd/network/IIAB-Static.network + when: wan_ip == "dhcp" - name: Static IP computing CIDR shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}' @@ -38,33 +36,11 @@ wan_cidr: "{{ CIDR.stdout }}" when: wan_ip != "dhcp" -- name: Figure out netplan file name on Ubuntu 18 - shell: ls /etc/netplan - register: netplan - when: is_ubuntu_18 - -# ICO will always set gui_static_wan_ip away from the default of 'unset' while -# gui_static_wan turns dhcp on/off through wan_ip in computed_network and -# overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars -# is a oneway street to static. -- name: Supply static template - template: - dest: /etc/netplan/{{ netplan.stdout }} - src: network/cloud-init.j2 - backup: no - when: (wan_ip != "dhcp" or gui_static_wan_ip == "undefined") and is_ubuntu_18 - -- name: Remove static WAN template - file: - state: absent - dest: /etc/systemd/network/IIAB-Static.network - when: wan_ip == "dhcp" and not is_ubuntu_18 - - name: Supply static WAN template template: dest: /etc/systemd/network/IIAB-Static.network src: network/systemd-static-net.j2 - when: wan_ip != "dhcp" and not is_ubuntu_18 + when: wan_ip != "dhcp" - name: Reload systemd systemd: From 343d00848fa5a47f5266f9a84e2f0e08134da788 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 13 Dec 2018 05:07:08 -0600 Subject: [PATCH 02/45] split out netplan2 --- roles/network/tasks/netplan.yml | 66 +++++++++++++++++++ roles/network/templates/network/cloud-init.j2 | 23 ------- roles/network/templates/network/netplan.j2 | 41 ++++++++++++ 3 files changed, 107 insertions(+), 23 deletions(-) create mode 100644 roles/network/tasks/netplan.yml delete mode 100644 roles/network/templates/network/cloud-init.j2 create mode 100644 roles/network/templates/network/netplan.j2 diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml new file mode 100644 index 000000000..b05caf8e3 --- /dev/null +++ b/roles/network/tasks/netplan.yml @@ -0,0 +1,66 @@ +# netplan.yml +- name: Figure out netplan file name on Ubuntu 18 + shell: ls /etc/netplan + register: netplan + +- name: Remove stock netplan template + file: + state: absent + dest: /etc/netplan/{{ netplan }} + +# Was needed at one point retesting current needs +#- name: Disable and mask systemd-networkd-wait-online +# systemd: +# name: systemd-networkd-wait-online +# enabled: no +# masked: yes +# state: stopped + +- name: Disable and mask cloud-init + systemd: + name: "{{ item }}" + enabled: no + masked: yes + state: stopped + with_items: + - cloud-init-local + - cloud-init + when: "{{ netplan }}" == "50-cloud-init.yaml" + +# ICO will always set gui_static_wan_ip away from the default of 'unset' while +# gui_static_wan turns dhcp on/off through wan_ip in computed_network and +# overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars +# is a oneway street to static. + +- name: Static IP computing CIDR + shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}' + register: CIDR + when: wan_ip != "dhcp" + +- name: Static IP setting CIDR + set_fact: + wan_cidr: "{{ CIDR.stdout }}" + when: wan_ip != "dhcp" + +- name: Supply netplan template + template: + dest: /etc/netplan/01-iiab-config + src: network/netplan.j2 + backup: no + +- name: Stopping services + include_tasks: down-debian.yml + +- name: generate netplan config + shell: netplan generate --debug + +# wants a controlling terminal so it fails +- name: test netplan config + shell: netplan try --debug --timeout=2 + register: test-netplan + ignore_errors: True + +# and does not apply this config until rebooted or ignore the above test +- name: Reload netplan + shell: netplan apply + when: not no_net_restart and test-netplan == "Configuration accepted" diff --git a/roles/network/templates/network/cloud-init.j2 b/roles/network/templates/network/cloud-init.j2 deleted file mode 100644 index 32fc6f7d0..000000000 --- a/roles/network/templates/network/cloud-init.j2 +++ /dev/null @@ -1,23 +0,0 @@ -{% if wan_ip != "dhcp" %} -network: - ethernets: - {{ iiab_wan_iface }}: - addresses: - - {{ wan_ip }}/{{ wan_cidr }} - gateway4: {{ wan_gateway }} - nameservers: - addresses: - - {{ wan_nameserver }} - search: - - {{ iiab_domain }} - optional: true - version: 2 -{% else %} -network: - ethernets: - {{ iiab_wan_iface }}: - addresses: [] - dhcp4: true - optional: true - version: 2 -{% endif %} diff --git a/roles/network/templates/network/netplan.j2 b/roles/network/templates/network/netplan.j2 new file mode 100644 index 000000000..d54cf748a --- /dev/null +++ b/roles/network/templates/network/netplan.j2 @@ -0,0 +1,41 @@ +network: + version: 2 +{% if network_manager_active %} + renderer: NetworkManager +{% else %} + renderer: networkd +{% endif %} + ethernets: +{% if wan_ip != "dhcp" %} + {{ iiab_wan_iface }}: + addresses: + - {{ wan_ip }}/{{ wan_cidr }} + gateway4: {{ wan_gateway }} + nameservers: + addresses: + - {{ wan_nameserver }} + search: + - {{ iiab_domain }} + optional: true +{% else %} + {{ iiab_wan_iface }}: + addresses: [] + dhcp4: true + optional: true +{% endif %} +{% if iiab_lan_iface == "br0" %} + bridges: + # the key name is the name for virtual (created) interfaces + br0: + # IDs of the components; switchports expands into multiple interfaces + # interfaces: [switchports] + # should really compute the netmask like the wan side + addresses: [ {{ lan_ip }}/19] + # there should really not be a gateway present testing to prove + gateway4: {{ lan_ip }} + nameservers: + addresses: [{{ lan_ip }}] + parameters: + forward-delay: 0 + stp: false +{% endif %} From d0c66fb4d3c421b4d824ff8bed7c1b7960a8e0e5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 13 Dec 2018 05:40:36 -0600 Subject: [PATCH 03/45] refine netplan --- roles/network/tasks/netplan.yml | 44 ++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index b05caf8e3..2bd0f67e8 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,21 +1,11 @@ # netplan.yml - name: Figure out netplan file name on Ubuntu 18 - shell: ls /etc/netplan + shell: ls /etc/netplan | grep -v -e 01-iiab-config register: netplan -- name: Remove stock netplan template - file: - state: absent - dest: /etc/netplan/{{ netplan }} - -# Was needed at one point retesting current needs -#- name: Disable and mask systemd-networkd-wait-online -# systemd: -# name: systemd-networkd-wait-online -# enabled: no -# masked: yes -# state: stopped - +# Think 50-cloud-init.yaml is created on the fly by cloud-init on every boot +# need to double check the timestamps of the file on a rebooted machine +# disable cloud-init if that holds true - name: Disable and mask cloud-init systemd: name: "{{ item }}" @@ -27,11 +17,24 @@ - cloud-init when: "{{ netplan }}" == "50-cloud-init.yaml" +- name: Remove stock netplan template + file: + state: absent + dest: /etc/netplan/{{ netplan }} + when: netplan != "" + +# Was needed at one point retesting current needs +#- name: Disable and mask systemd-networkd-wait-online +# systemd: +# name: systemd-networkd-wait-online +# enabled: no +# masked: yes +# state: stopped + # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and # overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars # is a oneway street to static. - - name: Static IP computing CIDR shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}' register: CIDR @@ -48,19 +51,20 @@ src: network/netplan.j2 backup: no -- name: Stopping services - include_tasks: down-debian.yml - - name: generate netplan config shell: netplan generate --debug -# wants a controlling terminal so it fails +- name: Stopping services + include_tasks: down-debian.yml + +# wants a controlling terminal for the ENTER key, so it fails - name: test netplan config shell: netplan try --debug --timeout=2 register: test-netplan ignore_errors: True -# and does not apply this config until rebooted or ignore the above test +# and does not apply the generated config until rebooted +# or ignore the above test - on the fence atm... - name: Reload netplan shell: netplan apply when: not no_net_restart and test-netplan == "Configuration accepted" From 14dd29eba4a1a6a8b28a2de58e98c369878b98f3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 13 Dec 2018 05:50:53 -0600 Subject: [PATCH 04/45] refine netplan2 --- roles/network/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 5da1061e4..a4e8ce098 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -111,14 +111,14 @@ tags: - network -- name: NetworkManager in use (if ubuntu-18 and network_manager_active) +- name: NetworkManager in use - non Ubuntu 18 include_tasks: NM-debian.yml when: not is_ubuntu_18 and network_manager_active #and not installing tags: - network -- name: systemd-networkd in use +- name: systemd-networkd in use - non Ubuntu 18 include_tasks: sysd-netd-debian.yml when: not is_ubuntu_18 and is_debuntu and systemd_networkd_active #and not installing From 967102bc4f2e82eca76032a2dad36aa30303b45e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 13 Dec 2018 07:34:29 -0600 Subject: [PATCH 05/45] easier way to disable cloud-init --- roles/network/tasks/netplan.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 2bd0f67e8..903312856 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -6,15 +6,19 @@ # Think 50-cloud-init.yaml is created on the fly by cloud-init on every boot # need to double check the timestamps of the file on a rebooted machine # disable cloud-init if that holds true -- name: Disable and mask cloud-init - systemd: - name: "{{ item }}" - enabled: no - masked: yes - state: stopped - with_items: - - cloud-init-local - - cloud-init +#- name: Disable and mask cloud-init +# systemd: +# name: "{{ item }}" +# enabled: no +# masked: yes +# state: stopped +# with_items: +# - cloud-init-local +# - cloud-init +# when: "{{ netplan }}" == "50-cloud-init.yaml" + +- name: Disable cloud-init + shell: touch /etc/cloud/cloud-init.disabled when: "{{ netplan }}" == "50-cloud-init.yaml" - name: Remove stock netplan template From 3167f8133a3c9256d33a7014b9e63934ac23f6f6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 13 Dec 2018 10:10:36 -0600 Subject: [PATCH 06/45] #1320 fix for U-18 dnsmasq --- roles/network/tasks/netplan.yml | 44 +++++++++---------- .../templates/hostapd/hostapd.service.j2 | 3 +- .../templates/network/dnsmasq.service.u18 | 13 ++++++ 3 files changed, 37 insertions(+), 23 deletions(-) create mode 100644 roles/network/templates/network/dnsmasq.service.u18 diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 903312856..c26729ebd 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -3,21 +3,7 @@ shell: ls /etc/netplan | grep -v -e 01-iiab-config register: netplan -# Think 50-cloud-init.yaml is created on the fly by cloud-init on every boot -# need to double check the timestamps of the file on a rebooted machine -# disable cloud-init if that holds true -#- name: Disable and mask cloud-init -# systemd: -# name: "{{ item }}" -# enabled: no -# masked: yes -# state: stopped -# with_items: -# - cloud-init-local -# - cloud-init -# when: "{{ netplan }}" == "50-cloud-init.yaml" - -- name: Disable cloud-init +- name: Disable cloud-init the easy way shell: touch /etc/cloud/cloud-init.disabled when: "{{ netplan }}" == "50-cloud-init.yaml" @@ -27,13 +13,27 @@ dest: /etc/netplan/{{ netplan }} when: netplan != "" -# Was needed at one point retesting current needs -#- name: Disable and mask systemd-networkd-wait-online -# systemd: -# name: systemd-networkd-wait-online -# enabled: no -# masked: yes -# state: stopped +### NM might need attention also +- name: Disable the stock dnsmasq unit file that starts too early with systemd_networkd_active + systemd: + name: dnsmasq + enabled: no + when: systemd_networkd_active + +- name: Install dnsmasq helper unit file when systemd_networkd_active + template: + src: network/dnsmasq.service.u18 + dest: /etc/systemd/system/iiab-dnsmasq.service + when: systemd_networkd_active + +- name: Ensure required dnsmasq unit files are enabled for reboot systemd_networkd_active + systemd: + name: "{{ item }}" + enabled: yes + with_items: + - iiab-dnsmasq + - systemd-networkd-wait-online + when: systemd_networkd_active # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and diff --git a/roles/network/templates/hostapd/hostapd.service.j2 b/roles/network/templates/hostapd/hostapd.service.j2 index 1fec56e5a..98d524cb7 100644 --- a/roles/network/templates/hostapd/hostapd.service.j2 +++ b/roles/network/templates/hostapd/hostapd.service.j2 @@ -1,6 +1,7 @@ [Unit] Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -After=network-online.target +Requires=network.target +Before=network-online.target [Service] Type=idle diff --git a/roles/network/templates/network/dnsmasq.service.u18 b/roles/network/templates/network/dnsmasq.service.u18 new file mode 100644 index 000000000..38c28dd00 --- /dev/null +++ b/roles/network/templates/network/dnsmasq.service.u18 @@ -0,0 +1,13 @@ +Unit] +Description=Network iiab-dnsmasq +Wants=network.target +After=network-online.target +Requires=network-online.target +Requires=systemd-networkd-wait-online + +[Service] +Type=oneshot +ExecStart=/bin/systemctl start dnsmasq + +[Install] +WantedBy=multi-user.target From 27470ab830d3708cd6b98211da16e02e7c9b0572 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 13 Dec 2018 10:43:11 -0600 Subject: [PATCH 07/45] stdout_lines --- roles/network/tasks/netplan.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index c26729ebd..2d029f08d 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -5,13 +5,17 @@ - name: Disable cloud-init the easy way shell: touch /etc/cloud/cloud-init.disabled - when: "{{ netplan }}" == "50-cloud-init.yaml" + when: "{{ item }}" == "50-cloud-init.yaml" + with_items: + - "{{ netplan.stdout_lines }}" - name: Remove stock netplan template file: state: absent - dest: /etc/netplan/{{ netplan }} - when: netplan != "" + dest: /etc/netplan/{{ item }} + when: "{{ item }}" != "" + with_items: + - "{{ netplan.stdout_lines }}" ### NM might need attention also - name: Disable the stock dnsmasq unit file that starts too early with systemd_networkd_active From 80f6902828ee5982eada6a7be0f926860b36ab81 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Dec 2018 07:27:59 -0600 Subject: [PATCH 08/45] Update roles/network/templates/network/dnsmasq.service.u18 Co-Authored-By: jvonau --- roles/network/templates/network/dnsmasq.service.u18 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/network/dnsmasq.service.u18 b/roles/network/templates/network/dnsmasq.service.u18 index 38c28dd00..d4bbb7a30 100644 --- a/roles/network/templates/network/dnsmasq.service.u18 +++ b/roles/network/templates/network/dnsmasq.service.u18 @@ -1,4 +1,4 @@ -Unit] +[Unit] Description=Network iiab-dnsmasq Wants=network.target After=network-online.target From eb9a2228879e8f6021675969d4a574b8e484fa7d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Dec 2018 07:28:19 -0600 Subject: [PATCH 09/45] Update roles/network/tasks/netplan.yml Co-Authored-By: jvonau --- roles/network/tasks/netplan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 2d029f08d..844734ad1 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -55,7 +55,7 @@ - name: Supply netplan template template: - dest: /etc/netplan/01-iiab-config + dest: /etc/netplan/01-iiab-config src: network/netplan.j2 backup: no From c0f2d38d1cf4cb2dab5c14705c60d74d757797c3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Dec 2018 07:28:37 -0600 Subject: [PATCH 10/45] Update roles/network/tasks/netplan.yml Co-Authored-By: jvonau --- roles/network/tasks/netplan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 844734ad1..5042bc30e 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -59,7 +59,7 @@ src: network/netplan.j2 backup: no -- name: generate netplan config +- name: Generate netplan config shell: netplan generate --debug - name: Stopping services From f24e6009454bb09573a39d51d97dff236105ac86 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 14 Dec 2018 07:28:47 -0600 Subject: [PATCH 11/45] Update roles/network/tasks/netplan.yml Co-Authored-By: jvonau --- roles/network/tasks/netplan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 5042bc30e..b6214f018 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -66,7 +66,7 @@ include_tasks: down-debian.yml # wants a controlling terminal for the ENTER key, so it fails -- name: test netplan config +- name: Test netplan config shell: netplan try --debug --timeout=2 register: test-netplan ignore_errors: True From 69e36e9fc10887a2aef5bf159b8b2226c05f9439 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 14 Dec 2018 13:16:40 -0600 Subject: [PATCH 12/45] clean-up --- roles/network/templates/network/dnsmasq.service.u18 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/network/templates/network/dnsmasq.service.u18 b/roles/network/templates/network/dnsmasq.service.u18 index d4bbb7a30..aba426678 100644 --- a/roles/network/templates/network/dnsmasq.service.u18 +++ b/roles/network/templates/network/dnsmasq.service.u18 @@ -1,9 +1,7 @@ [Unit] Description=Network iiab-dnsmasq -Wants=network.target After=network-online.target Requires=network-online.target -Requires=systemd-networkd-wait-online [Service] Type=oneshot From 7cade0c0528824cd55c8a14cfa78cb90432c03d6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 14 Dec 2018 13:31:33 -0600 Subject: [PATCH 13/45] boot time speed up --- roles/network/templates/hostapd/hostapd.