1-prep -> 2-common: Consolidate/Clarify packages.yml + network.yml

2025-02-12 19:22:24 +00:00 · 2022-03-16 14:35:58 -04:00 · 2022-03-16 14:35:58 -04:00 · db1531eef5
commit db1531eef5
parent afb9c0e875
7 changed files with 81 additions and 92 deletions
--- a/roles/1-prep/README.adoc
+++ b/roles/1-prep/README.adoc
@ -14,16 +14,18 @@ username and group, to log into Admin Console
 * Ubermix (distro) needs /etc/tmpfiles.d/iiab.conf to create essential
 /var/log subdirs on each boot
 * *_Hardware actions:_*
-  ** Install packages parted and cloud-guest-utils (for growpart)
-  ** Install link:templates/iiab-expand-rootfs[iiab-expand-rootfs] that acts on flag `/.expand-rootfs` at boot
+  ** link:tasks/install-expand-rootfs.yml[*_install-expand-rootfs.yml_*]:
+    *** Install packages parted and cloud-guest-utils (for growpart)
+    *** Install link:templates/iiab-expand-rootfs[/usr/sbin/iiab-expand-rootfs] that acts on flag flag `/.expand-rootfs`
+    *** Enable iiab-expand-rootfs.service so this can happen during any future boot-up
  ** link:tasks/raspberry_pi.yml[*_raspberry_pi.yml_*]:
    *** RTC (real-time clock): install udev rule, configure, enable
    *** *_Install packages:_*
      **** dphys-swapfile (for swapfile)
      **** fake-hwclock (as RTC is often missing or dead!)
-      **** iw, rfkill, wireless-tools (for internal Wi-Fi)
    *** Increase swap file size (to `pi_swap_file_size`)
  ** NUC 6 Wi-Fi firmware
+  ** Check for WiFi devices (if so, set `has_wifi_device`)

 Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and
 5-xo-services — this 1st stage installs core server infra (that is not
--- a/roles/1-prep/tasks/hardware.yml
+++ b/roles/1-prep/tasks/hardware.yml
@ -3,8 +3,6 @@

 # Conditional hardware actions below:

- include_tasks: internal-wifi.yml
-
 - include_tasks: raspberry_pi.yml
  when: first_run and rpi_model != "none"

@ -20,3 +18,19 @@
    dest: /lib/firmware
    timeout: "{{ download_timeout }}"
  when: usb_NUC6.stdout|int > 0
+
+
+- name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5"
+  shell: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5
+  register: wifi_devices
+  ignore_errors: True
+  changed_when: False
+
+- name: "Set has_wifi_device: True, if output (from above) shows device(s) here: {{ wifi_devices.stdout_lines }}"
+  set_fact:
+    has_wifi_device: True
+  when: wifi_devices is defined and wifi_devices.stdout_lines | length > 0
+  # when: wifi_devices is defined and wifi_devices.stdout | trim != ""
+
+- debug:
+    var: has_wifi_device
--- a/roles/1-prep/tasks/internal-wifi.yml
+++ b/roles/1-prep/tasks/internal-wifi.yml
@ -1,32 +0,0 @@
- name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5"
-  shell: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5
-  register: wifi_devices
-  ignore_errors: True
-  changed_when: False
-
- name: "Set internal_wifi: True, if output (from above) shows device(s) here: {{ wifi_devices.stdout_lines }}"
-  set_fact:
-    internal_wifi: True
-  when: wifi_devices is defined and wifi_devices.stdout_lines | length > 0
-  # when: wifi_devices is defined and wifi_devices.stdout | trim != ""
-
-# 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools)
-# are provided by RasPiOS.  Ubuntu|Debian on the other hand are hit or miss:
-# desktops might have some/all 3 preinstalled, while servers tend not to have
-# these present at all, but are needed to be installed if you want to take full
-# advantage of WiFi on Ubuntu and friends.
-
- name: Install packages {iw, rfkill, wireless-tools} if internal_wifi ({{ internal_wifi }}) is defined
-  package:
-    name:
-      - iw                # 2021-07-27: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2
-      - rfkill            # 2021-07-27: RasPiOS installs this regardless -- enable & disable wireless devices
-      - wireless-tools    # 2021-07-27: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions
-    state: present
-  when: internal_wifi is defined
-
- name: '2021-07-27: SEE ALSO ~4 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml'
-  meta: noop
-
- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml'
-  meta: noop
--- a/roles/1-prep/tasks/main.yml
+++ b/roles/1-prep/tasks/main.yml
@ -30,8 +30,8 @@
 - include_tasks: uuid.yml
 - include_tasks: ubermix.yml

