diff --git a/iiab-network b/iiab-network index 0bef05005..d73978e63 100755 --- a/iiab-network +++ b/iiab-network @@ -11,16 +11,34 @@ if [ ! -f iiab-network.yml ]; then exit 1 fi -if [ ! -f /etc/iiab/config_vars.yml ]; then - echo "Creating stub /etc/iiab/config_vars.yml" - mkdir -p /etc/iiab - echo "{}" > /etc/iiab/config_vars.yml -fi - OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit if [ -f /etc/iiab/iiab.env ]; then echo "Reading /etc/iiab/iiab.env" + STAGE=0 source /etc/iiab/iiab.env + if grep -q STAGE= /etc/iiab/iiab.env ; then + echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env" + if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer" + exit 1 + elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range" + exit 1 + elif [ "$STAGE" -lt 3 ]; then + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE" + echo -e "\nIIAB Stage 3 not complete." + echo -e "\nPlease run: ./iiab-install" + exit 1 + fi + else + echo -e "\nEXITING: STAGE (counter) not found" + echo -e "\nIIAB not installed." + echo -e "\nPlease run: ./iiab-install" + exit 1 + fi +else + echo -e "\nEXITING: /etc/iiab/iiab.env not found" + exit 1 fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" diff --git a/roles/2-common/templates/iiab-startup.sh b/roles/2-common/templates/iiab-startup.sh index b563b908d..e84eab8f0 100644 --- a/roles/2-common/templates/iiab-startup.sh +++ b/roles/2-common/templates/iiab-startup.sh @@ -31,8 +31,8 @@ if [[ $(grep -i raspbian /etc/*release) && #) #]]; then - ip link set dev wlan0 promisc on - echo "wlan0 promiscuous mode ON, internal AP OFF: github.com/iiab/iiab/issues/638" +# ip link set dev wlan0 promisc on + echo "wlan0 promiscuous mode ON, internal AP OFF: github.com/iiab/iiab/issues/638 DISABLED" fi exit 0 diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 7cdf5b37c..d1928bdb2 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -25,19 +25,12 @@ # # hostapd_install: True # 2020-01-21: do not rely on this var for now (might be implemented in future) # hostapd_enabled: True -# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is -# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes -# and content is downloaded, to enable the internal WiFi Access Point / AP!) -# -# reboot_to_AP: False -# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above -# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless. -# -# Above 2 vars set in /opt/iiab/iiab/vars/default_vars.yml -# +# Above set in /opt/iiab/iiab/vars/default_vars.yml + hostapd_wait: 5 host_wireless_n: False driver_name: nl80211 +ap0_mac_addr: b8:27:99:12:34:56 # DNS / name resolution # dhcpd_install: False @@ -61,13 +54,14 @@ strict_networking: False iiab_demo_mode: False gui_static_wan: False wan_cidr: +virtual_network_devices: "-e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" # Set defaults for discovery process as strings wifi1: "not found-1" wifi2: "not found-2" -ap_device: "none" +exclude_device: "none" device_gw: "none" -device_gw2: "" +prior_gw_device: "" iiab_wan_iface: "none" iiab_lan_iface: "none" diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 0c095a4bb..7b3a356f5 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -3,27 +3,39 @@ include_tasks: down-debian.yml # provide keyfile layout like the XO's used way back. -- name: Create uuid for NM's keyfile store - shell: uuidgen - register: uuid_response +#- name: Create uuid for NM's keyfile store +# shell: uuidgen +# register: uuid_response -- name: Put the uuid in place - set_fact: - gen_uuid: "{{ uuid_response.stdout_lines[0] }}" +#- name: Put the uuid in place +# set_fact: +# gen_uuid: "{{ uuid_response.stdout_lines[0] }}" -# NM might have a watcher on this path and we don't have to restart NM -- name: Copy the bridge script for NetworkManager - template: - dest: /etc/NetworkManager/system-connections/ - src: network/bridge-br0 - mode: 0600 - when: iiab_network_mode != "Appliance" - -- name: Remove br0 in Appliance Mode for NetworkManager +# systemd-networkd handles br0 except for Raspbian +- name: Remove stale br0 for NetworkManager file: dest: /etc/NetworkManager/system-connections/bridge-br0 state: absent - when: iiab_network_mode == "Appliance" + +- name: Copy ap0-manage.conf for NetworkManager + template: + dest: /etc/NetworkManager/conf.d/ap0-manage.conf + src: network/ap0-manage.conf + mode: 0644 + when: wifi_up_down + +- name: Copy manage.conf for NetworkManager when wifi_up_down False + template: + dest: /etc/NetworkManager/conf.d/wifi-manage.conf + src: network/manage.conf.j2 + mode: 0644 + when: discovered_wireless_iface != "none" and not wifi_up_down + +- name: Remove manage.conf for NetworkManager when wifi_up_down True + file: + dest: /etc/NetworkManager/conf.d/wifi-manage.conf + state: absent + when: wifi_up_down - name: Removing static for NetworkManager file: @@ -58,16 +70,6 @@ mode: 0600 when: wan_ip != "dhcp" -- name: Stop wpa_supplicant service - service: - name: wpa_supplicant - state: stopped - when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" - -- name: Mask wpa_supplicant - shell: systemctl mask wpa_supplicant - when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" - - name: Reload systemd systemd: daemon_reload: yes diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index fb27dc7b5..08540b94e 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -6,20 +6,6 @@ user_wan_iface: "{{ discovered_wan_iface }}" when: not (discovered_wan_iface == "none") and not (xo_model == "none") and has_ifcfg_gw == "none" -#- name: Checking for NetworkManager-config-server -# shell: rpm -qa | grep NetworkManager-config-server | wc -l -# register: strict_networking_check - -#- name: Found Checking for NetworkManager-config-server -# set_fact: -# strict_networking: True -# when: strict_networking_check == "1" - -#- name: Use restricted network