diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index 9adbf7ad8..44ffb7c1a 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -62,20 +62,27 @@ network_config_dir: /etc/network/interfaces.d
dns_jail_enabled: False
services_externally_visible: False
-# Following variables set for old Apache, dhcpd, named usage
+# DNS / name resolution
dhcpd_install: True
dhcpd_enabled: True
+#dhcp_service: ???? # Appears nec for roles/network/tasks/dhcpd.yml ?
+dhcp_service2: disabled # Proposed by @jvonau to solve #1184 -> PR #1185 as required by roles/network/tasks/computed_services.yml ?
named_install: True
-named_enabled: True
-dnsmasq_enabled: False
-dnsmasq_install: False
+named_enabled: False
+dnsmasq_enabled: True
+dnsmasq_install: True
-# For @tim-moody's Nodogsplash approach to Captive Portal? High experimental as of June 2018: github.com/iiab/iiab/issues/608
-captive_portal_enabled: False
-
-# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
+# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
+# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
+# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)
py_captive_portal_install: True
py_captive_portal_enabled: True
py_captive_portal_port: "9090"
py_captive_portal_username: "Admin"
py_captive_portal_password: "changeme"
+# In a pinch, disable it by running: systemctl disable py-captive-portal
+
+# For @tim-moody's Nodogsplash approach to Captive Portal?
+# Highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608
+# captive_portal_install: False
+# captive_portal_enabled: False
diff --git a/roles/network/tasks/NM.yml b/roles/network/tasks/NM.yml
index 3bbe5a872..7139e44f8 100644
--- a/roles/network/tasks/NM.yml
+++ b/roles/network/tasks/NM.yml
@@ -1,20 +1,33 @@
- name: Restart NetworkManager services
- service: name=NetworkManager
- enabled=yes
- state=stopped
-- service: name=NetworkManager-dispatcher
- enabled=yes
- state=stopped
-- wait_for: path=/etc/passwd
- delay=4
- timeout=5
-- service: name=NetworkManager
- enabled=yes
- state=started
-- wait_for: path=/etc/passwd
- delay=4
- timeout=5
-- service: name=NetworkManager-dispatcher
- enabled=yes
- state=started
-- debug: msg="hopefully now NM is restarted"
+ service:
+ name: NetworkManager
+ enabled: yes
+ state: stopped
+
+- service:
+ name: NetworkManager-dispatcher
+ enabled: yes
+ state: stopped
+
+- wait_for:
+ path: /etc/passwd
+ delay: 4
+ timeout: 5
+
+- service:
+ name: NetworkManager
+ enabled: yes
+ state: started
+
+- wait_for:
+ path: /etc/passwd
+ delay: 4
+ timeout: 5
+
+- service:
+ name: NetworkManager-dispatcher
+ enabled: yes
+ state: started
+
+- debug:
+ msg: "hopefully now NM is restarted"
diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml
index 0801a477f..414a9d1a9 100644
--- a/roles/network/tasks/avahi.yml
+++ b/roles/network/tasks/avahi.yml
@@ -1,40 +1,47 @@
-- name: Create a user for avahi
- user: name=avahi
- createhome=no
- shell=/bin/false
+- name: Create a user for avahi (debuntu)
+ user:
+ name: avahi
+ createhome: no
+ shell: /bin/false
when: is_debuntu
-- name: Install avahi announce config files
- template: src=avahi/schoolserver.service
- dest=/etc/avahi/services/schoolserver.service
- owner=avahi
- group=avahi
- mode=0640
+- name: Install avahi announce config file /etc/avahi/services/schoolserver.service
+ template:
+ src: avahi/schoolserver.service
+ dest: /etc/avahi/services/schoolserver.service
+ owner: avahi
+ group: avahi
+ mode: 0640
when: 'gui_wan == True'
-- name: Find a clean copy of ssh.service
- shell: "ls /usr/share/doc/ |grep avahi | head -n1"
+- name: Find avahi_ver for clean copy of ssh.service (not debuntu)
+ shell: "ls /usr/share/doc/ | grep avahi | head -n1"
register: avahi_ver
ignore_errors: True
changed_when: false
+ # when: not is_debuntu # would cause failures 6 lines below
-- name: Grab a clean copy of ssh.service
- copy: src='/usr/share/doc/{{ avahi_ver.stdout }}/ssh.service'