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/hostapd/hostapd.service.j2 b/roles/network/templates/hostapd/hostapd.service.j2 index 98d524cb7..4094b812a 100644 --- a/roles/network/templates/hostapd/hostapd.service.j2 +++ b/roles/network/templates/hostapd/hostapd.service.j2 @@ -1,7 +1,7 @@ [Unit] Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -Requires=network.target -Before=network-online.target +Before=network.target +Wants=network-pre.target [Service] Type=idle From d6690b25372a76e1b36c11f1084ad3fa82b8ea59 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 14 Dec 2018 13:54:46 -0600 Subject: [PATCH 14/45] lets not use netplan for bridges --- roles/network/tasks/main.yml | 8 +++--- roles/network/tasks/netplan.yml | 32 +++++++++++----------- roles/network/templates/network/netplan.j2 | 32 +++++++++++----------- 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a4e8ce098..3d8473888 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -111,16 +111,16 @@ tags: - network -- name: NetworkManager in use - non Ubuntu 18 +- name: NetworkManager in use include_tasks: NM-debian.yml - when: not is_ubuntu_18 and network_manager_active + when: is_debuntu and network_manager_active #and not installing tags: - network -- name: systemd-networkd in use - non Ubuntu 18 +- name: systemd-networkd in use include_tasks: sysd-netd-debian.yml - when: not is_ubuntu_18 and is_debuntu and systemd_networkd_active + when: is_debuntu and systemd_networkd_active #and not installing tags: - network diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index b6214f018..2c43305f6 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -7,7 +7,7 @@ shell: touch /etc/cloud/cloud-init.disabled when: "{{ item }}" == "50-cloud-init.yaml" with_items: - - "{{ netplan.stdout_lines }}" + - "{{ netplan.stdout }}" - name: Remove stock netplan template file: @@ -15,20 +15,20 @@ dest: /etc/netplan/{{ item }} when: "{{ item }}" != "" with_items: - - "{{ netplan.stdout_lines }}" + - "{{ netplan.stdout }}" ### NM might need attention also - name: Disable the stock dnsmasq unit file that starts too early with systemd_networkd_active systemd: name: dnsmasq enabled: no - when: systemd_networkd_active +# when: systemd_networkd_active - name: Install dnsmasq helper unit file when systemd_networkd_active template: src: network/dnsmasq.service.u18 dest: /etc/systemd/system/iiab-dnsmasq.service - when: systemd_networkd_active +# when: systemd_networkd_active - name: Ensure required dnsmasq unit files are enabled for reboot systemd_networkd_active systemd: @@ -37,7 +37,7 @@ with_items: - iiab-dnsmasq - systemd-networkd-wait-online - when: systemd_networkd_active +# when: systemd_networkd_active # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and @@ -59,20 +59,20 @@ src: network/netplan.j2 backup: no -- name: Generate netplan config - shell: netplan generate --debug +#- name: Generate netplan config +# shell: netplan generate --debug -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml # wants a controlling terminal for the ENTER key, so it fails -- name: Test netplan config - shell: netplan try --debug --timeout=2 - register: test-netplan - ignore_errors: True +#- name: Test netplan config +# shell: netplan try --debug --timeout=2 +# register: test-netplan +# ignore_errors: True # and does not apply the generated config until rebooted # or ignore the above test - on the fence atm... -- name: Reload netplan - shell: netplan apply - when: not no_net_restart and test-netplan == "Configuration accepted" +#- name: Reload netplan +# shell: netplan apply +# when: not no_net_restart and test-netplan == "Configuration accepted" diff --git a/roles/network/templates/network/netplan.j2 b/roles/network/templates/network/netplan.j2 index d54cf748a..9223307d4 100644 --- a/roles/network/templates/network/netplan.j2 +++ b/roles/network/templates/network/netplan.j2 @@ -23,19 +23,19 @@ network: dhcp4: true optional: true {% endif %} -{% if iiab_lan_iface == "br0" %} - bridges: - # the key name is the name for virtual (created) interfaces - br0: - # IDs of the components; switchports expands into multiple interfaces - # interfaces: [switchports] - # should really compute the netmask like the wan side - addresses: [ {{ lan_ip }}/19] - # there should really not be a gateway present testing to prove - gateway4: {{ lan_ip }} - nameservers: - addresses: [{{ lan_ip }}] - parameters: - forward-delay: 0 - stp: false -{% endif %} +#{% if iiab_lan_iface == "br0" %} +# bridges: +# # the key name is the name for virtual (created) interfaces +# br0: +# # IDs of the components; switchports expands into multiple interfaces +# # interfaces: [switchports] +# # should really compute the netmask like the wan side +# addresses: [ {{ lan_ip }}/19] +# # there should really not be a gateway present testing to prove +# gateway4: {{ lan_ip }} +# nameservers: +# addresses: [{{ lan_ip }}] +# parameters: +# forward-delay: 0 +# stp: false +#{% endif %} From 3e36883758644033bcf12e03bef3a3eac29a6d72 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 14 Dec 2018 14:04:34 -0600 Subject: [PATCH 15/45] networkd only --- roles/network/tasks/netplan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 2c43305f6..6572e7321 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -37,7 +37,7 @@ with_items: - iiab-dnsmasq - systemd-networkd-wait-online -# when: systemd_networkd_active + when: systemd_networkd_active # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and From bba77de643f9e51edd82a297b8cd307a6a8a6114 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 15 Dec 2018 18:55:18 +0000 Subject: [PATCH 16/45] yaml syntax --- roles/network/tasks/netplan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 6572e7321..f8b53e037 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,11 +1,11 @@ # netplan.yml - name: Figure out netplan file name on Ubuntu 18 - shell: ls /etc/netplan | grep -v -e 01-iiab-config + shell: ls /etc/netplan register: netplan - name: Disable cloud-init the easy way shell: touch /etc/cloud/cloud-init.disabled - when: "{{ item }}" == "50-cloud-init.yaml" + when: ("item" == "50-cloud-init.yaml") with_items: - "{{ netplan.stdout }}" @@ -13,9 +13,9 @@ file: state: absent dest: /etc/netplan/{{ item }} - when: "{{ item }}" != "" with_items: - "{{ netplan.stdout }}" + when: netplan.stdout.find("yml") != -1 ### NM might need attention also - name: Disable the stock dnsmasq unit file that starts too early with systemd_networkd_active From ab8017647a627e5359f616078c980f914efb21d5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 16 Dec 2018 06:26:55 -0600 Subject: [PATCH 17/45] Apply suggestions from code review as requested Co-Authored-By: jvonau --- roles/network/tasks/netplan.