features -# set_fact: -# iiab_demo_mode: True -# when: teamviewer_install and not strict_networking - - name: XO laptop wants USB WiFi interface as AP mode set_fact: iiab_wireless_lan_iface: "{{ discovered_lan_iface }}" @@ -62,7 +48,7 @@ user_wan_iface: "none" when: not iiab_wan_enabled -# gui wants LanController # keeps ifcfg-WAN but onboot=no +# gui wants LanController # the change over might be a little bumpy ATM. - name: Setting GUI wants 'LanController' set_fact: @@ -71,10 +57,9 @@ iiab_gateway_enabled: "False" when: gui_desired_network_role is defined and gui_desired_network_role == "LanController" -# device_gw is used with the LAN detection and LAN's ifcfg file deletion. -# single interface vars/ users would need to set iiab_wan_enabled False as above, to disable the WAN -# and set user_lan_iface = to suppress the auto detection for the same effect. - +# discovered_wan_iface is used with the LAN detection, single interface vars/ users would +# need to set iiab_wan_enabled False as above, to disable the WAN and set +# user_lan_iface: to suppress the auto detection for the same effect. - name: Setting user_lan_iface for 'LanController' for single interface set_fact: user_lan_iface: "{{ discovered_wan_iface }}" @@ -143,24 +128,6 @@ iiab_lan_iface: "{{ user_lan_iface }}" when: not (user_lan_iface == "auto") -# so this works -- name: Interface count - shell: ls /sys/class/net | grep -v -e lo -e bridge0 -e veth -e "br-*" -e docker| wc | awk '{print $1}' - register: adapter_count - -# well if there ever was a point to tell the user things are FUBAR this is it. -- name: We're hosed no work interfaces - set_fact: - iiab_network_mode: "No_network_found" - when: adapter_count.stdout|int == 0 - -# well if there ever was a point to tell the user things are FUBAR this is it. -- name: I'm not guessing declare gateway please - set_fact: - iiab_network_mode: "Undetectable_use_local_vars" - iiab_wan_iface: "none" - when: adapter_count.stdout|int >= 5 and device_gw == "none" and gui_wan_iface == "unset" and gui_static_wan is defined - - name: Record IIAB_WAN_DEVICE to {{ iiab_env_file }} lineinfile: path: "{{ iiab_env_file }}" @@ -197,11 +164,3 @@ value: "{{ iiab_lan_iface }}" - option: iiab_network_mode value: "{{ iiab_network_mode }}" - - option: hostapd_enabled - value: "{{ hostapd_enabled }}" - - option: host_ssid - value: "{{ host_ssid }}" - - option: host_wifi_mode - value: "{{ host_wifi_mode }}" - - option: host_channel - value: "{{ host_channel }}" diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 72fdd951c..26523cd1c 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -3,6 +3,7 @@ dansguardian_enabled: False squid_enabled: False wondershaper_enabled: False + hostapd_enabled: False iiab_network_mode: "Appliance" when: iiab_lan_iface == "none" or user_lan_iface == "none" @@ -74,3 +75,11 @@ value: "{{ dnsmasq_enabled }}" - option: no_net_restart value: "{{ no_net_restart }}" + - option: hostapd_enabled + value: "{{ hostapd_enabled }}" + - option: host_ssid + value: "{{ host_ssid }}" + - option: host_wifi_mode + value: "{{ host_wifi_mode }}" + - option: host_channel + value: "{{ host_channel }}" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 25f71d48d..c6d73192f 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,23 +1,36 @@ -- name: iiab_wan_device - shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}' - when: iiab_stage|int > 4 - register: prior_gw +# so this works +- name: Interface count + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}' + register: adapter_count + +# well if there ever was a point to tell the user things are FUBAR this is it. +- name: We're hosed no work interfaces + fail: # FORCE IT RED THIS ONCE! + msg: "No_network_found" + when: adapter_count.stdout|int == 0 - name: Checking for old device gateway interface for device test + shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}' + when: iiab_stage|int == 9 + register: prior_gw + +- name: Setting device_gw, prior_gw_device set_fact: device_gw: "{{ prior_gw.stdout }}" - device_gw2: "{{ prior_gw.stdout }}" - when: iiab_stage|int > 4 and prior_gw is defined and prior_gw.stdout != "" + prior_gw_device: "{{ prior_gw.stdout }}" + when: prior_gw.stdout is defined and prior_gw.stdout != "" -- name: Setting WAN if detected +- name: Setting WAN, device_gw if detected set_fact: iiab_wan_iface: "{{ discovered_wan_iface }}" device_gw: "{{ discovered_wan_iface }}" when: ansible_default_ipv4.gateway is defined -- name: Red Hat network detection (redhat) - include_tasks: detected_redhat.yml - when: is_redhat | bool +- name: Figure out netplan file name + shell: ls /etc/netplan + register: netplan + ignore_errors: True # pre 17.10 doesn't use netplan + when: is_ubuntu - name: Setting dhcpcd_test results set_fact: @@ -75,16 +88,15 @@ set_fact: wifi2: "{{ item|trim }}" discovered_wireless_iface: "{{ item|trim }}" - when: wireless_list2.stdout is defined and not wireless_list2.stdout == "ap0" + when: wireless_list2.stdout is defined and item|trim != "ap0" with_items: - "{{ wireless_list2.stdout_lines }}" #item|trim != discovered_wan_iface - name: Count WiFi ifaces - shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}' | wc -l" + shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}' | grep -v -e ap0 | wc -l" register: count_wifi_interfaces -# facts are apparently all stored as text, so do text comparisons from here on - name: Remember number of WiFi devices set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" @@ -94,16 +106,16 @@ - name: XO laptop override 2 WiFi on LAN set_fact: - ap_device: "eth0" + exclude_device: "eth0" when: iiab_wan_iface != "eth0" and discovered_wireless_iface != "none" and xo_model == "XO-1.5" -- name: Exclude reserved WiFi adapter if defined - takes adapter name +- name: Exclude reserved Network Adapter if defined - takes adapter name set_fact: - ap_device: "{{ reserved_wifi }}" - when: reserved_wifi is defined and discovered_wireless_iface != iiab_wan_iface and num_wifi_interfaces >= "2" + exclude_device: "{{ reserved_device }}" + when: reserved_device is defined - name: Count LAN ifaces - shell: ls /sys/class/net | grep -v -e ap0 -e wwlan -e ppp -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e {{ device_gw }} -e {{ ap_device }} | wc -l + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_device }} | wc -l register: num_lan_interfaces_result - name: Calculate number of LAN interfaces including WiFi @@ -112,7 +124,7 @@ # LAN - pick non WAN's - name: Create list of LAN (non WAN) ifaces - shell: ls /sys/class/net | grep -v -e ap0 -e wwlan -e ppp -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e {{ device_gw }} -e {{ ap_device }} + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_device }} when: num_lan_interfaces != "0" register: lan_list_result @@ -133,20 +145,22 @@ with_items: - "{{ lan_list_result.stdout_lines }}" -- name: Set iiab_wireless_lan_iface if present + +- name: Set iiab_wireless_lan_iface to {{ discovered_wireless_iface }} if not none set_fact: iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" - when: discovered_wireless_iface is defined and discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface + when: discovered_wireless_iface != "none" and not wifi_up_down + +- name: Set iiab_wireless_lan_iface to ap0 if WiFi device is present + set_fact: + iiab_wireless_lan_iface: ap0 + when: discovered_wireless_iface != "none" and wifi_up_down - name: Set iiab_wired_lan_iface if present set_fact: iiab_wired_lan_iface: "{{ discovered_wired_iface }}" when: discovered_wired_iface is defined and discovered_wired_iface != "none" and discovered_wired_iface != iiab_wan_iface and not is_raspbian -#unused -#- name: Get a list of ifcfg files to delete -# moved to detected_redhat - # use value only if present - name: 2 or more devices on the LAN - use bridging set_fact: @@ -197,8 +211,8 @@ with_items: - option: has_ifcfg_gw value: "{{ has_ifcfg_gw }}" - - option: prior_gateway_(device_gw2) - value: "{{ device_gw2 }}" + - option: prior_gateway_device + value: "{{ prior_gw_device }}" - option: dhcpcd_result value: "{{ dhcpcd_result }}" - option: network_manager_active @@ -227,3 +241,10 @@ value: "{{ iiab_lan_iface }}" - option: iiab_wan_iface value: "{{ iiab_wan_iface }}" + +# well if there ever was a point to tell the user things are FUBAR this is it. +# limit 2 network adapters wifi wired +- name: I'm not guessing declare gateway please + fail: # FORCE IT RED THIS ONCE! + msg: "Undetectable gateway or prior gateway for use with static network addressing from admin-console use local_vars to declare user_wan_iface" + when: adapter_count.stdout|int >=3 and gui_wan_iface == "unset" and gui_static_wan diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index b0df14178..60d28a9f4 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -79,23 +79,23 @@ #- debug: # var: nd_enabled -- name: Check if /etc/networkd-dispatcher/routable.d exists - stat: - path: /etc/networkd-dispatcher/routable.d - register: nd_dir +#- name: Check if /etc/networkd-dispatcher/routable.d exists +# stat: +# path: /etc/networkd-dispatcher/routable.d +# register: nd_dir #- debug: # var: nd_dir #- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and networkd-dispatcher is enabled, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04) -- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04) - template: - src: roles/network/templates/network/dnsmasq.sh.j2 - dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh - mode: 0755 - owner: root - group: root - when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") +#- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04) +# template: +# src: roles/network/templates/network/dnsmasq.sh.j2 +# dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh +# mode: 0755 +# owner: root +# group: root +# when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") diff --git a/roles/network/tasks/NM.yml b/roles/network/tasks/fedora/NM.yml similarity index 100% rename from roles/network/tasks/NM.yml rename to roles/network/tasks/fedora/NM.yml diff --git a/roles/network/tasks/fedora/create_ifcfg.yml.deprecated b/roles/network/tasks/fedora/create_ifcfg.yml.deprecated new file mode 100644 index 000000000..7c982dbd2 --- /dev/null +++ b/roles/network/tasks/fedora/create_ifcfg.yml.deprecated @@ -0,0 +1,17 @@ +- name: Stop 'Wired WAN connection' + shell: nmcli dev disconnect {{ discovered_wan_iface }} + ignore_errors: True + changed_when: False + when: discovered_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" + +# set user_wan_iface: for static +# use wan_* for static info +- name: Supply ifcfg-WAN file + template: src=network/ifcfg-WAN.j2 + dest=/etc/sysconfig/network-scripts/ifcfg-WAN + when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" + +- name: Now setting ifcfg-WAN True after creating file + set_fact: + has_WAN: True + when: iiab_wan_iface != "none" and has_ifcfg_gw == "none" diff --git a/roles/network/tasks/detected_redhat.yml b/roles/network/tasks/fedora/detected_redhat.yml similarity index 100% rename from roles/network/tasks/detected_redhat.yml rename to roles/network/tasks/fedora/detected_redhat.yml diff --git a/roles/network/tasks/edit_ifcfg.yml b/roles/network/tasks/fedora/edit_ifcfg.yml similarity index 100% rename from roles/network/tasks/edit_ifcfg.yml rename to roles/network/tasks/fedora/edit_ifcfg.yml diff --git a/roles/network/tasks/enable_wan.yml b/roles/network/tasks/fedora/enable_wan.yml similarity index 100% rename from roles/network/tasks/enable_wan.yml rename to roles/network/tasks/fedora/enable_wan.yml diff --git a/roles/network/tasks/fedora/hosts.yml.deprecated b/roles/network/tasks/fedora/hosts.yml.deprecated new file mode 100644 index 000000000..ce4a7467f --- /dev/null +++ b/roles/network/tasks/fedora/hosts.yml.deprecated @@ -0,0 +1,28 @@ +# this (hosts.yml) WAS invoked by roles/network/tasks/main.yml up until 2019-12-10 + +#TODO: Use vars instead of hardcoded values +- name: Remove FQDN with 172.18.96.1 in /etc/hosts without LAN (if iiab_lan_iface == "none" and not installing) + lineinfile: + path: /etc/hosts + regexp: '^172\.18\.96\.1' + state: absent + when: iiab_lan_iface == "none" and not installing + +- name: Configure FQDN with 172.18.96.1 in /etc/hosts with LAN (if iiab_lan_iface != "none" and not installing) + lineinfile: + path: /etc/hosts + regexp: '^172\.18\.96\.1' + line: '172.18.96.1 {{ iiab_hostname }}.