Merge pull request #2380 from jvonau/ap0+wifi_up_down_rebased

Ap0+wifi up down rebased [simultaneous WiFi-as-hotspot AND WiFi-as-client]

iiab-network

@@ -11,16 +11,34 @@ if [ ! -f iiab-network.yml ]; then
     exit 1
 fi
 
-if [ ! -f /etc/iiab/config_vars.yml ]; then
-    echo "Creating stub /etc/iiab/config_vars.yml"
-    mkdir -p /etc/iiab
-    echo "{}" > /etc/iiab/config_vars.yml
-fi
-
 OS="unknown"   # will be overridden below, if /etc/iiab/iiab.env is legit
 if [ -f /etc/iiab/iiab.env ]; then
     echo "Reading /etc/iiab/iiab.env"
+    STAGE=0
     source /etc/iiab/iiab.env
+    if grep -q STAGE= /etc/iiab/iiab.env ; then
+        echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env"
+        if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then
+            echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer"
+            exit 1
+        elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then
+            echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range"
+            exit 1
+        elif [ "$STAGE" -lt 3 ]; then
+            echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"
+            echo -e "\nIIAB Stage 3 not complete."
+            echo -e "\nPlease run: ./iiab-install"
+            exit 1
+        fi
+    else
+        echo -e "\nEXITING: STAGE (counter) not found"
+        echo -e "\nIIAB not installed."
+        echo -e "\nPlease run: ./iiab-install"
+        exit 1
+    fi
+else
+    echo -e "\nEXITING: /etc/iiab/iiab.env not found"
+    exit 1
 fi
 
 echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log"

roles/2-common/templates/iiab-startup.sh

@@ -31,8 +31,8 @@ if [[ $(grep -i raspbian /etc/*release) &&
         #)
    #]];
 then
-    ip link set dev wlan0 promisc on
-    echo "wlan0 promiscuous mode ON, internal AP OFF: github.com/iiab/iiab/issues/638"
+#    ip link set dev wlan0 promisc on
+    echo "wlan0 promiscuous mode ON, internal AP OFF: github.com/iiab/iiab/issues/638 DISABLED"
 fi
 
 exit 0

roles/network/defaults/main.yml

@@ -25,19 +25,12 @@
 #
 # hostapd_install: True    # 2020-01-21: do not rely on this var for now (might be implemented in future)
 # hostapd_enabled: True
-# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is
-# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes
-# and content is downloaded, to enable the internal WiFi Access Point / AP!)
-#
-# reboot_to_AP: False
-# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above
-# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless.
-#
-# Above 2 vars set in /opt/iiab/iiab/vars/default_vars.yml
-#
+# Above set in /opt/iiab/iiab/vars/default_vars.yml
+
 hostapd_wait: 5
 host_wireless_n: False
 driver_name: nl80211
+ap0_mac_addr: b8:27:99:12:34:56
 
 # DNS / name resolution
 # dhcpd_install: False
@@ -61,13 +54,14 @@ strict_networking: False
 iiab_demo_mode: False
 gui_static_wan: False
 wan_cidr:
+virtual_network_devices: "-e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth"
 
 # Set defaults for discovery process as strings
 wifi1: "not found-1"
 wifi2: "not found-2"
-ap_device: "none"
+exclude_device: "none"
 device_gw: "none"
-device_gw2: ""
+prior_gw_device: ""
 
 iiab_wan_iface: "none"
 iiab_lan_iface: "none"

roles/network/tasks/NM-debian.yml

@@ -3,27 +3,39 @@
   include_tasks: down-debian.yml
 
 # provide keyfile layout like the XO's used way back.
-- name: Create uuid for NM's keyfile store
-  shell: uuidgen
-  register: uuid_response
+#- name: Create uuid for NM's keyfile store
+#  shell: uuidgen
+#  register: uuid_response
 
-- name: Put the uuid in place
-  set_fact:
-    gen_uuid: "{{ uuid_response.stdout_lines[0] }}"
+#- name: Put the uuid in place
+#  set_fact:
+#    gen_uuid: "{{ uuid_response.stdout_lines[0] }}"
 
-# NM might have a watcher on this path and we don't have to restart NM
-- name: Copy the bridge script for NetworkManager
-  template:
-    dest: /etc/NetworkManager/system-connections/
-    src: network/bridge-br0
-    mode: 0600
-  when: iiab_network_mode != "Appliance"
-
-- name: Remove br0 in Appliance Mode for NetworkManager
+# systemd-networkd handles br0 except for Raspbian
+- name: Remove stale br0 for NetworkManager
   file:
     dest: /etc/NetworkManager/system-connections/bridge-br0
     state: absent
-  when: iiab_network_mode == "Appliance"
+
+- name: Copy ap0-manage.conf for NetworkManager
+  template:
+    dest: /etc/NetworkManager/conf.d/ap0-manage.conf
+    src: network/ap0-manage.conf
+    mode: 0644
+  when: wifi_up_down
+
+- name: Copy manage.conf for NetworkManager when wifi_up_down False
+  template:
+    dest: /etc/NetworkManager/conf.d/wifi-manage.conf
+    src: network/manage.conf.j2
+    mode: 0644
+  when: discovered_wireless_iface != "none" and not wifi_up_down
+
+- name: Remove manage.conf for NetworkManager when wifi_up_down True
+  file:
+    dest: /etc/NetworkManager/conf.d/wifi-manage.conf
+    state: absent
+  when: wifi_up_down
 
 - name: Removing static for NetworkManager
   file:
@@ -58,16 +70,6 @@
     mode: 0600
   when: wan_ip != "dhcp"
 
-- name: Stop wpa_supplicant service
-  service:
-    name: wpa_supplicant
-    state: stopped
-  when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
-
-- name: Mask wpa_supplicant
-  shell: systemctl mask wpa_supplicant
-  when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
-
 - name: Reload systemd
   systemd:
     daemon_reload: yes

roles/network/tasks/computed_network.yml

@@ -6,20 +6,6 @@
     user_wan_iface: "{{ discovered_wan_iface }}"
   when: not (discovered_wan_iface == "none") and not (xo_model == "none") and has_ifcfg_gw == "none"
 