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index f8b53e037..6087be6a2 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -7,14 +7,14 @@ shell: touch /etc/cloud/cloud-init.disabled when: ("item" == "50-cloud-init.yaml") with_items: - - "{{ netplan.stdout }}" + - "{{ netplan.stdout }}" - name: Remove stock netplan template file: state: absent dest: /etc/netplan/{{ item }} with_items: - - "{{ netplan.stdout }}" + - "{{ netplan.stdout }}" when: netplan.stdout.find("yml") != -1 ### NM might need attention also @@ -35,8 +35,8 @@ name: "{{ item }}" enabled: yes with_items: - - iiab-dnsmasq - - systemd-networkd-wait-online + - iiab-dnsmasq + - systemd-networkd-wait-online when: systemd_networkd_active # ICO will always set gui_static_wan_ip away from the default of 'unset' while From 82e1a6fe635d40e7e6c9aba965b7e9f4055e1d5e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Dec 2018 06:39:19 -0600 Subject: [PATCH 18/45] use netplan for static wan interface on U-18 --- roles/network/tasks/sysd-netd-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index e4b8218a6..876648868 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -40,7 +40,7 @@ template: dest: /etc/systemd/network/IIAB-Static.network src: network/systemd-static-net.j2 - when: wan_ip != "dhcp" + when: wan_ip != "dhcp" and not is_ubuntu_18 - name: Reload systemd systemd: From f4a99abaf2bd85f2f4fb222da015fda87c3d269b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Dec 2018 07:22:38 -0600 Subject: [PATCH 19/45] less time without services --- roles/network/tasks/sysd-netd-debian.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 876648868..bfacace0d 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -17,9 +17,6 @@ src: network/systemd-br0-slave.j2 when: iiab_wired_lan_iface is defined and iiab_lan_iface == "br0" -- name: Stopping services - include_tasks: down-debian.yml - - name: Remove static WAN template file: state: absent @@ -42,6 +39,9 @@ src: network/systemd-static-net.j2 when: wan_ip != "dhcp" and not is_ubuntu_18 +- name: Stopping services + include_tasks: down-debian.yml + - name: Reload systemd systemd: daemon_reload: yes From 00152a076947a361779c8e50ea5592ad9349509b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 16 Dec 2018 07:52:50 -0600 Subject: [PATCH 20/45] use iiab-dnsmasq.service everywhere --- roles/network/tasks/dnsmasq.yml | 38 +++++++++---------------- roles/network/tasks/enable_services.yml | 16 +++++------ roles/network/tasks/netplan.yml | 17 ++--------- 3 files changed, 23 insertions(+), 48 deletions(-) diff --git a/roles/network/tasks/dnsmasq.yml b/roles/network/tasks/dnsmasq.yml index c02d6972b..4b7d73a9c 100644 --- a/roles/network/tasks/dnsmasq.yml +++ b/roles/network/tasks/dnsmasq.yml @@ -3,30 +3,18 @@ name: dnsmasq state: present -- name: Install /etc/dnsmasq.d/dnsmasq-iiab, allowing systemd-resolved AND dnsmasq to work (#1306) +- name: Install /etc/dnsmasq.d/dnsmasq-iiab, allowing systemd-resolved AND dnsmasq to work (#1306) and custom unit file template: - src: roles/network/templates/network/dnsmasq-iiab - dest: /etc/dnsmasq.d/dnsmasq-iiab + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + with_items: + - { src: 'roles/network/templates/network/dnsmasq.service.u18', dest: '/etc/systemd/system/iiab-dnsmasq.service', mode: '0644' } + - { src: 'roles/network/templates/network/dnsmasq-iiab', dest: '/etc/dnsmasq.d/dnsmasq-iiab', mode: '644' } -#- name: Stop dnsmasq -# service: -# name: dnsmasq -# state: stopped - -#- name: Configure dnsmasq -# template: -# src: "{{ item.src }}" -# dest: "{{ item.dest }}" -# owner: root -# group: root -# mode: "{{ item.mode }}" -# with_items: -## - { src: 'network/dnsmasq.service.rh', dest: '/etc/systemd/system/dnsmasq.service', mode: '0644' } -# - { src: 'roles/network/templates/network/dnsmasq.conf.j2', dest: '/etc/dnsmasq.conf', mode: '644' } - -#- name: Start dnsmasq -# systemd: -# name: dnsmasq -# state: restarted -# enabled: yes -# daemon_reload: yes +- name: Don't use stock dnsmasq systemd unit file during boot + systemd: + name: dnsmasq + enabled: no diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 640a52d75..272e9e490 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -47,24 +47,24 @@ enabled: no when: not named_enabled and named_install -- name: Disable dnsmasq, if not dnsmasq_enabled - systemd: - name: dnsmasq - enabled: no - when: not dnsmasq_enabled and dnsmasq_install - - name: Install /etc/dnsmasq.conf from template, if dnsmasq_enabled template: src: network/dnsmasq.conf.j2 dest: /etc/dnsmasq.conf when: dnsmasq_enabled and dnsmasq_install -- name: Enable dnsmasq systemd service, if dnsmasq_enabled +- name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled systemd: - name: dnsmasq + name: iiab-dnsmasq enabled: yes when: dnsmasq_enabled and dnsmasq_install +- name: Disable iiab-dnsmasq, if not dnsmasq_enabled + systemd: + name: iiab-dnsmasq + enabled: no + when: not dnsmasq_enabled and dnsmasq_install + - name: Enable DansGuardian systemd service, if dansguardian_enabled systemd: name: dansguardian diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 6087be6a2..e5b653c78 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -17,25 +17,11 @@ - "{{ netplan.stdout }}" when: netplan.stdout.find("yml") != -1 -### NM might need attention also -- name: Disable the stock dnsmasq unit file that starts too early with systemd_networkd_active - systemd: - name: dnsmasq - enabled: no -# when: systemd_networkd_active - -- name: Install dnsmasq helper unit file when systemd_networkd_active - template: - src: network/dnsmasq.service.u18 - dest: /etc/systemd/system/iiab-dnsmasq.service -# when: systemd_networkd_active - -- name: Ensure required dnsmasq unit files are enabled for reboot systemd_networkd_active +- name: Ensure systemd-networkd-wait-online is enabled systemd: name: "{{ item }}" enabled: yes with_items: - - iiab-dnsmasq - systemd-networkd-wait-online when: systemd_networkd_active @@ -59,6 +45,7 @@ src: network/netplan.j2 backup: no +# should blow up here if we messed up the yml file #- name: Generate netplan config # shell: netplan generate --debug From 08278279257fcfa29147dd52a0882d7aa2eefb91 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 29 Dec 2018 11:47:18 -0600 Subject: [PATCH 21/45] use .yml with file name, allow removal of more than one file name --- roles/network/tasks/netplan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index e5b653c78..76428caf7 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -7,14 +7,14 @@ shell: touch /etc/cloud/cloud-init.disabled when: ("item" == "50-cloud-init.yaml") with_items: - - "{{ netplan.stdout }}" + - "{{ netplan.stdout_lines }}" - name: Remove stock netplan template file: state: absent dest: /etc/netplan/{{ item }} with_items: - - "{{ netplan.stdout }}" + - "{{ netplan.stdout_lines }}" when: netplan.stdout.find("yml") != -1 - name: Ensure systemd-networkd-wait-online is enabled @@ -41,7 +41,7 @@ - name: Supply netplan template template: - dest: /etc/netplan/01-iiab-config + dest: /etc/netplan/01-iiab-config.yml src: network/netplan.j2 backup: no From 4c93054d452a5efb0051566ead1b38c571de42b1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 29 Dec 2018 13:16:47 -0600 Subject: [PATCH 22/45] using supplied 01-netcfg.yaml as example note the use of yes in place of true for dhcp4 --- roles/network/templates/network/netplan.j2 | 32 ++++++++++------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/roles/network/templates/network/netplan.j2 b/roles/network/templates/network/netplan.j2 index 9223307d4..ece05aa49 100644 --- a/roles/network/templates/network/netplan.j2 +++ b/roles/network/templates/network/netplan.j2 @@ -1,27 +1,23 @@ network: - version: 2 + version: 2 {% if network_manager_active %} - renderer: NetworkManager + renderer: NetworkManager {% else %} - renderer: networkd + renderer: networkd {% endif %} - ethernets: + ethernets: + {{ iiab_wan_iface }}: {% if wan_ip != "dhcp" %} - {{ iiab_wan_iface }}: - addresses: - - {{ wan_ip }}/{{ wan_cidr }} - gateway4: {{ wan_gateway }} - nameservers: - addresses: - - {{ wan_nameserver }} - search: - - {{ iiab_domain }} - optional: true + addresses: + - {{ wan_ip }}/{{ wan_cidr }} + gateway4: {{ wan_gateway }} + nameservers: + addresses: + - {{ wan_nameserver }} + search: + - {{ iiab_domain }} {% else %} - {{ iiab_wan_iface }}: - addresses: [] - dhcp4: true - optional: true + dhcp4: yes {% endif %} #{% if iiab_lan_iface == "br0" %} # bridges: From 4c14ae3e3781e27e65767f54fe829ee0fb9977a3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 29 Dec 2018 13:49:06 -0600 Subject: [PATCH 23/45] use .yaml instead of .yml --- roles/network/tasks/netplan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 76428caf7..7e01fefeb 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -15,7 +15,7 @@ dest: /etc/netplan/{{ item }} with_items: - "{{ netplan.stdout_lines }}" - when: netplan.stdout.find("yml") != -1 + when: netplan.stdout.find("yaml") != -1 - name: Ensure systemd-networkd-wait-online is enabled systemd: @@ -41,7 +41,7 @@ - name: Supply netplan template template: - dest: /etc/netplan/01-iiab-config.yml + dest: /etc/netplan/01-iiab-config.yaml src: network/netplan.j2 backup: no From 346ad4cde6f775ff2febb0d629e188ad735fcf42 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 29 Dec 2018 14:14:56 -0600 Subject: [PATCH 24/45] cheap unmasking --- roles/network/tasks/netplan.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 7e01fefeb..9f5d8837f 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -17,6 +17,11 @@ - "{{ netplan.stdout_lines }}" when: netplan.stdout.find("yaml") != -1 +- name: Cheap way to do systemd unmask + file: + state: absent + dest: /etc/systemd/system/systemd-networkd-wait-online.service + - name: Ensure systemd-networkd-wait-online is enabled systemd: name: "{{ item }}" From d468d8619ac7c1c9d2cad29160569dcecb36d3ef Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 20:55:23 -0500 Subject: [PATCH 25/45] Update ubuntu-18.yml --- vars/ubuntu-18.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/ubuntu-18.yml b/vars/ubuntu-18.yml index 9fb269ac9..9373b838a 100644 --- a/vars/ubuntu-18.yml +++ b/vars/ubuntu-18.yml @@ -14,9 +14,9 @@ smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl # issue raised -mysql_service: mysql +mysql_service: mariadb apache_log: /var/log/apache2/access.log -sshd_service: ssh +sshd_service: openssh-server php_version: 7.2 # "postgresql_version: 10.3" fails (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 18.04) postgresql_version: 10 From b0ba162063e78f5fffa6ce28b8092f062b608d46 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:04:01 -0500 Subject: [PATCH 26/45] Update raspbian-9.yml --- vars/raspbian-9.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/raspbian-9.yml b/vars/raspbian-9.yml index 4cc2d18b1..2f6415f4e 100644 --- a/vars/raspbian-9.yml +++ b/vars/raspbian-9.yml @@ -15,7 +15,7 @@ apache_log_dir: /var/log/apache2 smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl -mysql_service: mysql +mysql_service: mariadb apache_log: /var/log/apache2/access.log sshd_service: ssh php_version: 7.0 From c0d4b37ab9e48ae237cf9b1fd037b78eca5d5c4d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:08:29 -0500 Subject: [PATCH 27/45] Update fedora-18.yml --- vars/fedora-18.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/fedora-18.yml b/vars/fedora-18.yml index 378463b84..8a5d11781 100644 --- a/vars/fedora-18.yml +++ b/vars/fedora-18.yml @@ -10,7 +10,7 @@ apache_log_dir: /var/log/httpd smb_service: smb nmb_service: nmb systemctl_program: /usr/bin/systemctl -mysql_service: mariadb +mysql_service: mysqld apache_log: /var/log/httpd/access_log apache_log_dir: /var/log/httpd php_version: 5 From 38fcf3742ed00254a3d27a6538c7a8125348992f Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:11:09 -0500 Subject: [PATCH 28/45] Update debian-9.yml --- vars/debian-9.