- dest='/etc/avahi/services/'
+- name: Grab a clean copy of ssh.service (not debuntu)
+ copy:
+ src: '/usr/share/doc/{{ avahi_ver.stdout }}/ssh.service'
+ dest: /etc/avahi/services/
when: avahi_ver.stdout != "" and not is_debuntu
-- name: Grab a clean copy of ssh.service
- copy: src='/usr/share/doc/avahi-daemon/examples/ssh.service'
- dest='/etc/avahi/services/'
+- name: Grab a clean copy of ssh.service (debuntu)
+ copy:
+ src: /usr/share/doc/avahi-daemon/examples/ssh.service
+ dest: /etc/avahi/services/
when: is_debuntu
- name: Set ssh port for avahi
- lineinfile: dest=/etc/avahi/services/ssh.service
- regexp='$'
- line=' {{ ssh_port }}'
- state=present
- backrefs=yes
+ lineinfile:
+ dest: /etc/avahi/services/ssh.service
+ regexp: '$'
+ line: ' {{ ssh_port }}'
+ state: present
+ backrefs: yes
- name: Enable avahi service
- service: name=avahi-daemon
- enabled=yes
+ service:
+ name: avahi-daemon
+ enabled: yes
diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml
index 861a14c07..5e1bcebe6 100644
--- a/roles/network/tasks/computed_network.yml
+++ b/roles/network/tasks/computed_network.yml
@@ -192,7 +192,7 @@
tags:
- network
-- name: Add location section to config file
+- name: Add 'computed_network' variable values to /etc/iiab/iiab.ini
ini_file:
dest: "{{ iiab_config_file }}"
section: computed_network
diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml
index 1523e5ce1..9baa95dd1 100644
--- a/roles/network/tasks/computed_services.yml
+++ b/roles/network/tasks/computed_services.yml
@@ -40,17 +40,18 @@
dhcp_service2: "dnsmasq"
when: dnsmasq_install and dnsmasq_enabled and iiab_network_mode != "Appliance"
-- name: Add location section to config file
- ini_file: dest='{{ iiab_config_file }}'
- section=network
- option='{{ item.option }}'
- value='{{ item.value }}'
+- name: Add 'network' variable values (from computed_services.yml) to /etc/iiab/iiab.ini
+ ini_file:
+ dest: "{{ iiab_config_file }}"
+ section: network
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
with_items:
- - option: 'iiab_network_mode_applied'
- value: '{{ iiab_network_mode }}'
- - option: 'dhcp_service2'
- value: '{{ dhcp_service2 }}'
- - option: 'dnsmasq_enabled'
- value: '{{ dnsmasq_enabled }}'
- - option: 'no_net_restart'
- value: '{{ no_net_restart }}'
+ - option: iiab_network_mode_applied
+ value: "{{ iiab_network_mode }}"
+ - option: dhcp_service2
+ value: "{{ dhcp_service2 }}"
+ - option: dnsmasq_enabled
+ value: "{{ dnsmasq_enabled }}"
+ - option: no_net_restart
+ value: "{{ no_net_restart }}"
diff --git a/roles/network/tasks/create_ifcfg.yml b/roles/network/tasks/create_ifcfg.yml.deprecated
similarity index 100%
rename from roles/network/tasks/create_ifcfg.yml
rename to roles/network/tasks/create_ifcfg.yml.deprecated
diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml
index c3f5855c5..4c9ea455c 100644
--- a/roles/network/tasks/detected_network.yml
+++ b/roles/network/tasks/detected_network.yml
@@ -5,14 +5,14 @@
- name: Checking for old device gateway interface for device test
set_fact:
- device_gw: "{{ prior_gw.stdout }}"
- device_gw2: "{{ prior_gw.stdout }}"
+ device_gw: "{{ prior_gw.stdout }}"
+ device_gw2: "{{ prior_gw.stdout }}"
when: iiab_stage|int > 4 and prior_gw is defined and prior_gw.stdout != ""
- name: Setting WAN if detected
set_fact:
- iiab_wan_iface: "{{ discovered_wan_iface }}"
- device_gw: "{{ discovered_wan_iface }}"
+ iiab_wan_iface: "{{ discovered_wan_iface }}"
+ device_gw: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: Red Hat network detection (redhat)
@@ -57,11 +57,11 @@
- name: Set the discovered wireless, if found
set_fact:
- wifi1: "{{ item|trim }}"
- discovered_wireless_iface: "{{ item|trim }}"
+ wifi1: "{{ item|trim }}"
+ discovered_wireless_iface: "{{ item|trim }}"
when: item|trim != "" and item|trim != discovered_wan_iface
with_items:
- - "{{ wireless_list1.stdout_lines }}"