{{ iiab_domain }} {{ iiab_hostname }} box box.lan' + state: present + when: not (iiab_lan_iface == "none") and not installing + +# roles/0-init/tasks/hostname.yml ALSO does this: +- name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)' + lineinfile: + path: /etc/hosts + regexp: '^127\.0\.0\.1' + line: '127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan' + owner: root + group: root + mode: 0644 + when: iiab_lan_iface == "none" and not installing diff --git a/roles/network/tasks/ifcfg_mods.yml b/roles/network/tasks/fedora/ifcfg_mods.yml similarity index 100% rename from roles/network/tasks/ifcfg_mods.yml rename to roles/network/tasks/fedora/ifcfg_mods.yml diff --git a/roles/network/tasks/redetect.yml b/roles/network/tasks/fedora/redetect.yml similarity index 100% rename from roles/network/tasks/redetect.yml rename to roles/network/tasks/fedora/redetect.yml diff --git a/roles/network/tasks/static.yml b/roles/network/tasks/fedora/static.yml similarity index 100% rename from roles/network/tasks/static.yml rename to roles/network/tasks/fedora/static.yml diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 386eafb92..8800edc95 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,7 +1,23 @@ -- name: Turn off hostapd when no wifi interface present or in "Appliance Mode" +- name: Unmask the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + masked: no + +- name: Disable hostapd when not using ap0 and wifi gateway present set_fact: hostapd_enabled: False - when: not iiab_wireless_lan_iface is defined or iiab_network_mode == "Appliance" + when: not wifi_up_down and discovered_wireless_iface == iiab_wan_iface + +- name: Detect current Wifi channel + shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 + register: current_host_channel + when: discovered_wireless_iface != "none" + +- name: Setting WiFi channel to {{ current_host_channel.stdout }} + set_fact: + host_channel: "{{ current_host_channel.stdout }}" + when: current_host_channel.stdout is defined and current_host_channel.stdout != "" and current_host_channel.stdout|int <= 13 - name: Create /etc/hostapd/hostapd.conf from template template: @@ -14,21 +30,38 @@ - name: Create backup /etc/hostapd/hostapd.conf.iiab from template template: - src: hostapd/iiab-hostapd.conf.j2 + src: hostapd/hostapd.conf.j2 dest: /etc/hostapd/hostapd.conf.iiab owner: root group: root mode: 0644 when: discovered_wireless_iface != "none" -- name: Use custom systemd unit file to start 'hostapd' service +- name: Generate new random mac address for ap0 + shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' + register: ap0_mac + +- name: Setting ap0 mac address for use in hostapd service file + set_fact: + ap0_mac_addr: "{{ ap0_mac.stdout }}" + +- name: Use custom 'hostapd' systemd service unit file using ap0 when wifi_up_down template: src: hostapd/hostapd.service.j2 dest: /etc/systemd/system/hostapd.service owner: root group: root mode: 0644 - when: discovered_wireless_iface != "none" + when: discovered_wireless_iface != "none" and wifi_up_down + +- name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down + template: + src: hostapd/hostapd.legacy.j2 + dest: /etc/systemd/system/hostapd.service + owner: root + group: root + mode: 0644 + when: discovered_wireless_iface != "none" and not wifi_up_down - name: Create /usr/bin/iiab-hotspot-on from template template: @@ -37,7 +70,6 @@ owner: root group: root mode: 0755 - when: is_raspbian | bool - name: Create /usr/bin/iiab-hotspot-off from template template: @@ -46,14 +78,60 @@ owner: root group: root mode: 0755 - when: is_raspbian | bool -- name: Disable the Access Point 'hostapd' service - systemd: - name: hostapd - enabled: no -# cheap workaround for when /etc/init.d is populated -# when: not hostapd_enabled +- name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True + template: + src: hostapd/50-hostapd + dest: /lib/dhcpcd/dhcpcd-hooks/50-hostapd + owner: root + group: root + mode: 0644 + when: is_raspbian and wifi_up_down + +- name: Remove dhcpcd hook for hostapd if WiFi is not split using ap0 + file: + path: /lib/dhcpcd/dhcpcd-hooks/50-hostapd + state: absent + when: is_raspbian and not wifi_up_down + +- name: Create networkd-dispatcher diagnosic hook for recording network events + template: + owner: root + group: root + mode: 0755 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/carrier.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/degraded.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/dormant.