Merge pull request #1185 from holta/dnsmasq-initial-cleanup

Beginnings of Captive Portal / dnsmasq cleanup, towards solving #1184

roles/network/defaults/main.yml

@@ -62,20 +62,27 @@ network_config_dir: /etc/network/interfaces.d
 dns_jail_enabled: False
 services_externally_visible: False
 
-# Following variables set for old Apache, dhcpd, named usage
+# DNS / name resolution
 dhcpd_install: True
 dhcpd_enabled: True
+#dhcp_service: ????    # Appears nec for roles/network/tasks/dhcpd.yml ?
+dhcp_service2: disabled    # Proposed by @jvonau to solve #1184 -> PR #1185 as required by roles/network/tasks/computed_services.yml ?
 named_install: True
-named_enabled: True
+named_enabled: False
-dnsmasq_enabled: False
+dnsmasq_enabled: True
-dnsmasq_install: False
+dnsmasq_install: True
 
-# For @tim-moody's Nodogsplash approach to Captive Portal?  High experimental as of June 2018: github.com/iiab/iiab/issues/608
+# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
-captive_portal_enabled: False
+# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
-
+# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)
-# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
 py_captive_portal_install: True
 py_captive_portal_enabled: True
 py_captive_portal_port: "9090"
 py_captive_portal_username: "Admin"
 py_captive_portal_password: "changeme"
+# In a pinch, disable it by running: systemctl disable py-captive-portal
+
+# For @tim-moody's Nodogsplash approach to Captive Portal?
+# Highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608
+# captive_portal_install: False
+# captive_portal_enabled: False

roles/network/tasks/NM.yml

@@ -1,20 +1,33 @@
 - name: Restart NetworkManager services
-  service: name=NetworkManager
+  service:
-           enabled=yes
+    name: NetworkManager
-           state=stopped
+    enabled: yes
-- service: name=NetworkManager-dispatcher
+    state: stopped
-           enabled=yes
+
-           state=stopped
+- service:
-- wait_for: path=/etc/passwd
+    name: NetworkManager-dispatcher
-            delay=4
+    enabled: yes
-            timeout=5
+    state: stopped
-- service: name=NetworkManager
+
-           enabled=yes
+- wait_for:
-           state=started
+    path: /etc/passwd
-- wait_for: path=/etc/passwd
+    delay: 4
-            delay=4
+    timeout: 5
-            timeout=5
+
-- service: name=NetworkManager-dispatcher
+- service:
-           enabled=yes
+    name: NetworkManager
-           state=started
+    enabled: yes
-- debug:  msg="hopefully now NM is restarted"
+    state: started
+
+- wait_for:
+    path: /etc/passwd
+    delay: 4
+    timeout: 5
+
+- service:
+    name: NetworkManager-dispatcher
+    enabled: yes
+    state: started
+
+- debug:
+    msg: "hopefully now NM is restarted"

roles/network/tasks/avahi.yml

@@ -1,40 +1,47 @@
-- name: Create a user for avahi
+- name: Create a user for avahi (debuntu)
-  user: name=avahi
+  user:
-        createhome=no
+    name: avahi
-        shell=/bin/false
+    createhome: no
+    shell: /bin/false
   when: is_debuntu
 
-- name: Install avahi announce config files
+- name: Install avahi announce config file /etc/avahi/services/schoolserver.service
-  template: src=avahi/schoolserver.service
+  template:
-            dest=/etc/avahi/services/schoolserver.service
+    src: avahi/schoolserver.service
-            owner=avahi
+    dest: /etc/avahi/services/schoolserver.service
-            group=avahi
+    owner: avahi
-            mode=0640
+    group: avahi
+    mode: 0640
   when: 'gui_wan == True'
 
-- name: Find a clean copy of ssh.service
+- name: Find avahi_ver for clean copy of ssh.service (not debuntu)
-  shell: "ls /usr/share/doc/ |grep avahi | head -n1"
+  shell: "ls /usr/share/doc/ | grep avahi | head -n1"
   register: avahi_ver
   ignore_errors: True
   changed_when: false
+  # when: not is_debuntu    # would cause failures 6 lines below
 