+ - "{{ wireless_list1.stdout_lines }}"
# WIRELESS -- Sigh... Not all drivers update /proc/net/wireless correctly
- name: Look for any wireless interfaces (take 2)
@@ -73,11 +73,11 @@
# Last device is used
- name: Set the discovered wireless, if found (take 2)
set_fact:
- wifi2: "{{ item|trim }}"
- discovered_wireless_iface: "{{ item|trim }}"
+ wifi2: "{{ item|trim }}"
+ discovered_wireless_iface: "{{ item|trim }}"
when: wireless_list2.stdout is defined
with_items:
- - "{{ wireless_list2.stdout_lines }}"
+ - "{{ wireless_list2.stdout_lines }}"
#item|trim != discovered_wan_iface
- name: Count WiFi ifaces
@@ -87,19 +87,19 @@
# facts are apparently all stored as text, so do text comparisons from here on
- name: Remember number of WiFi devices
set_fact:
- num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}"
+ num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}"
# XO hack here ap_device would not be active therefore not set with
# wired as gw use ap_device to exclude eth0 from network calulations
- name: XO laptop override 2 WiFi on LAN
set_fact:
- ap_device: "eth0"
+ ap_device: "eth0"
when: iiab_wan_iface != "eth0" and discovered_wireless_iface != "none" and xo_model == "XO-1.5"
- name: Exclude reserved WiFi adapter if defined - takes adapter name
set_fact:
- ap_device: "{{ reserved_wifi }}"
+ ap_device: "{{ reserved_wifi }}"
when: reserved_wifi is defined and discovered_wireless_iface != iiab_wan_iface and num_wifi_interfaces >= "2"
- name: Count LAN ifaces
@@ -108,7 +108,7 @@
- name: Calculate number of LAN interfaces including WiFi
set_fact:
- num_lan_interfaces: "{{ num_lan_interfaces_result.stdout|int }}"
+ num_lan_interfaces: "{{ num_lan_interfaces_result.stdout|int }}"
# LAN - pick non WAN's
- name: Create list of LAN (non WAN) ifaces
@@ -128,19 +128,19 @@
# if there is more than one the last one wins
- name: Set discovered_wired_iface if present
set_fact:
- discovered_wired_iface: "{{ item|trim }}"
+ discovered_wired_iface: "{{ item|trim }}"
when: lan_list_result.stdout_lines is defined and item|trim != discovered_wireless_iface
with_items:
- - "{{ lan_list_result.stdout_lines }}"
+ - "{{ lan_list_result.stdout_lines }}"
- name: Set iiab_wireless_lan_iface if present
set_fact:
- iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
+ iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
when: discovered_wireless_iface is defined and discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface
- name: Set iiab_wired_lan_iface if present
set_fact:
- iiab_wired_lan_iface: "{{ discovered_wired_iface }}"
+ iiab_wired_lan_iface: "{{ discovered_wired_iface }}"
when: discovered_wired_iface is defined and discovered_wired_iface != "none" and discovered_wired_iface != iiab_wan_iface
#unused
@@ -150,33 +150,33 @@
# use value only if present
- name: 2 or more devices on the LAN - use bridging
set_fact:
- iiab_lan_iface: br0
+ iiab_lan_iface: br0
when: num_lan_interfaces|int >= 2 and not is_rpi
- name: For Debian, always use bridging - except RPi
set_fact:
- iiab_lan_iface: br0
+ iiab_lan_iface: br0
when: num_lan_interfaces|int >= 1 and is_debuntu and not is_rpi
- name: WiFi is on the LAN - use bridging - except RPi
set_fact:
- iiab_lan_iface: br0
+ iiab_lan_iface: br0
when: iiab_wireless_lan_iface is defined and not nobridge is defined
- name: Setting wired LAN as only interface - RPi
set_fact:
- iiab_lan_iface: "{{ iiab_wired_lan_iface }}"
+ iiab_lan_iface: "{{ iiab_wired_lan_iface }}"
when: iiab_wired_lan_iface is defined and nobridge is defined
- name: Setting wireless LAN as only interface - RPi
set_fact:
- iiab_lan_iface: "{{ iiab_wireless_lan_iface }}"
+ iiab_lan_iface: "{{ iiab_wireless_lan_iface }}"
when: iiab_wireless_lan_iface is defined and nobridge is defined
- name: In VM disable LAN - needs local_vars entry to activate
set_fact:
- iiab_lan_iface: none
- no_net_restart: True
+ iiab_lan_iface: none
+ no_net_restart: True