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } + when: systemd_networkd_active and discovered_wireless_iface != "none" + +- name: Create networkd-dispatcher hook for hostapd wifi_up_down True + template: + owner: root + group: root + mode: 0755 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } + when: systemd_networkd_active and discovered_wireless_iface != "none" and wifi_up_down + +- name: Remove networkd-dispatcher hook wifi_up_down False + file: + path: "{{ item.dest }}" + state: absent + with_items: + - { dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } + when: systemd_networkd_active and discovered_wireless_iface != "none" and not wifi_up_down - name: Enable the Access Point 'hostapd' service systemd: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index b2729314b..fe61a9c0f 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,13 +1,12 @@ - include_tasks: detected_network.yml - when: not installing # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml - name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY set_fact: - hostapd_enabled: False # used in (1) hostapd.yml, (2) rpi_debian.yml + - # (3) its dhcpcd.conf.j2, (4) restart.yml no_net_restart: True # used below in (1) sysd-netd-debian.yml, - # (2) debian.yml, (3) rpi_debian.yml - when: discovered_wireless_iface == iiab_wan_iface and not reboot_to_AP + # (2) debian.yml, (3) rpi_debian.yml, + # (4) NM-debian.yml + when: discovered_wireless_iface == iiab_wan_iface + # EITHER WAY: hostapd_enabled's state is RECORDED into {{ iiab_env_file }} # in hostapd.yml for later use by... # /usr/libexec/iiab-startup.sh, iiab-hotspot-off & iiab-hotspot-on @@ -25,9 +24,6 @@ # when: is_raspbian and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP - include_tasks: computed_network.yml - when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml - -- include_tasks: hostapd.yml #- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network # set_fact: @@ -35,13 +31,6 @@ # hostapd_enabled: False # when: is_raspbian and discovered_wireless_iface is defined and discovered_wired_iface != iiab_wan_iface -##### Start static ip address info for first run ##### -#- include_tasks: static.yml -# when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"' -##### End static ip address info - -#- include_tasks: hosts.yml - - name: Configure wondershaper include_tasks: wondershaper.yml when: wondershaper_install or wondershaper_installed is defined @@ -58,9 +47,15 @@ include_tasks: squid.yml when: squid_install and FQDN_changed and iiab_stage|int == 9 +#preprep for backends +- name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu and not is_ubuntu_16 + #### Start services - include_tasks: avahi.yml +- include_tasks: hostapd.yml - include_tasks: computed_services.yml - include_tasks: enable_services.yml @@ -73,12 +68,6 @@ when: is_redhat | bool #and not installing -- name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 - #when: is_ubuntu_18 | bool - #and not installing - - name: NetworkManager in use include_tasks: NM-debian.yml when: is_debuntu and network_manager_active @@ -89,7 +78,7 @@ when: is_debuntu and systemd_networkd_active #and not installing -- name: RPi's have dhcpcd in use +- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml when: is_raspbian #and not installing diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 69959b77f..0eb96166b 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,20 +1,14 @@ -- name: Figure out netplan file name - shell: ls /etc/netplan - register: netplan - - name: Disable cloud-init the easy way shell: touch /etc/cloud/cloud-init.disabled - when: ("item" == "50-cloud-init.yaml") + when: item|trim == "50-cloud-init.yaml" with_items: - "{{ netplan.stdout_lines }}" -- name: Remove stock netplan template - file: - state: absent - path: /etc/netplan/{{ item }} +- name: Moving 50-cloud-init.yaml to 02-iiab-config.yaml + shell: mv /etc/netplan/50-cloud-init.yaml /etc/netplan/02-iiab-config.yaml + when: netplan.stdout.find("yaml") != -1 and item|trim == "50-cloud-init.yaml" with_items: - "{{ netplan.stdout_lines }}" - when: netplan.stdout.find("yaml") != -1 - name: Cheap way to do systemd unmask file: @@ -29,25 +23,46 @@ - systemd-networkd-wait-online when: systemd_networkd_active | bool +- name: Unmask and enable the systemd-networkd service for br0 + systemd: + name: systemd-networkd + enabled: yes + masked: no + when: network_manager_active | bool and iiab_lan_iface == "br0" + +- name: Ensure systemd-networkd gets enabled for br0 + set_fact: + systemd_networkd_active: True + when: network_manager_active | bool and iiab_lan_iface == "br0" + # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and # overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars # is a oneway street to static. -- name: Static IP computing CIDR - shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}' - register: CIDR - when: wan_ip != "dhcp" +#- name: Static IP computing CIDR +# shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}' +# register: CIDR +# when: wan_ip != "dhcp" -- name: Static IP setting CIDR - set_fact: - wan_cidr: "{{ CIDR.stdout }}" - when: wan_ip != "dhcp" +#- name: Static IP setting CIDR +# set_fact: +# wan_cidr: "{{ CIDR.stdout }}" +# when: wan_ip != "dhcp" -- name: Supply netplan template - template: - dest: /etc/netplan/01-iiab-config.yaml - src: network/netplan.j2 - backup: no +- name: Remove stock netplan template + file: + state: absent + path: /etc/netplan/{{ item }} + when: netplan.stdout.find("yaml") != -1 and item|trim != "02-iiab-config.yaml" and wan_ip != "dhcp" + with_items: + - "{{ netplan.stdout_lines }}" + +#- name: Supply netplan template +# template: +# dest: /etc/netplan/01-iiab-config.yaml +# src: network/netplan.j2 +# backup: no +# when: iiab_wan_iface != discovered_wireless_iface and wan_ip != "dhcp" # should blow up here if we messed up the yml file #- name: Generate netplan config diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 6c6720d3c..6cecec5c4 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -2,7 +2,8 @@ systemd: name: hostapd state: restarted - when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" +# when: iiab_wireless_lan_iface is defined and hostapd_enabled and discovered_wireless_iface != iiab_wan_iface + when: hostapd_enabled and iiab_wireless_lan_iface is defined and discovered_wireless_iface == iiab_wireless_lan_iface - name: Start named service systemd: @@ -53,6 +54,11 @@ creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway when: iiab_network_mode == "Gateway" +#netplan de-configures pre-created bridged interfaces +#- name: Reload netplan when Wifi is not gateway on Ubuntu 18+ +# shell: netplan apply +# when: not no_net_restart and is_ubuntu and netplan.stdout.find("yaml") != -1 + - name: Waiting {{ hostapd_wait }} seconds for network to stabilize (dnsmasq will fail if br0 isn't in a 'up' state!) shell: sleep {{ hostapd_wait }} @@ -61,7 +67,7 @@ - name: Checking if WiFi slave is active shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l - when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_lan_iface == "br0" + when: hostapd_enabled and discovered_wireless_iface != iiab_wan_iface and iiab_lan_iface == "br0" register: wifi_slave - name: Restart hostapd if WiFi slave is inactive @@ -74,6 +80,6 @@ systemd: name: "{{ dhcp_service2 }}" state: restarted - when: not no_net_restart + when: not no_net_restart and discovered_wireless_iface == "none" #when: (iiab_network_mode != "Appliance") # Sufficient b/c br0 exists thanks to /etc/network/interfaces.d/iiab #when: iiab_network_mode != "Appliance" and iiab_wan_iface != discovered_wireless_iface diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 7bc70071b..a1a904cfa 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -11,11 +11,14 @@ src: network/systemd-br0-network.j2 when: iiab_lan_iface == "br0" -- name: Copy the bridge script - Assigns br0 wired slaves +# can be more than one wired interface +- name: Wired enslaving - Assigns lan_list_results to br0 as wired slaves if present template: - dest: /etc/systemd/network/IIAB-Slave.network src: network/systemd-br0-slave.j2 - when: iiab_wired_lan_iface is defined and iiab_lan_iface == "br0" + dest: /etc/systemd/network/IIAB-Slave-{{ item|trim }}.network + with_items: + - "{{ lan_list_result.stdout_lines }}" + when: iiab_wired_lan_iface is defined and num_lan_interfaces|int >= 1 and not network_manager_active - name: Remove static WAN template file: @@ -33,11 +36,12 @@ wan_cidr: "{{ CIDR.stdout }}" when: wan_ip != "dhcp" -- name: Supply static WAN template (ubuntu-16) +- name: Supply static WAN template when network_manager_active is False template: dest: /etc/systemd/network/IIAB-Static.network src: network/systemd-static-net.j2 - when: wan_ip != "dhcp" and is_ubuntu_16 + when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active ) + #when: wan_ip != "dhcp" and not is_ubuntu_18 - name: Stopping services @@ -50,6 +54,6 @@ - name: Restart the systemd-networkd service systemd: name: systemd-networkd - enabled: yes state: restarted - when: not nobridge is defined and not no_net_restart + #when: (netplan.stdout is undefined or netplan.stdout.find("yaml") == -1) and not no_net_restart + when: not no_net_restart diff --git a/roles/network/templates/hostapd/00-iiab-debug b/roles/network/templates/hostapd/00-iiab-debug new file mode 100644 index 000000000..d1d028d52 --- /dev/null +++ b/roles/network/templates/hostapd/00-iiab-debug @@ -0,0 +1,2 @@ +#!/bin/bash +echo "NET-DISP-$AdministrativeState $IFACE $STATE" diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd new file mode 100644 index 000000000..47a769639 --- /dev/null +++ b/roles/network/templates/hostapd/50-hostapd @@ -0,0 +1,20 @@ + +if [ "$interface" = "wlan0" ]; then + REASON="$reason" + if [ "$reason" = "CARRIER" ]; then + syslog info "50-iiab CARRIER change wlan0" + # wpa_supplicant wants MHz for frequency= while hostapd wants channel..... whatever + # FREQ=`iw wlan0 info|grep channel|cut -d' ' -f9` + FREQ=`iw wlan0 info|grep channel|cut -d' ' -f2` + syslog info "40-iiab set channel $FREQ" + sed -i -e "s/^channel.*/channel=$FREQ /" /etc/hostapd/hostapd.conf + # will need a reboot for hostapd if the channel changed + fi + # spams the logging + #syslog info "50-iiab set ap0 spam $REASON" + if [ -e /sys/class/net/ap0 ] && ! [ "$reason" = "ROUTERADVERT" ]; then + syslog info "50-iiab set ap0 up $REASON" + # keeps ap0 up so hostapd works + ip link set ap0 up + fi +fi diff --git a/roles/network/templates/hostapd/70-persistent-net.rules b/roles/network/templates/hostapd/70-persistent-net.rules new file mode 100644 index 000000000..3ced0ef8b --- /dev/null +++ b/roles/network/templates/hostapd/70-persistent-net.rules @@ -0,0 +1,3 @@ +SUBSYSTEM=="ieee80211", ACTION=="add|change", KERNEL=="phy0", \ + RUN+="/sbin/iw phy phy0 interface add ap0 type __ap", \ + RUN+="/sbin/ip link set ap0 address {{ ap0_mac_addr }}" diff --git a/roles/network/templates/hostapd/hostapd.conf.j2 b/roles/network/templates/hostapd/hostapd.conf.j2 index 9e38ace62..28c558e14 100644 --- a/roles/network/templates/hostapd/hostapd.conf.j2 +++ b/roles/network/templates/hostapd/hostapd.conf.j2 @@ -1,7 +1,6 @@ # Basic configuration -interface={% if iiab_wireless_lan_iface is defined %}{{ iiab_wireless_lan_iface }}{% endif %} - +interface={{ iiab_wireless_lan_iface }} ssid={{ host_ssid }} channel={{ host_channel }} diff --git a/roles/network/templates/hostapd/hostapd.legacy.j2 b/roles/network/templates/hostapd/hostapd.legacy.j2 new file mode 100644 index 000000000..4094b812a --- /dev/null +++ b/roles/network/templates/hostapd/hostapd.legacy.