-- name: Grab a clean copy of ssh.service
+- name: Grab a clean copy of ssh.service (not debuntu)
-  copy: src='/usr/share/doc/{{ avahi_ver.stdout }}/ssh.service'
+  copy:
-        dest='/etc/avahi/services/'
+    src: '/usr/share/doc/{{ avahi_ver.stdout }}/ssh.service'
+    dest: /etc/avahi/services/
   when: avahi_ver.stdout != "" and not is_debuntu
 
-- name: Grab a clean copy of ssh.service
+- name: Grab a clean copy of ssh.service (debuntu)
-  copy: src='/usr/share/doc/avahi-daemon/examples/ssh.service'
+  copy:
-        dest='/etc/avahi/services/'
+    src: /usr/share/doc/avahi-daemon/examples/ssh.service
+    dest: /etc/avahi/services/
   when: is_debuntu
 
 - name: Set ssh port for avahi
-  lineinfile: dest=/etc/avahi/services/ssh.service
+  lineinfile:
-              regexp='</port>$'
+    dest: /etc/avahi/services/ssh.service
-              line='    <port>{{ ssh_port }}</port>'
+    regexp: '</port>$'
-              state=present
+    line: '    <port>{{ ssh_port }}</port>'
-              backrefs=yes
+    state: present
+    backrefs: yes
 
 - name: Enable avahi service
-  service: name=avahi-daemon
+  service:
-           enabled=yes
+    name: avahi-daemon
+    enabled: yes

roles/network/tasks/computed_network.yml

@@ -192,7 +192,7 @@
   tags:
     - network
 
-- name: Add location section to config file
+- name: Add 'computed_network' variable values to /etc/iiab/iiab.ini
   ini_file:
     dest: "{{ iiab_config_file }}"
     section: computed_network

roles/network/tasks/computed_services.yml

@@ -40,17 +40,18 @@
     dhcp_service2: "dnsmasq"
   when: dnsmasq_install and dnsmasq_enabled and iiab_network_mode != "Appliance"
 
-- name: Add location section to config file
+- name: Add 'network' variable values (from computed_services.yml) to /etc/iiab/iiab.ini
-  ini_file: dest='{{ iiab_config_file }}'
+  ini_file:
-            section=network
+    dest: "{{ iiab_config_file }}"
-            option='{{ item.option }}'
+    section: network
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
-  - option: 'iiab_network_mode_applied'
+  - option: iiab_network_mode_applied
-    value: '{{ iiab_network_mode }}'
+    value: "{{ iiab_network_mode }}"
-  - option: 'dhcp_service2'
+  - option: dhcp_service2
-    value: '{{ dhcp_service2 }}'
+    value: "{{ dhcp_service2 }}"
-  - option: 'dnsmasq_enabled'
+  - option: dnsmasq_enabled
-    value: '{{ dnsmasq_enabled }}'
+    value: "{{ dnsmasq_enabled }}"
-  - option: 'no_net_restart'
+  - option: no_net_restart
-    value: '{{ no_net_restart }}'
+    value: "{{ no_net_restart }}"

roles/network/tasks/detected_network.yml

@@ -188,41 +188,42 @@
     gui_wan_iface: "{{ device_gw }}"
   when: user_wan_iface == "auto" and device_gw != "none" and discovered_wan_iface == "none"
 
