external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #192 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2019-01-02 02:30:27 -05:00 committed by GitHub
commit d39f411da4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
25 changed files with 203 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

23
roles/0-init/tasks/main.yml
View file

@ -135,21 +135,24 @@
# For various reasons the mysql service cannot be enabled on Fedora 20, but # For various reasons the mysql service cannot be enabled on Fedora 20, but
# 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'. # 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'.
- name: "Set mysql_service: mariadb by default" # BETTER TO USE /opt/iiab/iiab/vars/<OS>.yml
set_fact: #- name: "Set mysql_service: mariadb by default"
mysql_service: mariadb # set_fact:
# mysql_service: mariadb
- name: "Set mysql_service: mysqld etc (Fedora 18)" - name: "Set mysql_service: mysqld etc (Fedora 18)"
set_fact: set_fact:
mysql_service: mysqld # BETTER TO USE /opt/iiab/iiab/vars/<OS>.yml
#mysql_service: mysqld
no_NM_reload: True no_NM_reload: True
is_F18: True is_F18: True
when: (ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18") and ansible_distribution == "Fedora" when: (ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18") and ansible_distribution == "Fedora"
- name: "Set mysql_service: mysql (debuntu)" # BETTER TO USE /opt/iiab/iiab/vars/<OS>.yml
set_fact: #- name: "Set mysql_service: mysql (debuntu)"
mysql_service: mysql # set_fact:
when: is_debuntu # mysql_service: mysql
# when: is_debuntu
- name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}" - name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}"
set_fact: set_fact:
@ -206,6 +209,10 @@
value: "{{ first_run }}" value: "{{ first_run }}"
- option: local_tz - option: local_tz
value: "{{ local_tz }}" value: "{{ local_tz }}"
- option: no_NM_reload
value: "{{ no_NM_reload }}"
- option: is_F18
value: "{{ is_F18 }}"
- option: FQDN_changed - option: FQDN_changed
value: "{{ FQDN_changed }}" value: "{{ FQDN_changed }}"

4
roles/2-common/tasks/packages.yml
View file

@ -33,7 +33,7 @@
state: present state: present
when: is_debuntu when: is_debuntu
- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, openssh-server, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget" - name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget"
package: package:
name: name:
- acpid - acpid
@ -52,7 +52,7 @@
- netmask - netmask
- net-tools - net-tools
- ntfs-3g - ntfs-3g
- openssh-server #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml
- pandoc - pandoc
- rsync - rsync
- sudo - sudo

38
roles/network/tasks/dnsmasq.yml
View file

@ -3,30 +3,18 @@
name: dnsmasq name: dnsmasq
state: present state: present
- name: Install /etc/dnsmasq.d/dnsmasq-iiab, allowing systemd-resolved AND dnsmasq to work (#1306) - name: Install /etc/dnsmasq.d/dnsmasq-iiab, allowing systemd-resolved AND dnsmasq to work (#1306) and custom unit file
template: template:
src: roles/network/templates/network/dnsmasq-iiab src: "{{ item.src }}"
dest: /etc/dnsmasq.d/dnsmasq-iiab dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'roles/network/templates/network/dnsmasq.service.u18', dest: '/etc/systemd/system/iiab-dnsmasq.service', mode: '0644' }
- { src: 'roles/network/templates/network/dnsmasq-iiab', dest: '/etc/dnsmasq.d/dnsmasq-iiab', mode: '644' }
#- name: Stop dnsmasq - name: Don't use stock dnsmasq systemd unit file during boot
# service: systemd:
# name: dnsmasq name: dnsmasq
# state: stopped enabled: no
#- name: Configure dnsmasq
# template:
# src: "{{ item.src }}"
# dest: "{{ item.dest }}"
# owner: root
# group: root
# mode: "{{ item.mode }}"
# with_items:
## - { src: 'network/dnsmasq.service.rh', dest: '/etc/systemd/system/dnsmasq.service', mode: '0644' }
# - { src: 'roles/network/templates/network/dnsmasq.conf.j2', dest: '/etc/dnsmasq.conf', mode: '644' }
#- name: Start dnsmasq
# systemd:
# name: dnsmasq
# state: restarted
# enabled: yes
# daemon_reload: yes