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/debian-9.yml b/vars/debian-9.yml index 6477bf86f..bdceb9892 100644 --- a/vars/debian-9.yml +++ b/vars/debian-9.yml @@ -13,9 +13,9 @@ apache_log_dir: /var/log/apache2 smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl -mysql_service: mysql +mysql_service: mariadb apache_log: /var/log/apache2/access.log -sshd_service: ssh +sshd_service: openssh-server php_version: 7.0 postgresql_version: 9.6 systemd_location: /lib/systemd/system From ec48f4e2b6445c68b5f1bda4248504277316a74b Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:21:29 -0500 Subject: [PATCH 29/45] Update main.yml --- roles/0-init/tasks/main.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 59cd5d2ed..12ddc7918 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -135,21 +135,24 @@ # For various reasons the mysql service cannot be enabled on Fedora 20, but # 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'. -- name: "Set mysql_service: mariadb by default" - set_fact: - mysql_service: mariadb +# BETTER TO USE /opt/iiab/iiab/vars/.yml +#- name: "Set mysql_service: mariadb by default" +# set_fact: +# mysql_service: mariadb - name: "Set mysql_service: mysqld etc (Fedora 18)" set_fact: - mysql_service: mysqld + # BETTER TO USE /opt/iiab/iiab/vars/.yml + #mysql_service: mysqld no_NM_reload: True is_F18: True when: (ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18") and ansible_distribution == "Fedora" -- name: "Set mysql_service: mysql (debuntu)" - set_fact: - mysql_service: mysql - when: is_debuntu +# BETTER TO USE /opt/iiab/iiab/vars/.yml +#- name: "Set mysql_service: mysql (debuntu)" +# set_fact: +# mysql_service: mysql +# when: is_debuntu - name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}" set_fact: @@ -206,6 +209,10 @@ value: "{{ first_run }}" - option: local_tz value: "{{ local_tz }}" + - option: no_NM_reload + value: "{{ no_NM_reload }}" + - option: is_F18 + value: "{{ is_F18 }}" - option: FQDN_changed value: "{{ FQDN_changed }}" From fbab149ff98d9020c01037d84b430db17de488d7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:44:19 -0500 Subject: [PATCH 30/45] Update main.yml --- roles/sshd/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 567fd72dd..7a0f54a55 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -1,3 +1,9 @@ +- name: Install ssh daemon + package: + name: "{{ sshd_package }}" + state: present + when: sshd_enabled + - name: Disable root login with password lineinfile: dest: /etc/ssh/sshd_config From 8acd71e155a7da6d14f0cfe10b3857edad106406 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:49:09 -0500 Subject: [PATCH 31/45] Update debian-9.yml --- vars/debian-9.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/debian-9.yml b/vars/debian-9.yml index bdceb9892..856c9fa7e 100644 --- a/vars/debian-9.yml +++ b/vars/debian-9.yml @@ -15,7 +15,8 @@ nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb apache_log: /var/log/apache2/access.log -sshd_service: openssh-server +sshd_package: openssh-server +sshd_service: ssh php_version: 7.0 postgresql_version: 9.6 systemd_location: /lib/systemd/system From 8d4d1a4ec4246feb879b6890f898359edf0167fa Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:49:31 -0500 Subject: [PATCH 32/45] Update raspbian-9.yml --- vars/raspbian-9.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/raspbian-9.yml b/vars/raspbian-9.yml index 2f6415f4e..3084cb761 100644 --- a/vars/raspbian-9.yml +++ b/vars/raspbian-9.yml @@ -17,6 +17,7 @@ nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb apache_log: /var/log/apache2/access.log +sshd_package: ssh sshd_service: ssh php_version: 7.0 postgresql_version: 9.6 From 780801f517f47c429f37a9764d7abb7899bc9a8e Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:49:51 -0500 Subject: [PATCH 33/45] Update fedora-18.yml --- vars/fedora-18.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/fedora-18.yml b/vars/fedora-18.yml index 8a5d11781..71377feca 100644 --- a/vars/fedora-18.yml +++ b/vars/fedora-18.yml @@ -14,6 +14,7 @@ mysql_service: mysqld apache_log: /var/log/httpd/access_log apache_log_dir: /var/log/httpd php_version: 5 +sshd_package: openssh-server sshd_service: sshd nextcloud_install: False nextcloud_enabled: False From 5f1831afd828b9c142e20b1e0f0761c431c13d4c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:50:11 -0500 Subject: [PATCH 34/45] Update fedora-22.yml --- vars/fedora-22.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/fedora-22.yml b/vars/fedora-22.yml index 986a58f1b..4c295e475 100644 --- a/vars/fedora-22.yml +++ b/vars/fedora-22.yml @@ -12,6 +12,7 @@ nmb_service: nmb systemctl_program: /usr/bin/systemctl mysql_service: mariadb apache_log: /var/log/httpd/access_log +sshd_package: openssh-server sshd_service: sshd systemd_location: /usr/lib/systemd/system # Upgrade OS's own Calibre to very latest: From ddcaca8d932531a6aec93f903b7585123116428c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:50:24 -0500 Subject: [PATCH 35/45] Update ubuntu-18.yml --- vars/ubuntu-18.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/ubuntu-18.yml b/vars/ubuntu-18.yml index 9373b838a..b1bd1fd53 100644 --- a/vars/ubuntu-18.yml +++ b/vars/ubuntu-18.yml @@ -16,7 +16,8 @@ systemctl_program: /bin/systemctl # issue raised mysql_service: mariadb apache_log: /var/log/apache2/access.log -sshd_service: openssh-server +sshd_package: openssh-server +sshd_service: ssh php_version: 7.2 # "postgresql_version: 10.3" fails (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 18.04) postgresql_version: 10 From e6c7f6fc8b7551f4441d381a609d9428d0a4e0bb Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:50:57 -0500 Subject: [PATCH 36/45] Update centos-7.yml --- vars/centos-7.