-- name: Add location section to config file
+- name: Add 'detected_network' variable values to /etc/iiab/iiab.ini
-  ini_file: dest='{{ iiab_config_file }}'
+  ini_file:
-            section=detected_network
+    dest: "{{ iiab_config_file }}"
-            option='{{ item.option }}'
+    section: detected_network
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
-  - option: 'has_ifcfg_gw'
+  - option: has_ifcfg_gw
-    value: '{{ has_ifcfg_gw }}'
+    value: "{{ has_ifcfg_gw }}"
-  - option: 'prior_gateway_(device_gw2)'
+  - option: prior_gateway_(device_gw2)
-    value: '{{ device_gw2 }}'
+    value: "{{ device_gw2 }}"
-  - option: 'dhcpcd_result'
+  - option: dhcpcd_result
-    value: '{{ dhcpcd_result }}'
+    value: "{{ dhcpcd_result }}"
-  - option: 'network_manager_active'
+  - option: network_manager_active
-    value: '{{ network_manager_active }}'
+    value: "{{ network_manager_active }}"
-  - option: 'systemd_networkd_active'
+  - option: systemd_networkd_active
-    value: '{{ systemd_networkd_active }}'
+    value: "{{ systemd_networkd_active }}"
-  - option: 'wan_in_interfaces'
+  - option: wan_in_interfaces
-    value: '{{ wan_in_interfaces }}'
+    value: "{{ wan_in_interfaces }}"
-  - option: 'wireless_list_1(wifi1)'
+  - option: wireless_list_1(wifi1)
-    value: '{{ wifi1 }}'
+    value: "{{ wifi1 }}"
-  - option: 'wireless_list_2(wifi2)'
+  - option: wireless_list_2(wifi2)
-    value: '{{ wifi2 }}'
+    value: "{{ wifi2 }}"
-  - option: 'num_wifi_interfaces'
+  - option: num_wifi_interfaces
-    value: '{{ num_wifi_interfaces }}'
+    value: "{{ num_wifi_interfaces }}"
-  - option: 'discovered_wireless_iface'
+  - option: discovered_wireless_iface
-    value: '{{ discovered_wireless_iface }}'
+    value: "{{ discovered_wireless_iface }}"
-  - option: 'discovered_wired_iface'
+  - option: discovered_wired_iface
-    value: '{{ discovered_wired_iface }}'
+    value: "{{ discovered_wired_iface }}"
-#  - option: 'iiab_wireless_lan_iface'
+#  - option: 'iiab_wireless_lan_iface
-#    value: '{{ iiab_wireless_lan_iface }}'
+#    value: '{{ iiab_wireless_lan_iface }}"
-  - option: 'num_lan_interfaces'
+  - option: num_lan_interfaces
-    value: '{{ num_lan_interfaces }}'
+    value: "{{ num_lan_interfaces }}"
-  - option: 'gui_static_wan'
+  - option: gui_static_wan
-    value: '{{ gui_static_wan }}'
+    value: "{{ gui_static_wan }}"
-  - option: 'iiab_lan_iface'
+  - option: iiab_lan_iface
-    value: '{{ iiab_lan_iface }}'
+    value: "{{ iiab_lan_iface }}"
-  - option: 'iiab_wan_iface'
+  - option: iiab_wan_iface
-    value: '{{ iiab_wan_iface }}'
+    value: "{{ iiab_wan_iface }}"

roles/network/tasks/detected_redhat.yml

@@ -1,5 +1,6 @@
 - name: Checking for ifcfg-WAN file - Can Fail
-  stat: path=/etc/sysconfig/network-scripts/ifcfg-WAN
+  stat:
+    path: /etc/sysconfig/network-scripts/ifcfg-WAN
   when: not first_run
   register: has_ifcfg_WAN
   ignore_errors: True

roles/network/tasks/dhcpd.yml

@@ -1,52 +1,60 @@
-- name: Install dhcp package
+- name: Install dhcp package (debuntu)
-  package: name=isc-dhcp-server
+  package:
-           state=present
+    name: isc-dhcp-server
+    state: present
   when: is_debuntu
   tags:
     - download
 
-- name: Install dhcp package
+- name: Install dhcp package (not debuntu)
-  package: name=dhcp
+  package:
-           state=present
+    name: dhcp
+    state: present
   when: not is_debuntu
   tags:
     - download
 