-#- name: Checking for NetworkManager-config-server
-#  shell: rpm -qa | grep  NetworkManager-config-server | wc -l
-#  register: strict_networking_check
-
-#- name: Found Checking for NetworkManager-config-server
-#  set_fact:
-#     strict_networking: True
-#  when: strict_networking_check == "1"
-
-#- name: Use restricted network features
-#  set_fact:
-#     iiab_demo_mode: True
-#  when: teamviewer_install and not strict_networking
-
 - name: XO laptop wants USB WiFi interface as AP mode
   set_fact:
     iiab_wireless_lan_iface: "{{ discovered_lan_iface }}"
@@ -62,7 +48,7 @@
     user_wan_iface: "none"
   when: not iiab_wan_enabled
 
-# gui wants LanController # keeps ifcfg-WAN but onboot=no
+# gui wants LanController
 # the change over might be a little bumpy ATM.
 - name: Setting GUI wants 'LanController'
   set_fact:
@@ -71,10 +57,9 @@
     iiab_gateway_enabled: "False"
   when: gui_desired_network_role is defined and gui_desired_network_role == "LanController"
 
-# device_gw is used with the LAN detection and LAN's ifcfg file deletion.
-# single interface vars/ users would need to set iiab_wan_enabled False as above, to disable the WAN
-# and set user_lan_iface = <device> to suppress the auto detection for the same effect.
-
+# discovered_wan_iface is used with the LAN detection, single interface vars/ users would
+# need to set iiab_wan_enabled False as above, to disable the WAN and set
+# user_lan_iface: <device> to suppress the auto detection for the same effect.
 - name: Setting user_lan_iface for 'LanController' for single interface
   set_fact:
     user_lan_iface: "{{ discovered_wan_iface }}"
@@ -143,24 +128,6 @@
     iiab_lan_iface: "{{ user_lan_iface }}"
   when: not (user_lan_iface == "auto")
 
-# so this works
-- name: Interface count
-  shell: ls /sys/class/net | grep -v -e lo -e bridge0 -e veth -e "br-*" -e docker| wc | awk '{print $1}'
-  register: adapter_count
-
-# well if there ever was a point to tell the user things are FUBAR this is it.
-- name: We're hosed no work interfaces
-  set_fact:
-    iiab_network_mode: "No_network_found"
-  when: adapter_count.stdout|int == 0
-
-# well if there ever was a point to tell the user things are FUBAR this is it.
-- name: I'm not guessing declare gateway please
-  set_fact:
-    iiab_network_mode: "Undetectable_use_local_vars"
-    iiab_wan_iface: "none"
-  when: adapter_count.stdout|int >= 5 and device_gw == "none" and gui_wan_iface == "unset" and gui_static_wan is defined
-
 - name: Record IIAB_WAN_DEVICE to {{ iiab_env_file }}
   lineinfile:
     path: "{{ iiab_env_file }}"
@@ -197,11 +164,3 @@
     value: "{{ iiab_lan_iface }}"
   - option: iiab_network_mode
     value: "{{ iiab_network_mode }}"
-  - option: hostapd_enabled
-    value: "{{ hostapd_enabled }}"
-  - option: host_ssid
-    value: "{{ host_ssid }}"
-  - option: host_wifi_mode
-    value: "{{ host_wifi_mode }}"
-  - option: host_channel
-    value: "{{ host_channel }}"

roles/network/tasks/computed_services.yml

@@ -3,6 +3,7 @@
     dansguardian_enabled: False
     squid_enabled: False
     wondershaper_enabled: False
+    hostapd_enabled: False
     iiab_network_mode: "Appliance"
   when: iiab_lan_iface == "none" or user_lan_iface == "none"
 
@@ -74,3 +75,11 @@
     value: "{{ dnsmasq_enabled }}"
   - option: no_net_restart
     value: "{{ no_net_restart }}"
+  - option: hostapd_enabled
+    value: "{{ hostapd_enabled }}"
+  - option: host_ssid
+    value: "{{ host_ssid }}"
+  - option: host_wifi_mode
+    value: "{{ host_wifi_mode }}"
+  - option: host_channel
+    value: "{{ host_channel }}"

roles/network/tasks/detected_network.yml

@@ -1,23 +1,36 @@
-- name: iiab_wan_device
-  shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}'
-  when: iiab_stage|int > 4
-  register: prior_gw
+# so this works
+- name: Interface count
+  shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}'
+  register: adapter_count
+
+# well if there ever was a point to tell the user things are FUBAR this is it.
+- name: We're hosed no work interfaces
+  fail:    # FORCE IT RED THIS ONCE!
+    msg: "No_network_found"
+  when: adapter_count.stdout|int == 0
 
 - name: Checking for old device gateway interface for device test
+  shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}'
+  when: iiab_stage|int == 9
+  register: prior_gw
+
+- name: Setting device_gw, prior_gw_device
   set_fact:
     device_gw: "{{ prior_gw.stdout }}"
-    device_gw2: "{{ prior_gw.stdout }}"
-  when: iiab_stage|int > 4 and prior_gw is defined and prior_gw.stdout != ""
+    prior_gw_device: "{{ prior_gw.stdout }}"
+  when: prior_gw.stdout is defined and prior_gw.stdout != ""
 
-- name: Setting WAN if detected
+- name: Setting WAN, device_gw if detected
   set_fact:
     iiab_wan_iface: "{{ discovered_wan_iface }}"
     device_gw: "{{ discovered_wan_iface }}"
   when: ansible_default_ipv4.gateway is defined
 
-- name: Red Hat network detection (redhat)
-  include_tasks: detected_redhat.yml
-  when: is_redhat | bool
+- name: Figure out netplan file name
+  shell: ls /etc/netplan
+  register: netplan
+  ignore_errors: True # pre 17.10 doesn't use netplan
+  when: is_ubuntu
 