16
roles/network/tasks/enable_services.yml
View file

@ -47,24 +47,24 @@
enabled: no enabled: no
when: not named_enabled and named_install when: not named_enabled and named_install
- name: Disable dnsmasq, if not dnsmasq_enabled
systemd:
name: dnsmasq
enabled: no
when: not dnsmasq_enabled and dnsmasq_install
- name: Install /etc/dnsmasq.conf from template, if dnsmasq_enabled - name: Install /etc/dnsmasq.conf from template, if dnsmasq_enabled
template: template:
src: network/dnsmasq.conf.j2 src: network/dnsmasq.conf.j2
dest: /etc/dnsmasq.conf dest: /etc/dnsmasq.conf
when: dnsmasq_enabled and dnsmasq_install when: dnsmasq_enabled and dnsmasq_install
- name: Enable dnsmasq systemd service, if dnsmasq_enabled - name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled
systemd: systemd:
name: dnsmasq name: iiab-dnsmasq
enabled: yes enabled: yes
when: dnsmasq_enabled and dnsmasq_install when: dnsmasq_enabled and dnsmasq_install
- name: Disable iiab-dnsmasq, if not dnsmasq_enabled
systemd:
name: iiab-dnsmasq
enabled: no
when: not dnsmasq_enabled and dnsmasq_install
- name: Enable DansGuardian systemd service, if dansguardian_enabled - name: Enable DansGuardian systemd service, if dansguardian_enabled
systemd: systemd:
name: dansguardian name: dansguardian

11
roles/network/tasks/main.yml
View file

@ -104,9 +104,16 @@
tags: tags:
- network - network
- name: NetworkManager in use (if ubuntu-18 and network_manager_active) - name: Netplan in use on ubuntu 18
include_tasks: netplan.yml
when: is_ubuntu_18
#and not installing
tags:
- network
- name: NetworkManager in use
include_tasks: NM-debian.yml include_tasks: NM-debian.yml
when: is_ubuntu_18 and network_manager_active when: is_debuntu and network_manager_active
#and not installing #and not installing
tags: tags:
- network - network

70
roles/network/tasks/netplan.yml Normal file
View file

@ -0,0 +1,70 @@
# netplan.yml
- name: Figure out netplan file name on Ubuntu 18
shell: ls /etc/netplan
register: netplan
- name: Disable cloud-init the easy way
shell: touch /etc/cloud/cloud-init.disabled
when: ("item" == "50-cloud-init.yaml")
with_items:
- "{{ netplan.stdout_lines }}"
- name: Remove stock netplan template
file:
state: absent
dest: /etc/netplan/{{ item }}
with_items:
- "{{ netplan.stdout_lines }}"
when: netplan.stdout.find("yaml") != -1
- name: Cheap way to do systemd unmask
file:
state: absent
dest: /etc/systemd/system/systemd-networkd-wait-online.service
- name: Ensure systemd-networkd-wait-online is enabled
systemd:
name: "{{ item }}"
enabled: yes
with_items:
- systemd-networkd-wait-online
when: systemd_networkd_active
# ICO will always set gui_static_wan_ip away from the default of 'unset' while
# gui_static_wan turns dhcp on/off through wan_ip in computed_network and
# overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars
# is a oneway street to static.
- name: Static IP computing CIDR
shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}'
register: CIDR
when: wan_ip != "dhcp"
- name: Static IP setting CIDR
set_fact:
wan_cidr: "{{ CIDR.stdout }}"
when: wan_ip != "dhcp"
- name: Supply netplan template
template:
dest: /etc/netplan/01-iiab-config.yaml
src: network/netplan.j2
backup: no
# should blow up here if we messed up the yml file
#- name: Generate netplan config
# shell: netplan generate --debug
#- name: Stopping services
# include_tasks: down-debian.yml
# wants a controlling terminal for the ENTER key, so it fails
#- name: Test netplan config
# shell: netplan try --debug --timeout=2
# register: test-netplan
# ignore_errors: True
# and does not apply the generated config until rebooted
# or ignore the above test - on the fence atm...
#- name: Reload netplan
# shell: netplan apply
# when: not no_net_restart and test-netplan == "Configuration accepted"