when: is_VM is defined
# OK try old gw this is a best guess based on what's in
@@ -188,41 +188,42 @@
gui_wan_iface: "{{ device_gw }}"
when: user_wan_iface == "auto" and device_gw != "none" and discovered_wan_iface == "none"
-- name: Add location section to config file
- ini_file: dest='{{ iiab_config_file }}'
- section=detected_network
- option='{{ item.option }}'
- value='{{ item.value }}'
+- name: Add 'detected_network' variable values to /etc/iiab/iiab.ini
+ ini_file:
+ dest: "{{ iiab_config_file }}"
+ section: detected_network
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
with_items:
- - option: 'has_ifcfg_gw'
- value: '{{ has_ifcfg_gw }}'
- - option: 'prior_gateway_(device_gw2)'
- value: '{{ device_gw2 }}'
- - option: 'dhcpcd_result'
- value: '{{ dhcpcd_result }}'
- - option: 'network_manager_active'
- value: '{{ network_manager_active }}'
- - option: 'systemd_networkd_active'
- value: '{{ systemd_networkd_active }}'
- - option: 'wan_in_interfaces'
- value: '{{ wan_in_interfaces }}'
- - option: 'wireless_list_1(wifi1)'
- value: '{{ wifi1 }}'
- - option: 'wireless_list_2(wifi2)'
- value: '{{ wifi2 }}'
- - option: 'num_wifi_interfaces'
- value: '{{ num_wifi_interfaces }}'
- - option: 'discovered_wireless_iface'
- value: '{{ discovered_wireless_iface }}'
- - option: 'discovered_wired_iface'
- value: '{{ discovered_wired_iface }}'
-# - option: 'iiab_wireless_lan_iface'
-# value: '{{ iiab_wireless_lan_iface }}'
- - option: 'num_lan_interfaces'
- value: '{{ num_lan_interfaces }}'
- - option: 'gui_static_wan'
- value: '{{ gui_static_wan }}'
- - option: 'iiab_lan_iface'
- value: '{{ iiab_lan_iface }}'
- - option: 'iiab_wan_iface'
- value: '{{ iiab_wan_iface }}'
+ - option: has_ifcfg_gw
+ value: "{{ has_ifcfg_gw }}"
+ - option: prior_gateway_(device_gw2)
+ value: "{{ device_gw2 }}"
+ - option: dhcpcd_result
+ value: "{{ dhcpcd_result }}"
+ - option: network_manager_active
+ value: "{{ network_manager_active }}"
+ - option: systemd_networkd_active
+ value: "{{ systemd_networkd_active }}"
+ - option: wan_in_interfaces
+ value: "{{ wan_in_interfaces }}"
+ - option: wireless_list_1(wifi1)
+ value: "{{ wifi1 }}"
+ - option: wireless_list_2(wifi2)
+ value: "{{ wifi2 }}"
+ - option: num_wifi_interfaces
+ value: "{{ num_wifi_interfaces }}"
+ - option: discovered_wireless_iface
+ value: "{{ discovered_wireless_iface }}"
+ - option: discovered_wired_iface
+ value: "{{ discovered_wired_iface }}"
+# - option: 'iiab_wireless_lan_iface
+# value: '{{ iiab_wireless_lan_iface }}"
+ - option: num_lan_interfaces
+ value: "{{ num_lan_interfaces }}"
+ - option: gui_static_wan
+ value: "{{ gui_static_wan }}"
+ - option: iiab_lan_iface
+ value: "{{ iiab_lan_iface }}"
+ - option: iiab_wan_iface
+ value: "{{ iiab_wan_iface }}"
diff --git a/roles/network/tasks/detected_redhat.yml b/roles/network/tasks/detected_redhat.yml
index 0936e1f91..73d6cb4ef 100644
--- a/roles/network/tasks/detected_redhat.yml
+++ b/roles/network/tasks/detected_redhat.yml
@@ -1,5 +1,6 @@
- name: Checking for ifcfg-WAN file - Can Fail
- stat: path=/etc/sysconfig/network-scripts/ifcfg-WAN
+ stat:
+ path: /etc/sysconfig/network-scripts/ifcfg-WAN
when: not first_run
register: has_ifcfg_WAN
ignore_errors: True
@@ -31,7 +32,7 @@
has_ifcfg_gw: "{{ item|trim }}"
when: ifcfg_gw_device.stdout_lines is defined and item|trim != "" and item|trim != "/etc/sysconfig/network-scripts/ifcfg-LAN"
with_items:
- - "{{ ifcfg_gw_device.stdout_lines }}"
+ - "{{ ifcfg_gw_device.stdout_lines }}"
ignore_errors: True
# returns path
@@ -59,7 +60,7 @@
has_wifi_gw: "{{ item|trim }}"
when: ifcfg_WAN_wifi.changed and item|trim != ""
with_items:
- - "{{ ifcfg_WAN_wifi.stdout_lines }}"
+ - "{{ ifcfg_WAN_wifi.stdout_lines }}"
- name: Finding device for WiFi AP gateway - Can Fail
shell: egrep -rn DEVICE /etc/sysconfig/network-scripts/{{ has_wifi_gw }} | gawk -F '=' '{print $2}'
diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml
index 9b8886342..2a7aee006 100644
--- a/roles/network/tasks/dhcpd.yml
+++ b/roles/network/tasks/dhcpd.yml
@@ -1,52 +1,60 @@
-- name: Install dhcp package
- package: name=isc-dhcp-server
- state=present
+- name: Install dhcp package (debuntu)
+ package:
+ name: isc-dhcp-server
+ state: present
when: is_debuntu
tags:
- download
-- name: Install dhcp package
- package: name=dhcp
- state=present
+- name: Install dhcp package (not debuntu)
+ package:
+ name: dhcp
+ state: present
when: not is_debuntu
tags:
- download
-- name: Create non-privileged user
- user: name=dhcpd
- createhome=no
+- name: Create non-privileged user 'dhcpd' (debuntu)
+ user:
+ name: dhcpd
+ createhome: no
when: is_debuntu
-- name: Disable stock dhcp_service
- service: name={{ dhcp_service }}
- enabled=no
- state=stopped
+- name: Disable stock dhcp_service (debuntu)
+ service:
+ name: "{{ dhcp_service }}"
+ enabled: no
+ state: stopped
when: is_debuntu
-- name: Disable stock dhcp_service ipv6
- service: name={{ dhcp_service }}6
- enabled=no
- state=stopped
+- name: Disable stock dhcp_service ipv6 (ubuntu-18)
+ service:
+ name: "{{ dhcp_service }}6"
+ enabled: no
+ state: stopped
when: is_ubuntu_18
- name: Install systemd unit file to /etc/systemd/system/dhcpd.service
- template: src={{ item.src }}
- dest={{ item.dest }}
- owner=root
- group=root
- mode={{ item.mode }}
+ template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: root
+ group: root
+ mode: "{{ item.mode }}"
with_items:
- { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
-- name: Create dhcpd needed files
+- name: Create file /var/lib/dhcpd/dhcpd.leases (redhat)
command: touch /var/lib/dhcpd/dhcpd.leases
- creates=/var/lib/dhcpd/dhcpd.leases
+ args:
+ creates: /var/lib/dhcpd/dhcpd.leases
when: is_redhat
-- name: Check lease's permissions
- file: path=/var/lib/dhcpd/dhcpd.leases
- owner=dhcpd
- group=dhcpd
- mode=0644
- state=file
+- name: Set dhcpd.leases permissions/ownership (redhat)
+ file:
+ path: /var/lib/dhcpd/dhcpd.leases
+ owner: dhcpd
+ group: dhcpd
+ mode: 0644
+ state: file
when: is_redhat
diff --git a/roles/network/tasks/edit_ifcfg.yml b/roles/network/tasks/edit_ifcfg.yml
index 90a1d368f..647d1a6f1 100644
--- a/roles/network/tasks/edit_ifcfg.yml
+++ b/roles/network/tasks/edit_ifcfg.yml
@@ -1,43 +1,49 @@
- name: Turn off ISP nameservers
- lineinfile: state=present
- backrefs=yes
- regexp='^PEERDNS'
- line='PEERDNS="no"'
- dest={{ has_ifcfg_gw }}
+ lineinfile:
+ state: present
+ backrefs: yes
+ regexp: '^PEERDNS'
+ line: 'PEERDNS="no"'
+ dest: "{{ has_ifcfg_gw }}"
- name: Turn on local nameserver
- lineinfile: state=present
- line='DNS1="127.0.0.1"'
- dest={{ has_ifcfg_gw }}
+ lineinfile:
+ state: present
+ line: 'DNS1="127.0.0.1"'
+ dest: "{{ has_ifcfg_gw }}"
- name: Remove the UUID
- lineinfile: state=absent
- regexp='^UUID'
- dest={{ has_ifcfg_gw }}
+ lineinfile:
+ state: absent
+ regexp: '^UUID'
+ dest: "{{ has_ifcfg_gw }}"
# Leave wifi as is NAME= needs to match keyring name.
- name: Fix the NM name
- lineinfile: state=present
- backrefs=yes
- regexp='^NAME'
- line='NAME="iiab-WAN"'
- dest={{ has_ifcfg_gw }}
+ lineinfile:
+ state: present
+ backrefs: yes
+ regexp: '^NAME'
+ line: 'NAME="iiab-WAN"'
+ dest: "{{ has_ifcfg_gw }}"
when: has_wifi_gw == "none"
# testpoint - quoting and present
# note DEVICE can change what is displayed via "ip and friends"
- name: Fix the DEVICE
- lineinfile: state=present
- backrefs=yes
- regexp='^DEVICE'
- line='DEVICE="{{ iiab_wan_iface }}"'
- dest={{ has_ifcfg_gw }}
+ lineinfile:
+ state: present
+ backrefs: yes
+ regexp: '^DEVICE'
+ line: 'DEVICE="{{ iiab_wan_iface }}"'
+ dest: "{{ has_ifcfg_gw }}"
when: iiab_wan_iface != "none" and has_wifi_gw == "none"
- name: Add marker
- lineinfile: state=present
- line="# Modified by IIAB"
- dest={{ has_ifcfg_gw }}
+ lineinfile:
+ state: present
+ line: "# Modified by IIAB"
+ dest: "{{ has_ifcfg_gw }}"