 - name: Setting dhcpcd_test results
   set_fact:
@@ -75,16 +88,15 @@
   set_fact:
     wifi2: "{{ item|trim }}"
     discovered_wireless_iface: "{{ item|trim }}"
-  when: wireless_list2.stdout is defined and not wireless_list2.stdout == "ap0"
+  when: wireless_list2.stdout is defined and item|trim != "ap0"
   with_items:
     - "{{ wireless_list2.stdout_lines }}"
 #item|trim != discovered_wan_iface
 
 - name: Count WiFi ifaces
-  shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}' | wc -l"
+  shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}' | grep -v -e ap0 | wc -l"
   register: count_wifi_interfaces
 
-# facts are apparently all stored as text, so do text comparisons from here on
 - name: Remember number of WiFi devices
   set_fact:
     num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}"
@@ -94,16 +106,16 @@
 
 - name: XO laptop override 2 WiFi on LAN
   set_fact:
-    ap_device: "eth0"
+    exclude_device: "eth0"
   when: iiab_wan_iface != "eth0" and discovered_wireless_iface != "none" and xo_model == "XO-1.5"
 
-- name: Exclude reserved WiFi adapter if defined - takes adapter name
+- name: Exclude reserved Network Adapter if defined - takes adapter name
   set_fact:
-    ap_device: "{{ reserved_wifi }}"
-  when: reserved_wifi is defined and discovered_wireless_iface != iiab_wan_iface and num_wifi_interfaces >= "2"
+    exclude_device: "{{ reserved_device }}"
+  when: reserved_device is defined
 
 - name: Count LAN ifaces
-  shell: ls /sys/class/net | grep -v -e ap0 -e wwlan -e ppp -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e {{ device_gw }} -e {{ ap_device }} | wc -l
+  shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_device }} | wc -l
   register: num_lan_interfaces_result
 
 - name: Calculate number of LAN interfaces including WiFi
@@ -112,7 +124,7 @@
 
 # LAN - pick non WAN's
 - name: Create list of LAN (non WAN) ifaces
-  shell: ls /sys/class/net | grep -v -e ap0 -e wwlan -e ppp -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e {{ device_gw }} -e {{ ap_device }}
+  shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_device }}
   when: num_lan_interfaces != "0"
   register: lan_list_result
 
@@ -133,20 +145,22 @@
   with_items:
     - "{{ lan_list_result.stdout_lines }}"
 
-- name: Set iiab_wireless_lan_iface if present
+
+- name: Set iiab_wireless_lan_iface to {{ discovered_wireless_iface }} if not none
   set_fact:
     iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
-  when: discovered_wireless_iface is defined and discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface
+  when: discovered_wireless_iface != "none" and not wifi_up_down
+
+- name: Set iiab_wireless_lan_iface to ap0 if WiFi device is present
+  set_fact:
+    iiab_wireless_lan_iface: ap0
+  when: discovered_wireless_iface != "none" and wifi_up_down
 
 - name: Set iiab_wired_lan_iface if present
   set_fact:
     iiab_wired_lan_iface: "{{ discovered_wired_iface }}"
   when: discovered_wired_iface is defined and discovered_wired_iface != "none" and discovered_wired_iface != iiab_wan_iface and not is_raspbian
 
-#unused
-#- name: Get a list of ifcfg files to delete
-# moved to detected_redhat
-
 # use value only if present
 - name: 2 or more devices on the LAN - use bridging
   set_fact:
@@ -197,8 +211,8 @@
   with_items:
   - option: has_ifcfg_gw
     value: "{{ has_ifcfg_gw }}"
-  - option: prior_gateway_(device_gw2)
-    value: "{{ device_gw2 }}"
+  - option: prior_gateway_device
+    value: "{{ prior_gw_device }}"
   - option: dhcpcd_result
     value: "{{ dhcpcd_result }}"
   - option: network_manager_active
@@ -227,3 +241,10 @@
     value: "{{ iiab_lan_iface }}"
   - option: iiab_wan_iface
     value: "{{ iiab_wan_iface }}"
+
+# well if there ever was a point to tell the user things are FUBAR this is it.
+# limit 2 network adapters wifi wired
+- name: I'm not guessing declare gateway please
+  fail:    # FORCE IT RED THIS ONCE!
+    msg: "Undetectable gateway or prior gateway for use with static network addressing from admin-console use local_vars to declare user_wan_iface"
+  when: adapter_count.stdout|int >=3 and gui_wan_iface == "unset" and gui_static_wan

roles/network/tasks/enable_services.yml

@@ -79,23 +79,23 @@
 #- debug:
 #    var: nd_enabled
 
-- name: Check if /etc/networkd-dispatcher/routable.d exists
-  stat:
-    path: /etc/networkd-dispatcher/routable.d
-  register: nd_dir
+#- name: Check if /etc/networkd-dispatcher/routable.d exists
+#  stat:
+#    path: /etc/networkd-dispatcher/routable.d
+#  register: nd_dir
 