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/centos-7.yml b/vars/centos-7.yml index 82b7fb824..1c584df8a 100644 --- a/vars/centos-7.yml +++ b/vars/centos-7.yml @@ -14,6 +14,7 @@ systemctl_program: /usr/bin/systemctl mysql_service: mariadb dhcp_service: dhcpd apache_log: /var/log/httpd/access_log +sshd_package: openssh-server sshd_service: sshd php_version: 7.0 postgresql_version: 9.5 From 05d49da9b1dba7afc97eb0273947aa934e85d6e8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:51:30 -0500 Subject: [PATCH 37/45] Update debian-10.yml --- vars/debian-10.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/debian-10.yml b/vars/debian-10.yml index bf4245c86..dd820dd0c 100644 --- a/vars/debian-10.yml +++ b/vars/debian-10.yml @@ -15,6 +15,7 @@ nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb apache_log: /var/log/apache2/access.log +sshd_package: openssh-server sshd_service: ssh php_version: 7.1 postgresql_version: 10 From 3281898c245c676d180c6b1d466f6cfc433f59ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:53:04 -0500 Subject: [PATCH 38/45] Update debian-8.yml --- vars/debian-8.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/debian-8.yml b/vars/debian-8.yml index 7d39b347b..8027ed3a6 100644 --- a/vars/debian-8.yml +++ b/vars/debian-8.yml @@ -14,6 +14,7 @@ nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mysql apache_log: /var/log/apache2/access.log +sshd_package: openssh-server sshd_service: ssh php_version: 5 postgresql_version: 9.4 From 7ccf82779241b44a51d5b35ff66619ece7e68be9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:54:44 -0500 Subject: [PATCH 39/45] Update raspbian-8.yml --- vars/raspbian-8.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/raspbian-8.yml b/vars/raspbian-8.yml index edbdd4606..9b66b9af2 100644 --- a/vars/raspbian-8.yml +++ b/vars/raspbian-8.yml @@ -16,6 +16,7 @@ nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mysql apache_log: /var/log/apache2/access.log +sshd_package: ssh sshd_service: ssh php_version: 5 postgresql_version: 9.4 From ad2647b380014951d3c622c059a09442fc0c5e93 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 21:58:30 -0500 Subject: [PATCH 40/45] Update main.yml --- roles/sshd/tasks/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 7a0f54a55..b57335ada 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -10,6 +10,7 @@ regexp: '^PermitRootLogin' line: 'PermitRootLogin without-password' state: present + when: sshd_enabled #TODO: use handler to reload ssh - name: Create root .ssh @@ -31,14 +32,14 @@ force: no when: sshd_enabled -- name: Enable & start sshd +- name: Enable & start ssh daemon service: name: "{{ sshd_service }}" enabled: yes state: started when: sshd_enabled -- name: Disable sshd +- name: Disable ssh daemon service: name: "{{ sshd_service }}" enabled: no From dc13c7b557aea0b52b2f22dca73456208ca43ee4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 22:10:06 -0500 Subject: [PATCH 41/45] Update packages.yml --- roles/2-common/tasks/packages.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index fcff88c52..e27f24f75 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -33,7 +33,7 @@ state: present when: is_debuntu -- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, openssh-server, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget" +- name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget" package: name: - acpid @@ -52,7 +52,7 @@ - netmask - net-tools - ntfs-3g - - openssh-server + #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml - pandoc - rsync - sudo From 156fa2bd2f416cc90884598992362e191db45fd9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 22:33:28 -0500 Subject: [PATCH 42/45] Update ubuntu-16.yml --- vars/ubuntu-16.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/ubuntu-16.yml b/vars/ubuntu-16.yml index 2d1e28283..e8eea1d8d 100644 --- a/vars/ubuntu-16.yml +++ b/vars/ubuntu-16.yml @@ -15,6 +15,7 @@ nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mysql apache_log: /var/log/apache2/access.log +sshd_package: openssh-server sshd_service: ssh php_version: 7.0 postgresql_version: 9.5 From dbc8423e28f1f77a32c3ef9f38e482afeee87e96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jan 2019 22:33:32 -0500 Subject: [PATCH 43/45] Update ubuntu-17.yml --- vars/ubuntu-17.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/ubuntu-17.yml b/vars/ubuntu-17.yml index ac3b285c7..a198e9d3d 100644 --- a/vars/ubuntu-17.yml +++ b/vars/ubuntu-17.yml @@ -15,6 +15,7 @@ systemctl_program: /bin/systemctl # issue raised mysql_service: mysql apache_log: /var/log/apache2/access.log +sshd_package: openssh-server sshd_service: ssh php_version: 7.1 postgresql_version: 9.6 From ac569245c5c67afab65d1c5238a740bb5aa4b84e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Jan 2019 01:04:41 -0500 Subject: [PATCH 44/45] Update iiab-hotspot-on --- roles/network/templates/network/iiab-hotspot-on | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/network/iiab-hotspot-on index 5d225abeb..10cebc660 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/network/iiab-hotspot-on @@ -2,12 +2,12 @@ cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf systemctl enable hostapd -systemctl enable dhcpd +systemctl enable dnsmasq systemctl daemon-reload systemctl restart dhcpcd systemctl restart networking systemctl start hostapd -systemctl start dhcpd +systemctl start dnsmasq # Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease" # Disable "promiscuous" on wlan0 when AP (i.e. no WiFi gateway) From bb402fe24bb626634c7840ba519872efbca92b05 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 2 Jan 2019 01:05:06 -0500 Subject: [PATCH 45/45] Update iiab-hotspot-off --- roles/network/templates/network/iiab-hotspot-off | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index 0bb81e8f2..59301a55b 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -2,8 +2,8 @@ sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf systemctl disable hostapd systemctl stop hostapd -systemctl disable dhcpd -systemctl stop dhcpd +systemctl disable dnsmasq +systemctl stop dnsmasq systemctl daemon-reload systemctl restart dhcpcd systemctl restart networking