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +Before=network.target +Wants=network-pre.target + +[Service] +Type=idle +PIDFile=/run/hostapd.pid +ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid /etc/hostapd/hostapd.conf + +[Install] +WantedBy=multi-user.target diff --git a/roles/network/templates/hostapd/hostapd.service.j2 b/roles/network/templates/hostapd/hostapd.service.j2 index 4094b812a..a6ec1f79b 100644 --- a/roles/network/templates/hostapd/hostapd.service.j2 +++ b/roles/network/templates/hostapd/hostapd.service.j2 @@ -1,12 +1,30 @@ [Unit] Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -Before=network.target Wants=network-pre.target +After=network-pre.target +{% if is_raspbian %} +Before=dhcpcd.service +{% endif %} +Before=wpa_supplicant.service +Before=wpa_supplicant@{{ discovered_wireless_iface }}.service +{% if network_manager_active %} +Before=network-manager.service +{% endif %} +{% if is_ubuntu and netplan.stdout.find("yaml") != -1 %} +Before=netplan-wpa-{{ discovered_wireless_iface }}.service +{% endif %} +Before=network.target [Service] -Type=idle +Type=forking +Restart=on-failure +RestartSec=2 PIDFile=/run/hostapd.pid -ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid /etc/hostapd/hostapd.conf +ExecStartPre=-/sbin/iw phy phy0 interface add ap0 type __ap +ExecStartPre=-/sbin/ip link set ap0 address {{ ap0_mac_addr }} +ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf +ExecStartPost=-/sbin/ip link set ap0 up +ExecStopPost=-/sbin/iw dev ap0 del [Install] WantedBy=multi-user.target diff --git a/roles/network/templates/hostapd/iiab-hostapd.conf.j2 b/roles/network/templates/hostapd/iiab-hostapd.conf.j2 deleted file mode 100644 index 3cfffc69e..000000000 --- a/roles/network/templates/hostapd/iiab-hostapd.conf.j2 +++ /dev/null @@ -1,32 +0,0 @@ -# Basic configuration - -interface={{ discovered_wireless_iface }} - -ssid={{ host_ssid }} -channel={{ host_channel }} -{%if iiab_lan_iface == "br0" %} -bridge=br0 -{% endif %} - -# Hardware configuration -driver={{ driver_name }} -{%if host_wireless_n %} -ieee80211n=1 -{% endif %} -country_code={{ host_country_code }} -# limit emissions to what is legal in country -ieee80211d=1 -hw_mode={{ host_wifi_mode }} - -{%if hostapd_secure %} -# Use WPA authentication -auth_algs=1 -# Use WPA2 -wpa=2 -# Use a pre-shared key -wpa_key_mgmt=WPA-PSK -# The network passphrase -wpa_passphrase={{ hostapd_password }} -# Use AES, instead of TKIP -rsn_pairwise=CCMP -{% endif %} diff --git a/roles/network/templates/hostapd/netd-disp b/roles/network/templates/hostapd/netd-disp new file mode 100644 index 000000000..af9a7977b --- /dev/null +++ b/roles/network/templates/hostapd/netd-disp @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then + echo "NET-DISP-WiFi $IFACE $STATE" + /usr/sbin/ip link set ap0 up +fi + diff --git a/roles/network/templates/network/ap0-manage.conf b/roles/network/templates/network/ap0-manage.conf new file mode 100644 index 000000000..400832df1 --- /dev/null +++ b/roles/network/templates/network/ap0-manage.conf @@ -0,0 +1,3 @@ +# IIAB WiFi +[keyfile] +unmanaged-devices=interface-name:ap0 diff --git a/roles/network/templates/network/dhcpcd.conf.j2 b/roles/network/templates/network/dhcpcd.conf.j2 index f1265b10c..bc8f47ebd 100644 --- a/roles/network/templates/network/dhcpcd.conf.j2 +++ b/roles/network/templates/network/dhcpcd.conf.j2 @@ -38,21 +38,22 @@ require dhcp_server_identifier slaac private # IIAB +denyinterfaces {{ iiab_wireless_lan_iface }} +# Setting iiab_wired_lan_iface would install the device as a slave under +# br0 so we need to turn off the dhcp client in that network layout. +# Auto creation of the wired slave is suppressed in discovered_network.yml +# -> Set iiab_wired_lan_iface if present is conditional on is_raspbian +# Slave creation can be forced by populating local_vars.yml with +# 'iiab_wired_lan_iface: eth0' which populates /etc/network/interfaces.d/iiab +# with 'bridge_ports eth0' in place of 'bridge_ports none' # Always (try) to run DHCP client on RPi's Ethernet port, for in-field # "cablemodems" used by many non-technical operators, who want Zero-Hassle # Updates. This means AVOIDING "denyinterfaces eth0" below: -{% if is_raspbian and hostapd_enabled %} -denyinterfaces{% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }}{% endif %} -{% elif is_raspbian %} -#denyinterfaces{% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }}{% endif %} -{% else %} -denyinterfaces{% if iiab_wireless_lan_iface is defined %} {{ iiab_wireless_lan_iface }}{% endif %}{% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }}{% endif %} +{% if iiab_wired_lan_iface is defined %} +denyinterfaces {{ iiab_wired_lan_iface }} {% endif %} -# FYI this 'denyinterfaces' line (here in /etc/dhcpcd.conf) is commented out by -# /usr/bin/iiab-hotspot-off, and uncommented by /usr/bin/iiab-hotspot-on - {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %} interface {{ iiab_lan_iface }} static ip_address={{ lan_ip }}/19 diff --git a/roles/network/templates/network/dnsmasq.sh.j2 b/roles/network/templates/network/dnsmasq.sh.j2 index 31700113e..1969f8da5 100755 --- a/roles/network/templates/network/dnsmasq.sh.j2 +++ b/roles/network/templates/network/dnsmasq.sh.j2 @@ -1,5 +1,7 @@ #!/bin/bash if [ "$IFACE" == "{{ iiab_lan_iface }}" ]; then - /bin/systemctl restart dnsmasq.service + echo "Restarting dnsmasq in 5 seconds" + /bin/sleep 5 && /bin/systemctl --no-block restart dnsmasq.service + echo "Restarting dnsmasq" fi diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index 2341c6f5b..7cc396dac 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -1,4 +1,6 @@ #!/bin/bash +{% if is_raspbian %} +# hotspot-off before ap0_updown sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf systemctl disable hostapd systemctl stop hostapd @@ -7,13 +9,24 @@ systemctl stop hostapd systemctl daemon-reload systemctl restart dhcpcd #systemctl restart networking 6/15/2019 TFM removed - +sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} # Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease" # Set wlan0 to promiscuous when AP's OFF (for possible WiFi gateway) # SEE ALSO iiab-hotspot-on + /usr/libexec/iiab-startup.sh # https://github.com/iiab/iiab/issues/638#issuecomment-355455454 -if grep -qi raspbian /etc/*release; then - ip link set dev wlan0 promisc on -fi - +#if grep -qi raspbian /etc/*release; then +# ip link set dev wlan0 promisc on +#fi +{% else %} +systemctl disable hostapd +systemctl stop hostapd sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} +echo " IIAB hotspot access point Disabled" +{% if wifi_up_down %} +exit 0 +{% else %} +sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf +echo -e "\nPlease reboot to enable upstream WiFi access.