 #- debug:
 #    var: nd_dir
 
 #- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and networkd-dispatcher is enabled, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04)
-- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04)
-  template:
-    src: roles/network/templates/network/dnsmasq.sh.j2
-    dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh
-    mode: 0755
-    owner: root
-    group: root
-  when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance")
+#- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04)
+#  template:
+#    src: roles/network/templates/network/dnsmasq.sh.j2
+#    dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh
+#    mode: 0755
+#    owner: root
+#    group: root
+#  when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance")
   #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance")
   #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance")
 

roles/network/tasks/fedora/create_ifcfg.yml.deprecated

@@ -0,0 +1,17 @@
+- name: Stop 'Wired WAN connection'
+  shell: nmcli dev disconnect {{ discovered_wan_iface }}
+  ignore_errors: True
+  changed_when: False
+  when: discovered_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none"
+
+# set user_wan_iface: <device> for static
+# use wan_* for static info
+- name: Supply ifcfg-WAN file
+  template: src=network/ifcfg-WAN.j2
+            dest=/etc/sysconfig/network-scripts/ifcfg-WAN
+  when: iiab_wan_iface != "none" and not has_WAN  and has_ifcfg_gw == "none"
+
+- name: Now setting ifcfg-WAN True after creating file
+  set_fact:
+    has_WAN: True
+  when: iiab_wan_iface != "none" and has_ifcfg_gw == "none"

roles/network/tasks/fedora/hosts.yml.deprecated

@@ -0,0 +1,28 @@
+# this (hosts.yml) WAS invoked by roles/network/tasks/main.yml up until 2019-12-10
+
+#TODO: Use vars instead of hardcoded values
+- name: Remove FQDN with 172.18.96.1 in /etc/hosts without LAN (if iiab_lan_iface == "none" and not installing)
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^172\.18\.96\.1'
+    state: absent
+  when: iiab_lan_iface == "none" and not installing
+
+- name: Configure FQDN with 172.18.96.1 in /etc/hosts with LAN (if iiab_lan_iface != "none" and not installing)
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^172\.18\.96\.1'
+    line: '172.18.96.1     {{ iiab_hostname }}.{{ iiab_domain }} {{ iiab_hostname }} box box.lan'
+    state: present
+  when: not (iiab_lan_iface == "none") and not installing
+
+# roles/0-init/tasks/hostname.yml ALSO does this:
+- name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)'
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^127\.0\.0\.1'
+    line: '127.0.0.1     {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan'
+    owner: root
+    group: root
+    mode: 0644
+  when: iiab_lan_iface == "none" and not installing

roles/network/tasks/hostapd.yml

@@ -1,7 +1,23 @@
-- name: Turn off hostapd when no wifi interface present or in "Appliance Mode"
+- name: Unmask the Access Point 'hostapd' service
+  systemd:
+    name: hostapd
+    enabled: no
+    masked: no
+
+- name: Disable hostapd when not using ap0 and wifi gateway present
   set_fact:
     hostapd_enabled: False
-  when: not iiab_wireless_lan_iface is defined or iiab_network_mode == "Appliance"
+  when: not wifi_up_down and discovered_wireless_iface == iiab_wan_iface
+
+- name: Detect current Wifi channel
+  shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2
+  register: current_host_channel
+  when: discovered_wireless_iface != "none"
+
+- name: Setting WiFi channel to {{ current_host_channel.stdout }}
+  set_fact:
+    host_channel: "{{ current_host_channel.stdout }}"
+  when: current_host_channel.stdout is defined and current_host_channel.stdout != "" and current_host_channel.stdout|int <= 13
 
 - name: Create /etc/hostapd/hostapd.conf from template
   template:
@@ -14,21 +30,38 @@
 
 - name: Create backup /etc/hostapd/hostapd.conf.iiab from template
   template:
-    src: hostapd/iiab-hostapd.conf.j2
+    src: hostapd/hostapd.conf.j2
     dest: /etc/hostapd/hostapd.conf.iiab
     owner: root
     group: root
     mode: 0644
   when: discovered_wireless_iface != "none"
 
-- name: Use custom systemd unit file to start 'hostapd' service
+- name: Generate new random mac address for ap0
+  shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/'
+  register: ap0_mac
+
+- name: Setting ap0 mac address for use in hostapd service file
+  set_fact:
+    ap0_mac_addr: "{{ ap0_mac.stdout }}"
+
+- name: Use custom 'hostapd' systemd service unit file using ap0 when wifi_up_down
   template:
     src: hostapd/hostapd.service.j2
     dest: /etc/systemd/system/hostapd.service
     owner: root
     group: root
     mode: 0644
-  when: discovered_wireless_iface != "none"
+  when: discovered_wireless_iface != "none" and wifi_up_down
+
+- name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down
+  template:
+    src: hostapd/hostapd.legacy.j2
+    dest: /etc/systemd/system/hostapd.service
+    owner: root
+    group: root
+    mode: 0644
+  when: discovered_wireless_iface != "none" and not wifi_up_down
 
 - name: Create /usr/bin/iiab-hotspot-on from template
   template:
@@ -37,7 +70,6 @@
     owner: root
     group: root
     mode: 0755
-  when: is_raspbian | bool
 
 - name: Create /usr/bin/iiab-hotspot-off from template
   template:
@@ -46,14 +78,60 @@
     owner: root
     group: root
     mode: 0755
-  when: is_raspbian | bool
 
-- name: Disable the Access Point 'hostapd' service
-  systemd:
-    name: hostapd
-    enabled: no
-# cheap workaround for when /etc/init.d is populated
-#  when: not hostapd_enabled
+- name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True
+  template:
+    src: hostapd/50-hostapd
+    dest: /lib/dhcpcd/dhcpcd-hooks/50-hostapd
+    owner: root
+    group: root
+    mode: 0644
+  when: is_raspbian and wifi_up_down
+
+- name: Remove dhcpcd hook for hostapd if WiFi is not split using ap0
+  file:
+    path: /lib/dhcpcd/dhcpcd-hooks/50-hostapd
+    state: absent
+  when: is_raspbian and not wifi_up_down
+
+- name: Create networkd-dispatcher diagnosic hook for recording network events
+  template:
+    owner: root
+    group: root
+    mode: 0755
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+  with_items:
+    - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/carrier.d/00-iiab-debug' }
+    - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/degraded.d/00-iiab-debug' }
+    - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/dormant.d/00-iiab-debug' }
+    - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' }
+    - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' }
+    - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' }
+  when: systemd_networkd_active and discovered_wireless_iface != "none"
+
+- name: Create networkd-dispatcher hook for hostapd wifi_up_down True
+  template:
+    owner: root
+    group: root
+    mode: 0755
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+  with_items:
+    - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' }
+    - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' }
+    - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' }
+  when: systemd_networkd_active and discovered_wireless_iface != "none" and wifi_up_down
+
+- name: Remove networkd-dispatcher hook wifi_up_down False
+  file:
+    path: "{{ item.dest }}"
+    state: absent
+  with_items:
+    - { dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' }
+    - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' }
+    - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' }
+  when: systemd_networkd_active and discovered_wireless_iface != "none" and not wifi_up_down
 