40
roles/network/tasks/sysd-netd-debian.yml
View file

@ -17,16 +17,11 @@
src: network/systemd-br0-slave.j2 src: network/systemd-br0-slave.j2
when: iiab_wired_lan_iface is defined and iiab_lan_iface == "br0" when: iiab_wired_lan_iface is defined and iiab_lan_iface == "br0"
- name: Stopping services - name: Remove static WAN template
include_tasks: down-debian.yml file:
state: absent
- name: Disable and mask systemd-networkd-wait-online dest: /etc/systemd/network/IIAB-Static.network
systemd: when: wan_ip == "dhcp"
name: systemd-networkd-wait-online
enabled: no
masked: yes
state: stopped
when: is_ubuntu_18
- name: Static IP computing CIDR - name: Static IP computing CIDR
shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}' shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}'
@ -38,34 +33,15 @@
wan_cidr: "{{ CIDR.stdout }}" wan_cidr: "{{ CIDR.stdout }}"
when: wan_ip != "dhcp" when: wan_ip != "dhcp"
- name: Figure out netplan file name on Ubuntu 18
shell: ls /etc/netplan
register: netplan
when: is_ubuntu_18
# ICO will always set gui_static_wan_ip away from the default of 'unset' while
# gui_static_wan turns dhcp on/off through wan_ip in computed_network and
# overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars
# is a oneway street to static.
- name: Supply static template
template:
dest: /etc/netplan/{{ netplan.stdout }}
src: network/cloud-init.j2
backup: no
when: (wan_ip != "dhcp" or gui_static_wan_ip == "undefined") and is_ubuntu_18
- name: Remove static WAN template
file:
state: absent
dest: /etc/systemd/network/IIAB-Static.network
when: wan_ip == "dhcp" and not is_ubuntu_18
- name: Supply static WAN template - name: Supply static WAN template
template: template:
dest: /etc/systemd/network/IIAB-Static.network dest: /etc/systemd/network/IIAB-Static.network
src: network/systemd-static-net.j2 src: network/systemd-static-net.j2
when: wan_ip != "dhcp" and not is_ubuntu_18 when: wan_ip != "dhcp" and not is_ubuntu_18
- name: Stopping services
include_tasks: down-debian.yml
- name: Reload systemd - name: Reload systemd
systemd: systemd:
daemon_reload: yes daemon_reload: yes

3
roles/network/templates/hostapd/hostapd.service.j2
View file

@ -1,6 +1,7 @@
[Unit] [Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=network-online.target Before=network.target
Wants=network-pre.target
[Service] [Service]
Type=idle Type=idle

23
roles/network/templates/network/cloud-init.j2
View file

@ -1,23 +0,0 @@
{% if wan_ip != "dhcp" %}
network:
ethernets:
{{ iiab_wan_iface }}:
addresses:
- {{ wan_ip }}/{{ wan_cidr }}
gateway4: {{ wan_gateway }}
nameservers:
addresses:
- {{ wan_nameserver }}
search:
- {{ iiab_domain }}
optional: true
version: 2
{% else %}
network:
ethernets:
{{ iiab_wan_iface }}:
addresses: []
dhcp4: true
optional: true
version: 2
{% endif %}

11
roles/network/templates/network/dnsmasq.service.u18 Normal file
View file

@ -0,0 +1,11 @@
[Unit]
Description=Network iiab-dnsmasq
After=network-online.target
Requires=network-online.target
[Service]
Type=oneshot
ExecStart=/bin/systemctl start dnsmasq
[Install]
WantedBy=multi-user.target

4
roles/network/templates/network/iiab-hotspot-off
View file

@ -2,8 +2,8 @@
sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf
systemctl disable hostapd systemctl disable hostapd
systemctl stop hostapd systemctl stop hostapd
systemctl disable dhcpd systemctl disable dnsmasq
systemctl stop dhcpd systemctl stop dnsmasq
systemctl daemon-reload systemctl daemon-reload
systemctl restart dhcpcd systemctl restart dhcpcd
systemctl restart networking systemctl restart networking

4
roles/network/templates/network/iiab-hotspot-on
View file

@ -2,12 +2,12 @@
cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf
sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf
systemctl enable hostapd systemctl enable hostapd
systemctl enable dhcpd systemctl enable dnsmasq
systemctl daemon-reload systemctl daemon-reload
systemctl restart dhcpcd systemctl restart dhcpcd
systemctl restart networking systemctl restart networking
systemctl start hostapd systemctl start hostapd
systemctl start dhcpd systemctl start dnsmasq
# Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease" # Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease"
# Disable "promiscuous" on wlan0 when AP (i.e. no WiFi gateway) # Disable "promiscuous" on wlan0 when AP (i.e. no WiFi gateway)