-# Runs install-expand-rootfs.yml, internal-wifi.yml & if nec: raspberry_pi.yml
- include_tasks: hardware.yml
+- name: install-expand-rootfs.yml, raspberry_pi.yml, NUC6 WiFi firmware, check for WiFi devices
+  include_tasks: hardware.yml


 # Debian 10 "Buster" is apparently enabling AppArmor in 2019:
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@ -8,7 +8,7 @@

 - include_tasks: packages.yml

- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/internal-wifi.yml"
+- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall)
  include_tasks: network.yml

 - include_tasks: iiab-startup.yml
--- a/roles/2-common/tasks/network.yml
+++ b/roles/2-common/tasks/network.yml
@ -1,22 +1,37 @@
- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/internal-wifi.yml'
-  meta: noop
-
- name: '2021-07-27: SEE ALSO ~4 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml'
-  meta: noop
+# 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop.

 - name: Install package networkd-dispatcher (OS's other than RaspiOS)
  package:
-    name: networkd-dispatcher    # Dispatcher service for systemd-networkd connection status changes
+    name: networkd-dispatcher    # 15kB download: Dispatcher service for systemd-networkd connection status changes
    state: present
  when: not is_raspbian

- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask -- later used by https://github.com/iiab/iiab/tree/master/roles/network'
+# 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools)
+# are provided by RasPiOS.  Ubuntu|Debian on the other hand are hit or miss:
+# desktops might have some/all 3 preinstalled, while servers tend not to have
+# these present at all, but need to be installed if you want to take full
+# advantage of WiFi on Ubuntu and friends.
+#
+# 2022-03-16 update: Let's make these 3 mandatory as they're only 300kB (grand
+# total download size) and they can help IIAB field operators with BOTH
+# (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later.
+
+- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network'
  package:
    name:
-      - hostapd                # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired
-      - iproute2               # 2021-07-27: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools
-      - iptables-persistent    # Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it!
-      - netmask                # Handy utility -- helps determine network masks
+      - avahi-daemon           #   97kB download: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml
+      #- avahi-discover        #   46kB download: 2021-07-27: Commented out long ago
+      - hostapd                #  764kB download: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired
+      #- inetutils-syslogd     #  240kB download: 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros
+      - iproute2               #  902kB download: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools
+      - iptables-persistent    #   12kB download: Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it!
+      - iw                     #   97kB download: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2
+      - libnss-mdns            #   27kB download: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi
+      - netmask                #   25kB download: Handy utility -- helps determine network masks
+      - net-tools              #  248kB download: RaspiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
+      - rfkill                 #   87kB download: RasPiOS installs this regardless -- enable & disable wireless devices
+      - wireless-tools         #  112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions
+      - wpasupplicant          # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP
    state: present

 # 2021-08-17: Debian ignores this, according to 2013 post:
@ -27,6 +42,7 @@
 #     dest: /etc/network/if-pre-up.d/iptables
 #     mode: '0755'

+
 # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
 - name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)"
  sysctl:    # Places these settings in /etc/sysctl.conf, to survive reboot
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@ -1,47 +1,36 @@
- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/internal-wifi.yml'
-  meta: noop
+# 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop.

- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml'
-  meta: noop
-
- name: "Install 20 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget, wpasupplicant"
+- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, mlocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
  package:
    name:
-      - acpid              # Daemon for ACPI (power mgmt) events
-      - avahi-daemon       # 2021-07-27: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml
-      #- avahi-discover    # 2021-07-27: Commented out long ago
-      - bzip2              # 2021-04-26: Prob not used, but can't hurt?
-      - curl               # Used to install roles/nodejs and roles/nodered
-      #- etckeeper         # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
-      #- exfat-fuse        # 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out
-      #- exfat-utils       # Ditto!  See also 'ntfs-3g' below
-      - gawk
-      - htop
-      - i2c-tools          # Low-level bus/chip/register/EEPROM tools e.g. for RTC
-      #- inetutils-syslogd # 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros
-      #- iproute2          # Installed by roles/2-common/tasks/network.yml
-      - logrotate
-      - libnss-mdns        # 2021-07-27: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi
-      #- lynx              # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
-      #- make              # 2021-07-27: Currently used by roles/pbx and no other roles
-      - mlocate
-      - net-tools          # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
-      #- ntfs-3g           # 2021-07-31: RaspiOS installs this regardless -- but this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
-      #- openssh-server    # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml
-      - pandoc             # For /usr/bin/iiab-refresh-wiki-docs
-      - pastebinit         # For /usr/bin/iiab-diagnostics
-      #- python3-pip       # 2021-07-29: Already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc
-      #- python3-venv      # 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves.  FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 do not.
-      - rsync
-      #- screen            # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
-      - sqlite3
-      #- sudo              # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
-      - tar
-      - unzip
-      #- usbmount          # Moved to roles/usb_lib/tasks/install.yml
-      - usbutils           # 2021-07-27: RaspiOS installs this regardless -- move to roles/usb_lib/tasks/install.yml ?
-      - wget
-      - wpasupplicant      # 2021-07-27: RaspiOS installs this regardless -- client library for connections to a WiFi AP
+      - acpid              #   55kB download: Daemon for ACPI (power mgmt) events
+      - bzip2              #   47kB download: RasPiOS installs this regardless -- 2021-04-26: Prob not used, but can't hurt?
+      - curl               #  254kB download: RasPiOS installs this regardless -- Used to install roles/nodejs and roles/nodered
+      #- etckeeper         #   54kB download: "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
+      #- exfat-fuse        #   28kB download: 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out
+      #- exfat-utils       #   41kB download: Ditto!  See also 'ntfs-3g' below
+      - gawk               #  533kB download
+      - htop               #  109kB download: RasPiOS installs this regardless
+      - i2c-tools          #   78kB download: RasPiOS installs this regardless -- Low-level bus/chip/register/EEPROM tools e.g. for RTC
+      - logrotate          #   67kB download: RasPiOS installs this regardless
+      #- lynx              #  505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
+      #- make              #  376kB download: 2021-07-27: Currently used by roles/pbx and no other roles
+      - mlocate            #   92kB download
+      #- ntfs-3g           #  379kB download: RaspiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
+      #- openssh-server    #  318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's
+      - pandoc             #   19kB download: For /usr/bin/iiab-refresh-wiki-docs
+      - pastebinit         #   47kB download: For /usr/bin/iiab-diagnostics
+      #- python3-pip       #  337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc
+      #- python3-venv      # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves.  FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 did not.
+      - rsync              #  351kB download: RasPiOS installs this regardless
+      #- screen            #  551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
+      - sqlite3            # 1054kB download
+      #- sudo              #  991kB download: RasPiOS installs this regardless -- (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
+      - tar                #  799kB download: RasPiOS installs this regardless
+      - unzip              #  151kB download: RasPiOS installs this regardless
+      #- usbmount          #   18kB download: Moved to roles/usb_lib/tasks/install.yml
+      - usbutils           #   67kB download: RasPiOS installs this regardless -- 2021-07-27: move to roles/usb_lib/tasks/install.yml ?
+      - wget               #  922kB download: RasPiOS installs this regardless
    state: present

 #- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)"