 - name: Enable the Access Point 'hostapd' service
   systemd:

roles/network/tasks/main.yml

@@ -1,13 +1,12 @@
 - include_tasks: detected_network.yml
-  when: not installing    # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
 
 - name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY
   set_fact:
-    hostapd_enabled: False    # used in (1) hostapd.yml, (2) rpi_debian.yml +
-                              # (3) its dhcpcd.conf.j2, (4) restart.yml
     no_net_restart: True      # used below in (1) sysd-netd-debian.yml,
-                              # (2) debian.yml, (3) rpi_debian.yml
-  when: discovered_wireless_iface == iiab_wan_iface and not reboot_to_AP
+                              # (2) debian.yml, (3) rpi_debian.yml,
+                              # (4) NM-debian.yml
+  when: discovered_wireless_iface == iiab_wan_iface
+
 # EITHER WAY: hostapd_enabled's state is RECORDED into {{ iiab_env_file }}
 # in hostapd.yml for later use by...
 # /usr/libexec/iiab-startup.sh, iiab-hotspot-off & iiab-hotspot-on
@@ -25,9 +24,6 @@
 #  when: is_raspbian and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP
 
 - include_tasks: computed_network.yml
-  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
-
-- include_tasks: hostapd.yml
 
 #- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network
 #  set_fact:
@@ -35,13 +31,6 @@
 #    hostapd_enabled: False
 #  when: is_raspbian and discovered_wireless_iface is defined and discovered_wired_iface != iiab_wan_iface
 
-##### Start static ip address info for first run #####
-#- include_tasks: static.yml
-#  when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"'
-##### End static ip address info
-
-#- include_tasks: hosts.yml
-
 - name: Configure wondershaper
   include_tasks: wondershaper.yml
   when: wondershaper_install or wondershaper_installed is defined
@@ -58,9 +47,15 @@
   include_tasks: squid.yml
   when: squid_install and FQDN_changed and iiab_stage|int == 9
 
+#preprep for backends
+- name: Netplan in use on Ubuntu 18.04+
+  include_tasks: netplan.yml
+  when: is_ubuntu and not is_ubuntu_16
+
 #### Start services
 
 - include_tasks: avahi.yml
+- include_tasks: hostapd.yml
 - include_tasks: computed_services.yml
 - include_tasks: enable_services.yml
 
@@ -73,12 +68,6 @@
   when: is_redhat | bool
   #and not installing
 
-- name: Netplan in use on Ubuntu 18.04+
-  include_tasks: netplan.yml
-  when: is_ubuntu and not is_ubuntu_16
-  #when: is_ubuntu_18 | bool
-  #and not installing
-
 - name: NetworkManager in use
   include_tasks: NM-debian.yml
   when: is_debuntu and network_manager_active
@@ -89,7 +78,7 @@
   when: is_debuntu and systemd_networkd_active
   #and not installing
 
-- name: RPi's have dhcpcd in use
+- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active
   include_tasks: rpi_debian.yml
   when: is_raspbian
   #and not installing

roles/network/tasks/netplan.yml

@@ -1,20 +1,14 @@
-- name: Figure out netplan file name
-  shell: ls /etc/netplan
-  register: netplan
-
 - name: Disable cloud-init the easy way
   shell: touch /etc/cloud/cloud-init.disabled
-  when: ("item" == "50-cloud-init.yaml")
+  when: item|trim == "50-cloud-init.yaml"
   with_items:
     - "{{ netplan.stdout_lines }}"
 
-- name: Remove stock netplan template
-  file:
-    state: absent
-    path: /etc/netplan/{{ item }}
+- name: Moving 50-cloud-init.yaml to 02-iiab-config.yaml
+  shell: mv /etc/netplan/50-cloud-init.yaml /etc/netplan/02-iiab-config.yaml
+  when: netplan.stdout.find("yaml") != -1 and item|trim == "50-cloud-init.yaml"
   with_items:
     - "{{ netplan.stdout_lines }}"
-  when: netplan.stdout.find("yaml") != -1
 
 - name: Cheap way to do systemd unmask
   file:
@@ -29,25 +23,46 @@
     - systemd-networkd-wait-online
   when: systemd_networkd_active | bool
 
+- name: Unmask and enable the systemd-networkd service for br0
+  systemd:
+    name: systemd-networkd
+    enabled: yes
+    masked: no
+  when: network_manager_active | bool and iiab_lan_iface == "br0"
+
+- name: Ensure systemd-networkd gets enabled for br0
+  set_fact:
+    systemd_networkd_active: True
+  when: network_manager_active | bool and iiab_lan_iface == "br0"
+
 # ICO will always set gui_static_wan_ip away from the default of 'unset' while
 # gui_static_wan turns dhcp on/off through wan_ip in computed_network and
 # overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars
 # is a oneway street to static.
-- name: Static IP computing CIDR
-  shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}'
-  register: CIDR
-  when: wan_ip != "dhcp"
+#- name: Static IP computing CIDR
+#  shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}'
+#  register: CIDR
+#  when: wan_ip != "dhcp"
 
-- name: Static IP setting CIDR
-  set_fact:
-    wan_cidr: "{{ CIDR.stdout }}"
-  when: wan_ip != "dhcp"
+#- name: Static IP setting CIDR
+#  set_fact:
+#    wan_cidr: "{{ CIDR.stdout }}"
+#  when: wan_ip != "dhcp"
 