\n" +exit 0 +{% endif %} +{% endif %} diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/network/iiab-hotspot-on index 9b57c579a..03c038197 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/network/iiab-hotspot-on @@ -1,24 +1,36 @@ #!/bin/bash + +{% if is_raspbian %} +# just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf # shut down wlan0 in case connected to network ip link set wlan0 down systemctl enable hostapd -#systemctl enable dnsmasq +#systemctl daemon-reload systemctl daemon-reload systemctl restart dhcpcd -#systemctl restart networking 6/15/2019 TFM removed systemctl start hostapd systemctl start dnsmasq +sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} # Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease" # Disable "promiscuous" on wlan0 when AP (i.e. no WiFi gateway) # SEE ALSO iiab-hotspot-off + /usr/libexec/iiab-startup.sh # https://github.com/iiab/iiab/issues/638#issuecomment-355455454 -if grep -qi raspbian /etc/*release; then - ip link set dev wlan0 promisc off -fi +#if grep -qi raspbian /etc/*release; then +# ip link set dev wlan0 promisc off +#fi +{% else %} +systemctl enable hostapd sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} - -echo -e "\nPlease consider rebooting now.\n" +{% if wifi_up_down %} +echo -e "\nPlease reboot to activate hostapd feature.\n" +exit 0 +{% else %} +sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf +echo -e "\nPlease reboot to activate hostapd feature.\n" +exit 0 +{% endif %} +{% endif %} diff --git a/roles/network/templates/network/manage.conf.j2 b/roles/network/templates/network/manage.conf.j2 new file mode 100644 index 000000000..ddd857e52 --- /dev/null +++ b/roles/network/templates/network/manage.conf.j2 @@ -0,0 +1,4 @@ +# IIAB WiFi +[device] +match-device=interface-name:{{ discovered_wireless_iface }} +managed=1 diff --git a/roles/network/templates/network/rpi.j2 b/roles/network/templates/network/rpi.j2 index 9e3c1b69b..a2860fb95 100644 --- a/roles/network/templates/network/rpi.j2 +++ b/roles/network/templates/network/rpi.j2 @@ -3,6 +3,8 @@ # gui_desired_network_role is {{ gui_desired_network_role }} {% endif %} {% if iiab_network_mode != "Appliance" %} +# auto wired slave creation is suppressed in detected_network.yml +# 'none' would become the name of the wired slave device. ################# LANCONTROLLER ################### auto br0 iface br0 inet manual diff --git a/roles/network/templates/network/systemd-br0-network.j2 b/roles/network/templates/network/systemd-br0-network.j2 index b3eb787cc..21dd6e1d2 100644 --- a/roles/network/templates/network/systemd-br0-network.j2 +++ b/roles/network/templates/network/systemd-br0-network.j2 @@ -5,6 +5,7 @@ Name=br0 [Network] Address={{ lan_ip }}/19 LinkLocalAddressing=no +ConfigureWithoutCarrier=yes # Commenting the below line as it has been causing race/looping issues between dnsmasq and systemd-resolved # IIAB ticket #1747 #DNS={{ lan_ip }} diff --git a/roles/network/templates/network/systemd-br0-slave.j2 b/roles/network/templates/network/systemd-br0-slave.j2 index 8a31fef2e..15fb5b16e 100644 --- a/roles/network/templates/network/systemd-br0-slave.j2 +++ b/roles/network/templates/network/systemd-br0-slave.j2 @@ -1,5 +1,9 @@ -# /etc/systemd/network/IIAB-Slave.network +# /etc/systemd/network/IIAB-Slave-{{ iiab_wired_lan_iface }}.network [Match] Name={{ iiab_wired_lan_iface }} + +[Link] +RequiredForOnline=no + [Network] Bridge=br0 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 90fbf7ca8..953e7d51c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -98,9 +98,8 @@ hostapd_enabled: True # Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is # being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes # and content is downloaded, to enable the internal WiFi Access Point / AP!) -reboot_to_AP: False -# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above -# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless. +wifi_up_down: True # Creates a second virtual wifi adapter for WiFi upstream to internet + # as well as classroom hotspot, use iiab_gateway_enabled for pass through # Gateway mode iiab_lan_enabled: True diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 24ef93c34..e69e4c303 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -46,6 +46,8 @@ host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme +wifi_up_down: True # Creates a second virtual wifi adapter for WiFi upstream to internet + # as well as classroom hotspot, use iiab_gateway_enabled for pass through # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO wan_ip: dhcp # wan_ip: 192.168.1.99 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index b8f66307b..d2a33a1a6 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -46,6 +46,8 @@ host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme +wifi_up_down: True # Creates a second virtual wifi adapter for WiFi upstream to internet + # as well as classroom hotspot, use iiab_gateway_enabled for pass through # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO wan_ip: dhcp # wan_ip: 192.168.1.99 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 8918cd634..eb8cb8ca3 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -46,6 +46,8 @@ host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme +wifi_up_down: True # Creates a second virtual wifi adapter for WiFi upstream to internet + # as well as classroom hotspot, use iiab_gateway_enabled for pass through # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO wan_ip: dhcp # wan_ip: 192.168.1.99