37
roles/network/templates/network/netplan.j2 Normal file
View file

@ -0,0 +1,37 @@
network:
version: 2
{% if network_manager_active %}
renderer: NetworkManager
{% else %}
renderer: networkd
{% endif %}
ethernets:
{{ iiab_wan_iface }}:
{% if wan_ip != "dhcp" %}
addresses:
- {{ wan_ip }}/{{ wan_cidr }}
gateway4: {{ wan_gateway }}
nameservers:
addresses:
- {{ wan_nameserver }}
search:
- {{ iiab_domain }}
{% else %}
dhcp4: yes
{% endif %}
#{% if iiab_lan_iface == "br0" %}
# bridges:
# # the key name is the name for virtual (created) interfaces
# br0:
# # IDs of the components; switchports expands into multiple interfaces
# # interfaces: [switchports]
# # should really compute the netmask like the wan side
# addresses: [ {{ lan_ip }}/19]
# # there should really not be a gateway present testing to prove
# gateway4: {{ lan_ip }}
# nameservers:
# addresses: [{{ lan_ip }}]
# parameters:
# forward-delay: 0
# stp: false
#{% endif %}

11
roles/sshd/tasks/main.yml
View file

@ -1,9 +1,16 @@
- name: Install ssh daemon
package:
name: "{{ sshd_package }}"
state: present
when: sshd_enabled
- name: Disable root login with password - name: Disable root login with password
lineinfile: lineinfile:
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin' regexp: '^PermitRootLogin'
line: 'PermitRootLogin without-password' line: 'PermitRootLogin without-password'
state: present state: present
when: sshd_enabled
#TODO: use handler to reload ssh #TODO: use handler to reload ssh
- name: Create root .ssh - name: Create root .ssh
@ -25,14 +32,14 @@
force: no force: no
when: sshd_enabled when: sshd_enabled
- name: Enable & start sshd - name: Enable & start ssh daemon
service: service:
name: "{{ sshd_service }}" name: "{{ sshd_service }}"
enabled: yes enabled: yes
state: started state: started
when: sshd_enabled when: sshd_enabled
- name: Disable sshd - name: Disable ssh daemon
service: service:
name: "{{ sshd_service }}" name: "{{ sshd_service }}"
enabled: no enabled: no

1
vars/centos-7.yml
View file

@ -14,6 +14,7 @@ systemctl_program: /usr/bin/systemctl
mysql_service: mariadb mysql_service: mariadb
dhcp_service: dhcpd dhcp_service: dhcpd
apache_log: /var/log/httpd/access_log apache_log: /var/log/httpd/access_log
sshd_package: openssh-server
sshd_service: sshd sshd_service: sshd
php_version: 7.0 php_version: 7.0
postgresql_version: 9.5 postgresql_version: 9.5

1
vars/debian-10.yml
View file

@ -15,6 +15,7 @@ nmb_service: nmbd
systemctl_program: /bin/systemctl systemctl_program: /bin/systemctl
mysql_service: mariadb mysql_service: mariadb
apache_log: /var/log/apache2/access.log apache_log: /var/log/apache2/access.log
sshd_package: openssh-server
sshd_service: ssh sshd_service: ssh
php_version: 7.1 php_version: 7.1
postgresql_version: 10 postgresql_version: 10

1
vars/debian-8.yml
View file

@ -14,6 +14,7 @@ nmb_service: nmbd
systemctl_program: /bin/systemctl systemctl_program: /bin/systemctl
mysql_service: mysql mysql_service: mysql
apache_log: /var/log/apache2/access.log apache_log: /var/log/apache2/access.log
sshd_package: openssh-server
sshd_service: ssh sshd_service: ssh
php_version: 5 php_version: 5
postgresql_version: 9.4 postgresql_version: 9.4

3
vars/debian-9.yml
View file

@ -13,8 +13,9 @@ apache_log_dir: /var/log/apache2
smb_service: smbd smb_service: smbd
nmb_service: nmbd nmb_service: nmbd
systemctl_program: /bin/systemctl systemctl_program: /bin/systemctl
mysql_service: mysql mysql_service: mariadb
apache_log: /var/log/apache2/access.log apache_log: /var/log/apache2/access.log
sshd_package: openssh-server
sshd_service: ssh sshd_service: ssh
php_version: 7.0 php_version: 7.0
postgresql_version: 9.6 postgresql_version: 9.6