-- name: Supply netplan template
-  template:
-    dest: /etc/netplan/01-iiab-config.yaml
-    src: network/netplan.j2
-    backup: no
+- name: Remove stock netplan template
+  file:
+    state: absent
+    path: /etc/netplan/{{ item }}
+  when: netplan.stdout.find("yaml") != -1 and item|trim != "02-iiab-config.yaml" and wan_ip != "dhcp"
+  with_items:
+    - "{{ netplan.stdout_lines }}"
+
+#- name: Supply netplan template
+#  template:
+#    dest: /etc/netplan/01-iiab-config.yaml
+#    src: network/netplan.j2
+#    backup: no
+#  when: iiab_wan_iface != discovered_wireless_iface and wan_ip != "dhcp"
 
 # should blow up here if we messed up the yml file
 #- name: Generate netplan config

roles/network/tasks/restart.yml

@@ -2,7 +2,8 @@
   systemd:
     name: hostapd
     state: restarted
-  when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
+#  when: iiab_wireless_lan_iface is defined and hostapd_enabled and discovered_wireless_iface != iiab_wan_iface
+  when: hostapd_enabled and iiab_wireless_lan_iface is defined and discovered_wireless_iface == iiab_wireless_lan_iface
 
 - name: Start named service
   systemd:
@@ -53,6 +54,11 @@
     creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway
   when: iiab_network_mode == "Gateway"
 
+#netplan de-configures pre-created bridged interfaces 
+#- name: Reload netplan when Wifi is not gateway on Ubuntu 18+
+#  shell: netplan apply
+#  when: not no_net_restart and is_ubuntu and netplan.stdout.find("yaml") != -1
+
 - name: Waiting {{ hostapd_wait }} seconds for network to stabilize (dnsmasq will fail if br0 isn't in a 'up' state!)
   shell: sleep {{ hostapd_wait }}
 
@@ -61,7 +67,7 @@
 
 - name: Checking if WiFi slave is active
   shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l
-  when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_lan_iface == "br0"
+  when: hostapd_enabled and discovered_wireless_iface != iiab_wan_iface and iiab_lan_iface == "br0"
   register: wifi_slave
 
 - name: Restart hostapd if WiFi slave is inactive
@@ -74,6 +80,6 @@
   systemd:
     name: "{{ dhcp_service2 }}"
     state: restarted
-  when: not no_net_restart
+  when: not no_net_restart and discovered_wireless_iface == "none"
   #when: (iiab_network_mode != "Appliance")    # Sufficient b/c br0 exists thanks to /etc/network/interfaces.d/iiab
   #when: iiab_network_mode != "Appliance" and iiab_wan_iface != discovered_wireless_iface

roles/network/tasks/sysd-netd-debian.yml

@@ -11,11 +11,14 @@
     src: network/systemd-br0-network.j2
   when: iiab_lan_iface == "br0"
 
-- name: Copy the bridge script - Assigns br0 wired slaves
+# can be more than one wired interface
+- name: Wired enslaving - Assigns lan_list_results to br0 as wired slaves if present
   template:
-    dest: /etc/systemd/network/IIAB-Slave.network
     src: network/systemd-br0-slave.j2
-  when: iiab_wired_lan_iface is defined and iiab_lan_iface == "br0"
+    dest: /etc/systemd/network/IIAB-Slave-{{ item|trim }}.network
+  with_items:
+    - "{{ lan_list_result.stdout_lines }}"
+  when: iiab_wired_lan_iface is defined and num_lan_interfaces|int >= 1 and not network_manager_active
 
 - name: Remove static WAN template
   file:
@@ -33,11 +36,12 @@
     wan_cidr: "{{ CIDR.stdout }}"
   when: wan_ip != "dhcp"
 
-- name: Supply static WAN template (ubuntu-16)
+- name: Supply static WAN template when network_manager_active is False
   template:
     dest: /etc/systemd/network/IIAB-Static.network
     src: network/systemd-static-net.j2
-  when: wan_ip != "dhcp" and is_ubuntu_16
+  when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active )
+
   #when: wan_ip != "dhcp" and not is_ubuntu_18
 
 - name: Stopping services
@@ -50,6 +54,6 @@
 - name: Restart the systemd-networkd service
   systemd:
     name: systemd-networkd
-    enabled: yes
     state: restarted
-  when: not nobridge is defined and not no_net_restart
+  #when: (netplan.stdout is undefined or netplan.stdout.find("yaml") == -1) and not no_net_restart
+  when: not no_net_restart

roles/network/templates/hostapd/00-iiab-debug

@@ -0,0 +1,2 @@
+#!/bin/bash
+echo "NET-DISP-$AdministrativeState $IFACE $STATE"

roles/network/templates/hostapd/50-hostapd

@@ -0,0 +1,20 @@
+
+if [ "$interface" = "wlan0" ]; then
+    REASON="$reason"
+    if [ "$reason" = "CARRIER" ]; then
+        syslog info "50-iiab CARRIER change wlan0"
+        # wpa_supplicant wants MHz for frequency= while hostapd wants channel..... whatever
+        # FREQ=`iw wlan0 info|grep channel|cut -d' ' -f9`
+        FREQ=`iw wlan0 info|grep channel|cut -d' ' -f2`
+        syslog info "40-iiab set channel $FREQ"
+        sed -i -e "s/^channel.*/channel=$FREQ /" /etc/hostapd/hostapd.conf
+        # will need a reboot for hostapd if the channel changed
+    fi
+    # spams the logging
+    #syslog info "50-iiab set ap0 spam $REASON"
+    if [ -e /sys/class/net/ap0 ] && ! [ "$reason" = "ROUTERADVERT" ]; then
+        syslog info "50-iiab set ap0 up $REASON"
+        # keeps ap0 up so hostapd works
+        ip link set ap0 up
+    fi
+fi

roles/network/templates/hostapd/70-persistent-net.rules

@@ -0,0 +1,3 @@
+SUBSYSTEM=="ieee80211", ACTION=="add|change", KERNEL=="phy0", \
+  RUN+="/sbin/iw phy phy0 interface add ap0 type __ap", \
+  RUN+="/sbin/ip link set ap0 address {{ ap0_mac_addr }}"