-- name: Create non-privileged user
+- name: Create non-privileged user 'dhcpd' (debuntu)
-  user: name=dhcpd
+  user:
-        createhome=no
+    name: dhcpd
+    createhome: no
   when: is_debuntu
 
-- name: Disable stock dhcp_service
+- name: Disable stock dhcp_service (debuntu)
-  service: name={{ dhcp_service }}
+  service:
-           enabled=no
+    name: "{{ dhcp_service }}"
-           state=stopped
+    enabled: no
+    state: stopped
   when: is_debuntu
 
-- name: Disable stock dhcp_service ipv6
+- name: Disable stock dhcp_service ipv6 (ubuntu-18)
-  service: name={{ dhcp_service }}6
+  service:
-           enabled=no
+    name: "{{ dhcp_service }}6"
-           state=stopped
+    enabled: no
+    state: stopped
   when: is_ubuntu_18
 
 - name: Install systemd unit file to /etc/systemd/system/dhcpd.service
-  template: src={{ item.src }}
+  template:
-            dest={{ item.dest }}
+    src: "{{ item.src }}"
-            owner=root
+    dest: "{{ item.dest }}"
-            group=root
+    owner: root
-            mode={{ item.mode }}
+    group: root
+    mode: "{{ item.mode }}"
   with_items:
    - { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
 
-- name: Create dhcpd needed files
+- name: Create file /var/lib/dhcpd/dhcpd.leases (redhat)
   command: touch /var/lib/dhcpd/dhcpd.leases
-           creates=/var/lib/dhcpd/dhcpd.leases
+  args:
+    creates: /var/lib/dhcpd/dhcpd.leases
   when: is_redhat
 
-- name: Check lease's permissions
+- name: Set dhcpd.leases permissions/ownership (redhat)
-  file: path=/var/lib/dhcpd/dhcpd.leases
+  file:
-        owner=dhcpd
+    path: /var/lib/dhcpd/dhcpd.leases
-        group=dhcpd
+    owner: dhcpd
-        mode=0644
+    group: dhcpd
-        state=file
+    mode: 0644
+    state: file
   when: is_redhat

roles/network/tasks/edit_ifcfg.yml

@@ -1,43 +1,49 @@
 - name: Turn off ISP nameservers
-  lineinfile: state=present
+  lineinfile:
-              backrefs=yes
+    state: present
-              regexp='^PEERDNS'
+    backrefs: yes
-              line='PEERDNS="no"'
+    regexp: '^PEERDNS'
-              dest={{ has_ifcfg_gw }}
+    line: 'PEERDNS="no"'
+    dest: "{{ has_ifcfg_gw }}"
 
 - name: Turn on local nameserver
-  lineinfile: state=present
+  lineinfile:
-              line='DNS1="127.0.0.1"'
+    state: present
-              dest={{ has_ifcfg_gw }}
+    line: 'DNS1="127.0.0.1"'
+    dest: "{{ has_ifcfg_gw }}"
 
 - name: Remove the UUID
-  lineinfile: state=absent
+  lineinfile:
-              regexp='^UUID'
+    state: absent
-              dest={{ has_ifcfg_gw }}
+    regexp: '^UUID'
+    dest: "{{ has_ifcfg_gw }}"
 
 # Leave wifi as is NAME=<AP> needs to match keyring name.
 - name: Fix the NM name
-  lineinfile: state=present
+  lineinfile:
-              backrefs=yes
+    state: present
-              regexp='^NAME'
+    backrefs: yes
-              line='NAME="iiab-WAN"'
+    regexp: '^NAME'
-              dest={{ has_ifcfg_gw }}
+    line: 'NAME="iiab-WAN"'
+    dest: "{{ has_ifcfg_gw }}"
   when: has_wifi_gw == "none"
 