3
vars/fedora-18.yml
View file

@ -10,10 +10,11 @@ apache_log_dir: /var/log/httpd
smb_service: smb smb_service: smb
nmb_service: nmb nmb_service: nmb
systemctl_program: /usr/bin/systemctl systemctl_program: /usr/bin/systemctl
mysql_service: mariadb mysql_service: mysqld
apache_log: /var/log/httpd/access_log apache_log: /var/log/httpd/access_log
apache_log_dir: /var/log/httpd apache_log_dir: /var/log/httpd
php_version: 5 php_version: 5
sshd_package: openssh-server
sshd_service: sshd sshd_service: sshd
nextcloud_install: False nextcloud_install: False
nextcloud_enabled: False nextcloud_enabled: False

1
vars/fedora-22.yml
View file

@ -12,6 +12,7 @@ nmb_service: nmb
systemctl_program: /usr/bin/systemctl systemctl_program: /usr/bin/systemctl
mysql_service: mariadb mysql_service: mariadb
apache_log: /var/log/httpd/access_log apache_log: /var/log/httpd/access_log
sshd_package: openssh-server
sshd_service: sshd sshd_service: sshd
systemd_location: /usr/lib/systemd/system systemd_location: /usr/lib/systemd/system
# Upgrade OS's own Calibre to very latest: # Upgrade OS's own Calibre to very latest:

1
vars/raspbian-8.yml
View file

@ -16,6 +16,7 @@ nmb_service: nmbd
systemctl_program: /bin/systemctl systemctl_program: /bin/systemctl
mysql_service: mysql mysql_service: mysql
apache_log: /var/log/apache2/access.log apache_log: /var/log/apache2/access.log
sshd_package: ssh
sshd_service: ssh sshd_service: ssh
php_version: 5 php_version: 5
postgresql_version: 9.4 postgresql_version: 9.4

3
vars/raspbian-9.yml
View file

@ -15,8 +15,9 @@ apache_log_dir: /var/log/apache2
smb_service: smbd smb_service: smbd
nmb_service: nmbd nmb_service: nmbd
systemctl_program: /bin/systemctl systemctl_program: /bin/systemctl
mysql_service: mysql mysql_service: mariadb
apache_log: /var/log/apache2/access.log apache_log: /var/log/apache2/access.log
sshd_package: ssh
sshd_service: ssh sshd_service: ssh
php_version: 7.0 php_version: 7.0
postgresql_version: 9.6 postgresql_version: 9.6

1
vars/ubuntu-16.yml
View file

@ -15,6 +15,7 @@ nmb_service: nmbd
systemctl_program: /bin/systemctl systemctl_program: /bin/systemctl
mysql_service: mysql mysql_service: mysql
apache_log: /var/log/apache2/access.log apache_log: /var/log/apache2/access.log
sshd_package: openssh-server
sshd_service: ssh sshd_service: ssh
php_version: 7.0 php_version: 7.0
postgresql_version: 9.5 postgresql_version: 9.5

1
vars/ubuntu-17.yml
View file

@ -15,6 +15,7 @@ systemctl_program: /bin/systemctl
# issue raised # issue raised
mysql_service: mysql mysql_service: mysql
apache_log: /var/log/apache2/access.log apache_log: /var/log/apache2/access.log
sshd_package: openssh-server
sshd_service: ssh sshd_service: ssh
php_version: 7.1 php_version: 7.1
postgresql_version: 9.6 postgresql_version: 9.6

3
vars/ubuntu-18.yml
View file

@ -14,8 +14,9 @@ smb_service: smbd
nmb_service: nmbd nmb_service: nmbd
systemctl_program: /bin/systemctl systemctl_program: /bin/systemctl
# issue raised # issue raised
mysql_service: mysql mysql_service: mariadb
apache_log: /var/log/apache2/access.log apache_log: /var/log/apache2/access.log
sshd_package: openssh-server
sshd_service: ssh sshd_service: ssh
php_version: 7.2 php_version: 7.2
# "postgresql_version: 10.3" fails (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 18.04) # "postgresql_version: 10.3" fails (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 18.04)