roles/network/templates/hostapd/hostapd.conf.j2

@@ -1,7 +1,6 @@
 # Basic configuration
 
-interface={% if iiab_wireless_lan_iface is defined %}{{ iiab_wireless_lan_iface }}{% endif %}
-
+interface={{ iiab_wireless_lan_iface }}
 
 ssid={{ host_ssid }}
 channel={{ host_channel }}

roles/network/templates/hostapd/hostapd.legacy.j2

@@ -0,0 +1,12 @@
+[Unit]
+Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
+Before=network.target
+Wants=network-pre.target
+
+[Service]
+Type=idle
+PIDFile=/run/hostapd.pid
+ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid /etc/hostapd/hostapd.conf
+
+[Install]
+WantedBy=multi-user.target

roles/network/templates/hostapd/hostapd.service.j2

@@ -1,12 +1,30 @@
 [Unit]
 Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
-Before=network.target
 Wants=network-pre.target
+After=network-pre.target
+{% if is_raspbian %}
+Before=dhcpcd.service
+{% endif %}
+Before=wpa_supplicant.service
+Before=wpa_supplicant@{{ discovered_wireless_iface }}.service
+{% if network_manager_active %}
+Before=network-manager.service
+{% endif %}
+{% if is_ubuntu and netplan.stdout.find("yaml") != -1 %}
+Before=netplan-wpa-{{ discovered_wireless_iface }}.service
+{% endif %}
+Before=network.target
 
 [Service]
-Type=idle
+Type=forking
+Restart=on-failure
+RestartSec=2
 PIDFile=/run/hostapd.pid
-ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid /etc/hostapd/hostapd.conf
+ExecStartPre=-/sbin/iw phy phy0 interface add ap0 type __ap
+ExecStartPre=-/sbin/ip link set ap0 address {{ ap0_mac_addr }}
+ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf
+ExecStartPost=-/sbin/ip link set ap0 up
+ExecStopPost=-/sbin/iw dev ap0 del
 
 [Install]
 WantedBy=multi-user.target

roles/network/templates/hostapd/iiab-hostapd.conf.j2

@@ -1,32 +0,0 @@
-# Basic configuration
-
-interface={{ discovered_wireless_iface }}
-
-ssid={{ host_ssid }}
-channel={{ host_channel }}
-{%if iiab_lan_iface == "br0" %}
-bridge=br0
-{% endif %}
-
-# Hardware configuration
-driver={{ driver_name }}
-{%if host_wireless_n %}
-ieee80211n=1
-{% endif %}
-country_code={{ host_country_code }}
-# limit emissions to what is legal in country
-ieee80211d=1
-hw_mode={{ host_wifi_mode }}
-
-{%if hostapd_secure %}
-# Use WPA authentication
-auth_algs=1
-# Use WPA2
-wpa=2
-# Use a pre-shared key
-wpa_key_mgmt=WPA-PSK
-# The network passphrase
-wpa_passphrase={{ hostapd_password }}
-# Use AES, instead of TKIP
-rsn_pairwise=CCMP
-{% endif %}

roles/network/templates/hostapd/netd-disp

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then
+    echo "NET-DISP-WiFi $IFACE $STATE"
+    /usr/sbin/ip link set ap0 up
+fi
+

roles/network/templates/network/ap0-manage.conf

@@ -0,0 +1,3 @@
+# IIAB WiFi
+[keyfile]
+unmanaged-devices=interface-name:ap0

roles/network/templates/network/dhcpcd.conf.j2

@@ -38,21 +38,22 @@ require dhcp_server_identifier
 slaac private
 
 # IIAB
+denyinterfaces {{ iiab_wireless_lan_iface }}
 
+# Setting iiab_wired_lan_iface would install the device as a slave under
+# br0 so we need to turn off the dhcp client in that network layout.
+# Auto creation of the wired slave is suppressed in discovered_network.yml
+# -> Set iiab_wired_lan_iface if present is conditional on is_raspbian
+# Slave creation can be forced by populating local_vars.yml with
+# 'iiab_wired_lan_iface: eth0' which populates /etc/network/interfaces.d/iiab
+# with 'bridge_ports eth0' in place of 'bridge_ports none'
 # Always (try) to run DHCP client on RPi's Ethernet port, for in-field
 # "cablemodems" used by many non-technical operators, who want Zero-Hassle
 # Updates.  This means AVOIDING "denyinterfaces eth0" below:
-{% if is_raspbian and hostapd_enabled %}
-denyinterfaces{% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }}{% endif %}
-{% elif is_raspbian %}
-#denyinterfaces{% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }}{% endif %}
-{% else %}
-denyinterfaces{% if iiab_wireless_lan_iface is defined %} {{ iiab_wireless_lan_iface }}{% endif %}{% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }}{% endif %}
+{% if iiab_wired_lan_iface is defined %}
+denyinterfaces {{ iiab_wired_lan_iface }}
 {% endif %}
 
-# FYI this 'denyinterfaces' line (here in /etc/dhcpcd.conf) is commented out by
-# /usr/bin/iiab-hotspot-off, and uncommented by /usr/bin/iiab-hotspot-on
-
 {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %}
 interface {{ iiab_lan_iface }}
 static ip_address={{ lan_ip }}/19

roles/network/templates/network/dnsmasq.sh.j2

@@ -1,5 +1,7 @@
 #!/bin/bash
 
 if [ "$IFACE" == "{{ iiab_lan_iface }}" ]; then
-    /bin/systemctl restart dnsmasq.service
+    echo "Restarting dnsmasq in 5 seconds"
+    /bin/sleep 5 && /bin/systemctl --no-block restart dnsmasq.service
+    echo "Restarting dnsmasq"
 fi