 # testpoint - quoting and present
 # note DEVICE can change what is displayed via "ip and friends"
 - name: Fix the DEVICE
-  lineinfile: state=present
+  lineinfile:
-              backrefs=yes
+    state: present
-              regexp='^DEVICE'
+    backrefs: yes
-              line='DEVICE="{{ iiab_wan_iface }}"'
+    regexp: '^DEVICE'
-              dest={{ has_ifcfg_gw }}
+    line: 'DEVICE="{{ iiab_wan_iface }}"'
+    dest: "{{ has_ifcfg_gw }}"
   when: iiab_wan_iface != "none" and has_wifi_gw == "none"
 
 - name: Add marker
-  lineinfile: state=present
+  lineinfile:
-              line="# Modified by IIAB"
+    state: present
-              dest={{ has_ifcfg_gw }}
+    line: "# Modified by IIAB"
+    dest: "{{ has_ifcfg_gw }}"
 
 - name: Rename supplied gateway ifcfg file to WAN if present
   shell: mv "{{ has_ifcfg_gw }}" /etc/sysconfig/network-scripts/ifcfg-WAN

roles/network/tasks/enable_wan.yml

@@ -1,32 +1,36 @@
 - name: Turn off ONBOOT for WAN on reboot if disabled
-  lineinfile: state=present
+  lineinfile:
-              backrefs=yes
+    state: present
-              regexp='^ONBOOT'
+    backrefs: yes
-              line='ONBOOT="no"'
+    regexp: '^ONBOOT'
-              dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+    line: 'ONBOOT="no"'
+    dest: /etc/sysconfig/network-scripts/ifcfg-WAN
   when: has_WAN and iiab_wan_iface == "none"
 
 #testpoint Need to ensure we have only one entry
 - name: Ensure macaddress is correct
-  lineinfile: state=present
+  lineinfile:
-              backrefs=yes
+    state: present
-              regexp='^HWADDR'
+    backrefs: yes
-              line='HWADDR="{{ hostvars[inventory_hostname]['ansible_' + iiab_wan_iface]['macaddress'] }}"'
+    regexp: '^HWADDR'
-              dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+    line: 'HWADDR="{{ hostvars[inventory_hostname]['ansible_' + iiab_wan_iface]['macaddress'] }}"'
+    dest: /etc/sysconfig/network-scripts/ifcfg-WAN
   when: has_WAN and iiab_wan_iface != "none"
 
 - name: Fix the DEVICE
-  lineinfile: state=present
+  lineinfile:
-              backrefs=yes
+    state: present
-              regexp='^NAME'
+    backrefs: yes
-              line='NAME="iiab-WAN"'
+    regexp: '^NAME'
-              dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+    line: 'NAME="iiab-WAN"'
+    dest: /etc/sysconfig/network-scripts/ifcfg-WAN
   when: has_WAN and iiab_wan_iface != "none"
 
 - name: Turn on ONBOOT for WAN on reboot if enabled
-  lineinfile: state=present
+  lineinfile:
-              backrefs=yes
+    state: present
-              regexp="^ONBOOT"
+    backrefs: yes
-              line="ONBOOT=yes"
+    regexp: "^ONBOOT"
-              dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+    line: "ONBOOT=yes"
+    dest: /etc/sysconfig/network-scripts/ifcfg-WAN
   when: has_WAN and iiab_wan_iface != "none"

roles/network/tasks/hosts.yml

@@ -1,12 +1,12 @@
 #TODO: Use vars instead of hardcoded values
-- name: Remove FQDN in /etc/hosts without LAN
+- name: Remove FQDN with 172.18.96.1 in /etc/hosts without LAN (if iiab_lan_iface == "none" and not installing)
   lineinfile:
     path: /etc/hosts
     regexp: '^172\.18\.96\.1'
     state: absent
   when: iiab_lan_iface == "none" and not installing
 
-- name: Configure FQDN in /etc/hosts with LAN
+- name: Configure FQDN with 172.18.96.1 in /etc/hosts with LAN (if iiab_lan_iface != "none" and not installing)
   lineinfile:
     path: /etc/hosts
     regexp: '^172\.18\.96\.1'
@@ -14,7 +14,7 @@
     state: present
   when: iiab_lan_iface != "none" and not installing
 