- name: Rename supplied gateway ifcfg file to WAN if present
shell: mv "{{ has_ifcfg_gw }}" /etc/sysconfig/network-scripts/ifcfg-WAN
diff --git a/roles/network/tasks/enable_wan.yml b/roles/network/tasks/enable_wan.yml
index 5cbeac07c..5cdb44956 100644
--- a/roles/network/tasks/enable_wan.yml
+++ b/roles/network/tasks/enable_wan.yml
@@ -1,32 +1,36 @@
- name: Turn off ONBOOT for WAN on reboot if disabled
- lineinfile: state=present
- backrefs=yes
- regexp='^ONBOOT'
- line='ONBOOT="no"'
- dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+ lineinfile:
+ state: present
+ backrefs: yes
+ regexp: '^ONBOOT'
+ line: 'ONBOOT="no"'
+ dest: /etc/sysconfig/network-scripts/ifcfg-WAN
when: has_WAN and iiab_wan_iface == "none"
#testpoint Need to ensure we have only one entry
- name: Ensure macaddress is correct
- lineinfile: state=present
- backrefs=yes
- regexp='^HWADDR'
- line='HWADDR="{{ hostvars[inventory_hostname]['ansible_' + iiab_wan_iface]['macaddress'] }}"'
- dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+ lineinfile:
+ state: present
+ backrefs: yes
+ regexp: '^HWADDR'
+ line: 'HWADDR="{{ hostvars[inventory_hostname]['ansible_' + iiab_wan_iface]['macaddress'] }}"'
+ dest: /etc/sysconfig/network-scripts/ifcfg-WAN
when: has_WAN and iiab_wan_iface != "none"
- name: Fix the DEVICE
- lineinfile: state=present
- backrefs=yes
- regexp='^NAME'
- line='NAME="iiab-WAN"'
- dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+ lineinfile:
+ state: present
+ backrefs: yes
+ regexp: '^NAME'
+ line: 'NAME="iiab-WAN"'
+ dest: /etc/sysconfig/network-scripts/ifcfg-WAN
when: has_WAN and iiab_wan_iface != "none"
- name: Turn on ONBOOT for WAN on reboot if enabled
- lineinfile: state=present
- backrefs=yes
- regexp="^ONBOOT"
- line="ONBOOT=yes"
- dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+ lineinfile:
+ state: present
+ backrefs: yes
+ regexp: "^ONBOOT"
+ line: "ONBOOT=yes"
+ dest: /etc/sysconfig/network-scripts/ifcfg-WAN
when: has_WAN and iiab_wan_iface != "none"
diff --git a/roles/network/tasks/hosts.yml b/roles/network/tasks/hosts.yml
index 1344c553a..be268817f 100644
--- a/roles/network/tasks/hosts.yml
+++ b/roles/network/tasks/hosts.yml
@@ -1,12 +1,12 @@
#TODO: Use vars instead of hardcoded values
-- name: Remove FQDN in /etc/hosts without LAN
+- name: Remove FQDN with 172.18.96.1 in /etc/hosts without LAN (if iiab_lan_iface == "none" and not installing)
lineinfile:
path: /etc/hosts
regexp: '^172\.18\.96\.1'
state: absent
when: iiab_lan_iface == "none" and not installing
-- name: Configure FQDN in /etc/hosts with LAN
+- name: Configure FQDN with 172.18.96.1 in /etc/hosts with LAN (if iiab_lan_iface != "none" and not installing)
lineinfile:
path: /etc/hosts
regexp: '^172\.18\.96\.1'
@@ -14,7 +14,7 @@
state: present
when: iiab_lan_iface != "none" and not installing
-- name: Configure FQDN in /etc/hosts appliance mode
+- name: Configure FQDN with 127.0.0.1 in /etc/hosts appliance mode (if iiab_lan_iface == "none" and not installing)
lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1'
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
index 65b956177..d5736714d 100644
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@@ -112,7 +112,7 @@
tags:
- network
-- name: NetworkManager in use
+- name: NetworkManager in use (if ubuntu-18 and network_manager_active)
include_tasks: NM-debian.yml
when: is_ubuntu_18 and network_manager_active
#and not installing
diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml
index 90dd17706..a3f911caf 100644
--- a/roles/network/tasks/named.yml
+++ b/roles/network/tasks/named.yml
@@ -1,4 +1,4 @@
-- name: Install named packages (debuntu)
+- name: Install named packages (if debuntu)
package:
name: "{{ item }}"
state: present
@@ -9,7 +9,7 @@
tags:
- download
-- name: Install named packages (OS's that are not debuntu)
+- name: Install named packages (if not debuntu)
package:
name: "{{ item }}"