roles/network/templates/network/iiab-hotspot-off

@@ -1,4 +1,6 @@
 #!/bin/bash
+{% if is_raspbian %}
+# hotspot-off before ap0_updown
 sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf
 systemctl disable hostapd
 systemctl stop hostapd
@@ -7,13 +9,24 @@ systemctl stop hostapd
 systemctl daemon-reload
 systemctl restart dhcpcd
 #systemctl restart networking 6/15/2019 TFM removed
-
+sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }}
 # Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease"
 # Set wlan0 to promiscuous when AP's OFF (for possible WiFi gateway)
 # SEE ALSO iiab-hotspot-on + /usr/libexec/iiab-startup.sh
 # https://github.com/iiab/iiab/issues/638#issuecomment-355455454
-if grep -qi raspbian /etc/*release; then
-    ip link set dev wlan0 promisc on
-fi
-
+#if grep -qi raspbian /etc/*release; then
+#    ip link set dev wlan0 promisc on
+#fi
+{% else %}
+systemctl disable hostapd
+systemctl stop hostapd
 sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }}
+echo " IIAB hotspot access point Disabled"
+{% if wifi_up_down %}
+exit 0
+{% else %}
+sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf
+echo -e "\nPlease reboot to enable upstream WiFi access.\n"
+exit 0
+{% endif %}
+{% endif %}

roles/network/templates/network/iiab-hotspot-on

@@ -1,24 +1,36 @@
 #!/bin/bash
+
+{% if is_raspbian %}
+# just do what we have always done in hotspot-on
 cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf
 sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf
 # shut down wlan0 in case connected to network
 ip link set wlan0 down
 systemctl enable hostapd
-#systemctl enable dnsmasq
+#systemctl daemon-reload
 systemctl daemon-reload
 systemctl restart dhcpcd
-#systemctl restart networking 6/15/2019 TFM removed
 systemctl start hostapd
 systemctl start dnsmasq
+sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }}
 
 # Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease"
 # Disable "promiscuous" on wlan0 when AP (i.e. no WiFi gateway)
 # SEE ALSO iiab-hotspot-off + /usr/libexec/iiab-startup.sh
 # https://github.com/iiab/iiab/issues/638#issuecomment-355455454
-if grep -qi raspbian /etc/*release; then
-    ip link set dev wlan0 promisc off
-fi
+#if grep -qi raspbian /etc/*release; then
+#    ip link set dev wlan0 promisc off
+#fi
 
+{% else %}
+systemctl enable hostapd
 sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }}
-
-echo -e "\nPlease consider rebooting now.\n"
+{% if wifi_up_down %}
+echo -e "\nPlease reboot to activate hostapd feature.\n"
+exit 0
+{% else %}
+sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf
+echo -e "\nPlease reboot to activate hostapd feature.\n"
+exit 0
+{% endif %}
+{% endif %}

roles/network/templates/network/manage.conf.j2

@@ -0,0 +1,4 @@
+# IIAB WiFi
+[device]
+match-device=interface-name:{{ discovered_wireless_iface }}
+managed=1

roles/network/templates/network/rpi.j2

@@ -3,6 +3,8 @@
 # gui_desired_network_role is {{ gui_desired_network_role }}
 {% endif %}
 {% if iiab_network_mode != "Appliance"  %}
+# auto wired slave creation is suppressed in detected_network.yml
+# 'none' would become the name of the wired slave device.
 #################   LANCONTROLLER   ###################
 auto br0
 iface br0 inet manual

roles/network/templates/network/systemd-br0-network.j2

@@ -5,6 +5,7 @@ Name=br0
 [Network]
 Address={{ lan_ip }}/19
 LinkLocalAddressing=no
+ConfigureWithoutCarrier=yes
 # Commenting the below line as it has been causing race/looping issues between dnsmasq and systemd-resolved
 # IIAB ticket #1747
 #DNS={{ lan_ip }}

roles/network/templates/network/systemd-br0-slave.j2

@@ -1,5 +1,9 @@
-# /etc/systemd/network/IIAB-Slave.network
+# /etc/systemd/network/IIAB-Slave-{{ iiab_wired_lan_iface }}.network
 [Match]
 Name={{ iiab_wired_lan_iface }}
+
+[Link]
+RequiredForOnline=no
+
 [Network]
 Bridge=br0

vars/default_vars.yml

@@ -98,9 +98,8 @@ hostapd_enabled: True
 # Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is
 # being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes
 # and content is downloaded, to enable the internal WiFi Access Point / AP!)
-reboot_to_AP: False
-# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above
-# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless.
+wifi_up_down: True    # Creates a second virtual wifi adapter for WiFi upstream to internet
+                      # as well as classroom hotspot, use iiab_gateway_enabled for pass through
 
 # Gateway mode
 iiab_lan_enabled: True

vars/local_vars_big.yml

@@ -46,6 +46,8 @@ host_wifi_mode: g
 host_channel: 6
 hostapd_secure: False
 hostapd_password: changeme
+wifi_up_down: True    # Creates a second virtual wifi adapter for WiFi upstream to internet
+                      # as well as classroom hotspot, use iiab_gateway_enabled for pass through
 
 # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO
 wan_ip: dhcp       # wan_ip: 192.168.1.99

vars/local_vars_medium.yml

@@ -46,6 +46,8 @@ host_wifi_mode: g
 host_channel: 6
 hostapd_secure: False
 hostapd_password: changeme
+wifi_up_down: True    # Creates a second virtual wifi adapter for WiFi upstream to internet
+                      # as well as classroom hotspot, use iiab_gateway_enabled for pass through
 
 # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO
 wan_ip: dhcp       # wan_ip: 192.168.1.99

vars/local_vars_min.yml

@@ -46,6 +46,8 @@ host_wifi_mode: g
 host_channel: 6
 hostapd_secure: False
 hostapd_password: changeme
+wifi_up_down: True    # Creates a second virtual wifi adapter for WiFi upstream to internet
+                      # as well as classroom hotspot, use iiab_gateway_enabled for pass through
 
 # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO
 wan_ip: dhcp       # wan_ip: 192.168.1.99