-- name: Configure FQDN in /etc/hosts appliance mode
+- name: Configure FQDN with 127.0.0.1 in /etc/hosts appliance mode (if iiab_lan_iface == "none" and not installing)
   lineinfile:
     path: /etc/hosts
     regexp: '^127\.0\.0\.1'

roles/network/tasks/main.yml

@@ -112,7 +112,7 @@
   tags:
     - network
 
-- name: NetworkManager in use
+- name: NetworkManager in use (if ubuntu-18 and network_manager_active)
   include_tasks: NM-debian.yml
   when: is_ubuntu_18 and network_manager_active
 #and not installing

roles/network/tasks/named.yml

@@ -1,4 +1,4 @@
-- name: Install named packages (debuntu)
+- name: Install named packages (if debuntu)
   package:
     name: "{{ item }}"
     state: present
@@ -9,7 +9,7 @@
   tags:
     - download
 
-- name: Install named packages (OS's that are not debuntu)
+- name: Install named packages (if not debuntu)
   package:
     name: "{{ item }}"
     state: present
@@ -21,7 +21,7 @@
     - download
 
 # or we have to change the serial number in the config files.
-- name: Stop named before copying files
+- name: Stop named before copying files (if first_run and debuntu)
   service:
     name: "{{ dns_service }}"
     state: stopped
@@ -76,27 +76,27 @@
     dest: "/etc/systemd/system/{{ dns_service }}.service"
     mode: 0644
 
-- name: The dns-jail redirect requires the named.blackhole, disabling recursion
+- name: The dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)
 #        in named-iiab.conf, and the redirection of 404 error documents to /
   template:
     src: roles/network/templates/named/dns-jail.conf
     dest: "/etc/{{ apache_config_dir }}/"
   when: dns_jail_enabled
 
-- name: Separate enabling required (debuntu)
+- name: Separate enabling required (if debuntu and dns_jail_enabled)
   file:
     src: "/etc/{{ apache_config_dir }}/dns-jail.conf"
     path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
     state: link
   when: is_debuntu and dns_jail_enabled
 
-- name: Separate disabling required (debuntu)
+- name: Separate disabling required (if debuntu and not dns_jail_enabled)
   file: 
     path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
     state: absent
   when: is_debuntu and not dns_jail_enabled
 
-- name: Separate enabling/disabling required (OS's that are not debuntu)
+- name: Separate enabling/disabling required (if not debuntu and not dns_jail_enabled)
   file:
     path: "/etc/{{ apache_config_dir }}/dns-jail.conf"
     state: absent

roles/network/tasks/redetect.yml

@@ -17,14 +17,17 @@
     dhcp_good: False
 
 # don't shoot ourselves in the foot....
-- name: Disable dhcp server just because
+- name: Disable dhcpd server just because
-  service: name=dhcpd state=stopped
+  service:
+    name: dhcpd
+    state: stopped
 
 ### clear all connections first
 # We should have the LAN torndown at this point.
 
 - name: No ifcfg-WAN known
-  debug: msg="NO WAN known"
+  debug:
+    msg: "NO WAN known"
   when: not has_WAN
 
 - name: Finding connection name for WiFi AP gateway first
@@ -57,7 +60,8 @@
   when: has_WAN
 
 - name: BAD ifcfg-WAN
-  debug: msg="BAD WAN"
+  debug:
+    msg: "BAD WAN"
   when: dhcp_WAN is defined and dhcp_WAN|failed
 
 - name: Delete ifcfg-WAN

roles/network/tasks/squid.yml

@@ -97,7 +97,7 @@
     - option: enabled
       value: "{{ squid_enabled }}"
 
-- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
+- name: Add 'dansguardian' variable values to /etc/iiab/iiab.ini
   ini_file:
     dest: "{{ service_filelist }}"
     section: dansguardian

roles/network/tasks/static.yml

@@ -1,8 +1,9 @@
 # supply an ifcfg if no gateway detected but wan_ip is set
 # set user_wan_iface: <device> and use wan_* for static info
-- name: Supply WAN interface file
+- name: Install WAN interface file /etc/sysconfig/network-scripts/ifcfg-WAN from template
-  template: src=network/ifcfg-WAN.j2
+  template:
-            dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+    src: network/ifcfg-WAN.j2
+    dest: /etc/sysconfig/network-scripts/ifcfg-WAN
 
 - include_tasks: NM.yml
   when: 'ansible_distribution_version <= "20" and wan_ip != "dhcp"'
@@ -12,8 +13,9 @@
   ignore_errors: yes
   when: 'ansible_distribution_version >= "21" and wan_ip != "dhcp"'
 
-- name: Use upstream nameserver until named is installed
+- name: Use upstream nameserver until named (etc) is installed
-  lineinfile: dest=/etc/resolv.conf
+  lineinfile:
-              line='nameserver {{ wan_nameserver }}'
+    dest: /etc/resolv.conf
-              create=yes
+    line: "nameserver {{ wan_nameserver }}"
-              state=present
+    create: yes
+    state: present

roles/network/tasks/wondershaper.yml

@@ -1,43 +1,49 @@
-- name: Copy Wondershaper service script
+- name: Install Wondershaper systemd unit file from template
-  template: backup=yes
+  template:
-            src=roles/network/templates/wondershaper/wondershaper.service
+    backup: yes
-            dest=/etc/systemd/system/wondershaper.service
+    src: roles/network/templates/wondershaper/wondershaper.service
-            mode=0644
+    dest: /etc/systemd/system/wondershaper.service
+    mode: 0644
 
-- name: Copy Wondershaper script
+- name: Install /usr/bin/wondershaper from template
-  template: backup=yes
+  template:
-            src=roles/network/templates/wondershaper/wondershaper.j2
+    backup: yes
-            dest=/usr/bin/wondershaper
+    src: roles/network/templates/wondershaper/wondershaper.j2
-            owner=root
+    dest: /usr/bin/wondershaper
-            group=root
+    owner: root
-            mode=0744
+    group: root
+    mode: 0744
 
 - name: Create conf.d directory
-  file: path=/etc/conf.d
+  file:
-        owner=root
+    path: /etc/conf.d
-        group=root
+    owner: root
-        mode=0755
+    group: root
-        state=directory
+    mode: 0755
+    state: directory
 
-- name: Copy Wondershaper config script
+- name: Install /etc/conf.d/wondershaper.conf from template
-  template: src=roles/network/templates/wondershaper/wondershaper.conf
+  template:
-            dest=/etc/conf.d/wondershaper.conf
+    src: roles/network/templates/wondershaper/wondershaper.conf
-            owner=root
+    dest: /etc/conf.d/wondershaper.conf
-            group=root
+    owner: root
-            mode=0600
+    group: root
+    mode: 0600
 
-- name: Create fact for Wondershaper config file
+- name: Create fact (link) for /etc/conf.d/wondershaper.conf
-  file: src=/etc/conf.d/wondershaper.conf
+  file:
-        dest=/etc/ansible/facts.d/wondershaper.fact
+    src: /etc/conf.d/wondershaper.conf
-        owner=root
+    dest: /etc/ansible/facts.d/wondershaper.fact
-        group=root
+    owner: root
-        state=link
+    group: root
+    state: link
 
-- name: Add 'wondershaper' to service list
+- name: Add 'wondershaper' variable values to /etc/iiab/iiab.ini
-  ini_file: dest='{{ service_filelist }}'
+  ini_file:
-            section=wondershaper
+    dest: "{{ service_filelist }}"
-            option='{{ item.option }}'
+    section: wondershaper
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
     - option: name
       value: wondershaper