state: present
@@ -21,7 +21,7 @@
- download
# or we have to change the serial number in the config files.
-- name: Stop named before copying files
+- name: Stop named before copying files (if first_run and debuntu)
service:
name: "{{ dns_service }}"
state: stopped
@@ -76,27 +76,27 @@
dest: "/etc/systemd/system/{{ dns_service }}.service"
mode: 0644
-- name: The dns-jail redirect requires the named.blackhole, disabling recursion
+- name: The dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)
# in named-iiab.conf, and the redirection of 404 error documents to /
template:
src: roles/network/templates/named/dns-jail.conf
dest: "/etc/{{ apache_config_dir }}/"
when: dns_jail_enabled
-- name: Separate enabling required (debuntu)
+- name: Separate enabling required (if debuntu and dns_jail_enabled)
file:
src: "/etc/{{ apache_config_dir }}/dns-jail.conf"
path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
state: link
when: is_debuntu and dns_jail_enabled
-- name: Separate disabling required (debuntu)
+- name: Separate disabling required (if debuntu and not dns_jail_enabled)
file:
path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
state: absent
when: is_debuntu and not dns_jail_enabled
-- name: Separate enabling/disabling required (OS's that are not debuntu)
+- name: Separate enabling/disabling required (if not debuntu and not dns_jail_enabled)
file:
path: "/etc/{{ apache_config_dir }}/dns-jail.conf"
state: absent
diff --git a/roles/network/tasks/redetect.yml b/roles/network/tasks/redetect.yml
index 7ecfb9903..47cf687d3 100644
--- a/roles/network/tasks/redetect.yml
+++ b/roles/network/tasks/redetect.yml
@@ -17,14 +17,17 @@
dhcp_good: False
# don't shoot ourselves in the foot....
-- name: Disable dhcp server just because
- service: name=dhcpd state=stopped
+- name: Disable dhcpd server just because
+ service:
+ name: dhcpd
+ state: stopped
### clear all connections first
# We should have the LAN torndown at this point.
- name: No ifcfg-WAN known
- debug: msg="NO WAN known"
+ debug:
+ msg: "NO WAN known"
when: not has_WAN
- name: Finding connection name for WiFi AP gateway first
@@ -46,8 +49,8 @@
# We have the DEVICE?
- name: Now setting iiab_wan_iface based on WiFi
set_fact:
- iiab_wan_iface: "{{ dhcp_wifi_results.stdout }}"
- dhcp_good: True
+ iiab_wan_iface: "{{ dhcp_wifi_results.stdout }}"
+ dhcp_good: True
when: dhcp_wifi_results.stdout is defined and dhcp_wifi_results.stdout != ""
- name: Trying ifcfg-WAN second
@@ -57,7 +60,8 @@
when: has_WAN
- name: BAD ifcfg-WAN
- debug: msg="BAD WAN"
+ debug:
+ msg: "BAD WAN"
when: dhcp_WAN is defined and dhcp_WAN|failed
- name: Delete ifcfg-WAN
@@ -66,7 +70,7 @@
- name: Setting no ifcfg-WAN
set_fact:
- has_WAN: False
+ has_WAN: False
when: dhcp_WAN is defined and dhcp_WAN|failed and wan_ip == "dhcp"
- name: Interface list
@@ -79,7 +83,7 @@
ignore_errors: True
when: item|trim != iiab_wireless_lan_iface and not dhcp_good and wan_ip == "dhcp"
with_items:
- - "{{ adapter_list.stdout_lines }}"
+ - "{{ adapter_list.stdout_lines }}"
# monitor-connection-files defaults to no with F21, F18-F20 defaults to yes
- name: Reloading nmcli for deleted files
@@ -93,7 +97,7 @@
ignore_errors: True
when: item|trim != discovered_wireless_iface and item|trim != iiab_wireless_lan_iface and not dhcp_good and wan_ip == "dhcp"
with_items:
- - "{{ adapter_list.stdout_lines }}"
+ - "{{ adapter_list.stdout_lines }}"
# This should be neat on a VM with 2 bridged interfaces.
- name: Checking for gateway
@@ -104,8 +108,8 @@
# We have the DEVICE?
- name: Now setting iiab_wan_iface via nmcli
set_fact:
- iiab_wan_iface: "{{ dhcp_1BY1_results.stdout }}"
- dhcp_good: True
+ iiab_wan_iface: "{{ dhcp_1BY1_results.stdout }}"
+ dhcp_good: True
when: dhcp_1BY1_results.stdout is defined and dhcp_1BY1_results.stdout != "" and not has_WAN
- name: Find gateway config based on device
@@ -120,7 +124,7 @@
has_ifcfg_gw: "{{ item|trim }}"
when: dhcp_good and ifcfg_dhcp_device is defined and item|trim != ""
with_items:
- - "{{ ifcfg_dhcp_device.stdout_lines }}"
+ - "{{ ifcfg_dhcp_device.stdout_lines }}"
ignore_errors: True
# wired devices with no wire plugged in fail here
@@ -129,12 +133,12 @@
ignore_errors: True
when: item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface and wan_ip == "dhcp"
with_items:
- - "{{ adapter_list.stdout_lines }}"
+ - "{{ adapter_list.stdout_lines }}"
### keep at end.
### If dhcp fails the single interface will become LAN again because we didn't prevent the creation
# Now disable LAN if single interface
- name: DHCP found on Single interface forcing LAN disabled
set_fact:
- iiab_lan_iface: "none"
- when: dhcp_good and adapter_count.stdout|int == "1"
+ iiab_lan_iface: "none"
+ when: dhcp_good and adapter_count.stdout|int == "1"
diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml
index f3eb59421..e4f504f32 100644
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@@ -97,7 +97,7 @@
- option: enabled
value: "{{ squid_enabled }}"
-- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
+- name: Add 'dansguardian' variable values to /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: dansguardian
diff --git a/roles/network/tasks/static.yml b/roles/network/tasks/static.yml
index 06ac8b391..33d72cc0c 100644
--- a/roles/network/tasks/static.yml
+++ b/roles/network/tasks/static.yml
@@ -1,8 +1,9 @@
# supply an ifcfg if no gateway detected but wan_ip is set
# set user_wan_iface: and use wan_* for static info
-- name: Supply WAN interface file
- template: src=network/ifcfg-WAN.j2
- dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+- name: Install WAN interface file /etc/sysconfig/network-scripts/ifcfg-WAN from template
+ template:
+ src: network/ifcfg-WAN.j2
+ dest: /etc/sysconfig/network-scripts/ifcfg-WAN
- include_tasks: NM.yml
when: 'ansible_distribution_version <= "20" and wan_ip != "dhcp"'
@@ -12,8 +13,9 @@
ignore_errors: yes
when: 'ansible_distribution_version >= "21" and wan_ip != "dhcp"'
-- name: Use upstream nameserver until named is installed
- lineinfile: dest=/etc/resolv.conf
- line='nameserver {{ wan_nameserver }}'
- create=yes
- state=present
+- name: Use upstream nameserver until named (etc) is installed
+ lineinfile:
+ dest: /etc/resolv.conf
+ line: "nameserver {{ wan_nameserver }}"
+ create: yes
+ state: present
diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml
index 04c66bdf5..43c6cd89c 100644
--- a/roles/network/tasks/wondershaper.yml
+++ b/roles/network/tasks/wondershaper.yml
@@ -1,43 +1,49 @@
-- name: Copy Wondershaper service script
- template: backup=yes
- src=roles/network/templates/wondershaper/wondershaper.service
- dest=/etc/systemd/system/wondershaper.service
- mode=0644
+- name: Install Wondershaper systemd unit file from template
+ template:
+ backup: yes
+ src: roles/network/templates/wondershaper/wondershaper.service
+ dest: /etc/systemd/system/wondershaper.service
+ mode: 0644
-- name: Copy Wondershaper script
- template: backup=yes
- src=roles/network/templates/wondershaper/wondershaper.j2
- dest=/usr/bin/wondershaper
- owner=root
- group=root
- mode=0744
+- name: Install /usr/bin/wondershaper from template
+ template:
+ backup: yes
+ src: roles/network/templates/wondershaper/wondershaper.j2
+ dest: /usr/bin/wondershaper
+ owner: root
+ group: root
+ mode: 0744
- name: Create conf.d directory
- file: path=/etc/conf.d
- owner=root
- group=root
- mode=0755
- state=directory
+ file:
+ path: /etc/conf.d
+ owner: root
+ group: root
+ mode: 0755
+ state: directory
-- name: Copy Wondershaper config script
- template: src=roles/network/templates/wondershaper/wondershaper.conf
- dest=/etc/conf.d/wondershaper.conf
- owner=root
- group=root
- mode=0600
+- name: Install /etc/conf.d/wondershaper.conf from template
+ template:
+ src: roles/network/templates/wondershaper/wondershaper.conf
+ dest: /etc/conf.d/wondershaper.conf
+ owner: root
+ group: root
+ mode: 0600
-- name: Create fact for Wondershaper config file
- file: src=/etc/conf.d/wondershaper.conf
- dest=/etc/ansible/facts.d/wondershaper.fact
- owner=root
- group=root
- state=link
+- name: Create fact (link) for /etc/conf.d/wondershaper.conf
+ file:
+ src: /etc/conf.d/wondershaper.conf
+ dest: /etc/ansible/facts.d/wondershaper.fact
+ owner: root
+ group: root
+ state: link
-- name: Add 'wondershaper' to service list
- ini_file: dest='{{ service_filelist }}'
- section=wondershaper
- option='{{ item.option }}'
- value='{{ item.value }}'
+- name: Add 'wondershaper' variable values to /etc/iiab/iiab.ini
+ ini_file:
+ dest: "{{ service_filelist }}"
+ section: wondershaper
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
with_items:
- option: name
value: wondershaper