mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
merge iiab-install
This commit is contained in:
Jerry Vonau
commit
dc25d97f80
46 changed files with 484 additions and 314 deletions
|
|
@ -7,7 +7,7 @@
|
|||
- download
|
||||
|
||||
- name: Copy DansGuardian config file
|
||||
template: src=squid/dansguardian.conf.j2
|
||||
template: src=roles/network/templates/squid/dansguardian.conf.j2
|
||||
dest=/etc/dansguardian/dansguardian.conf
|
||||
owner=dansguardian
|
||||
group=dansguardian
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
when: ansible_distribution == "Fedora"
|
||||
|
||||
- name: Copy DansGuardian config file
|
||||
template: src=squid/dansguardian.conf.debian.j2
|
||||
template: src=roles/network/templates/squid/dansguardian.conf.debian.j2
|
||||
dest=/etc/dansguardian/dansguardian.conf
|
||||
owner=dansguardian
|
||||
group=dansguardian
|
||||
|
|
@ -23,7 +23,7 @@
|
|||
when: is_debuntu
|
||||
|
||||
- name: Copy DansGuardian config file for CentOS
|
||||
template: src=squid/dansguardian.conf.centos.j2
|
||||
template: src=roles/network/templates/squid/dansguardian.conf.centos.j2
|
||||
dest=/etc/dansguardian/dansguardian.conf
|
||||
owner=dansguardian
|
||||
group=vscan
|
||||
|
|
|
|||
|
|
@ -1,33 +1,22 @@
|
|||
- name: Checking iiab_domain_name
|
||||
shell: "cat /etc/sysconfig/iiab_domain_name"
|
||||
register: prior_domain
|
||||
when: not first_run
|
||||
|
||||
# above always registers
|
||||
- name: Checking for prior domain name
|
||||
set_fact:
|
||||
iiab_domain: "{{ prior_domain.stdout }}"
|
||||
when: not first_run and prior_domain.stdout != "lan" and prior_domain.stdout != ""
|
||||
|
||||
- name: iiab_wan_device
|
||||
shell: "cat /etc/sysconfig/iiab_wan_device"
|
||||
shell: grep IIAB_WAN_DEVICE /etc/iiab/iiab.env | awk -F "=" '{print $2}'
|
||||
when: iiab_stage|int > 4
|
||||
register: prior_gw
|
||||
when: not first_run
|
||||
|
||||
- name: Checking for old device gateway interface for device test
|
||||
set_fact:
|
||||
device_gw: "{{ prior_gw.stdout }}"
|
||||
device_gw2: "{{ prior_gw.stdout }}"
|
||||
when: not first_run and prior_gw is defined and prior_gw.stdout != ""
|
||||
device_gw: "{{ prior_gw.stdout }}"
|
||||
device_gw2: "{{ prior_gw.stdout }}"
|
||||
when: iiab_stage|int > 4 and prior_gw is defined and prior_gw.stdout != ""
|
||||
|
||||
- name: Setting WAN if detected
|
||||
set_fact:
|
||||
iiab_wan_iface: "{{ discovered_wan_iface }}"
|
||||
device_gw: "{{ discovered_wan_iface }}"
|
||||
when: discovered_wan_iface != "none"
|
||||
iiab_wan_iface: "{{ discovered_wan_iface }}"
|
||||
device_gw: "{{ discovered_wan_iface }}"
|
||||
when: ansible_default_ipv4.gateway is defined
|
||||
|
||||
- name: RedHat network detection
|
||||
include: detected_redhat.yml
|
||||
include_tasks: detected_redhat.yml
|
||||
when: is_redhat
|
||||
|
||||
- name: check to see if dhcpcd is installed and active - Can Fail
|
||||
|
|
|
|||
|
|
@ -24,8 +24,7 @@
|
|||
group=root
|
||||
mode={{ item.mode }}
|
||||
with_items:
|
||||
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
|
||||
- { src: 'dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
|
||||
- { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
|
||||
|
||||
- name: Create dhcpd needed files
|
||||
command: touch /var/lib/dhcpd/dhcpd.leases
|
||||
|
|
|
|||
|
|
@ -23,7 +23,8 @@
|
|||
mode={{ item.mode }}
|
||||
with_items:
|
||||
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
|
||||
when: dhcpd_enabled and dhcpd_install
|
||||
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
|
||||
when: dhcpd_enabled
|
||||
|
||||
- name: Copy named file
|
||||
template: src={{ item.src }}
|
||||
|
|
@ -70,8 +71,10 @@
|
|||
when: not dansguardian_enabled and dansguardian_install
|
||||
|
||||
- name: Create xs_httpcache flag
|
||||
shell: echo 1 > /etc/sysconfig/xs_httpcache_on
|
||||
creates=/etc/sysconfig/xs_httpcache_on
|
||||
lineinfile: dest=/etc/iiab/iiab.env
|
||||
regexp='^HTTPCACHE_ON=*'
|
||||
line='HTTPCACHE_ON=True'
|
||||
state=present
|
||||
when: squid_enabled and squid_install
|
||||
|
||||
- name: Enable Squid service
|
||||
|
|
@ -105,8 +108,10 @@
|
|||
when: not squid_enabled and squid_install
|
||||
|
||||
- name: Remove xs_httpcache flag
|
||||
file: path=/etc/sysconfig/xs_httpcache_on
|
||||
state=absent
|
||||
lineinfile: dest=/etc/iiab/iiab.env
|
||||
regexp='^HTTPCACHE_ON=*'
|
||||
line='HTTPCACHE_ON=False'
|
||||
state=present
|
||||
when: not squid_enabled
|
||||
|
||||
- name: Enable Wondershaper service
|
||||
|
|
|
|||
|
|
@ -43,17 +43,17 @@
|
|||
when: (num_lan_interfaces != "0" or iiab_wireless_lan_iface != "none")
|
||||
|
||||
## vars/ users should set user_wan_iface to avoid messy redetect
|
||||
- include: redetect.yml
|
||||
- include_tasks: redetect.yml
|
||||
when: discovered_wan_iface == "none" and user_wan_iface == "auto"
|
||||
|
||||
# move gateway if not WAN
|
||||
# might have wifi info if wireless is used as uplink.
|
||||
- include: edit_ifcfg.yml
|
||||
- include_tasks: edit_ifcfg.yml
|
||||
when: has_wifi_gw == "none" and has_ifcfg_gw != "none" and has_ifcfg_gw != "/etc/sysconfig/network-scripts/ifcfg-WAN"
|
||||
|
||||
# create ifcfg-WAN if missing
|
||||
# if we get here we have gateway but no ifcfg file
|
||||
- include: create_ifcfg.yml
|
||||
- include_tasks: create_ifcfg.yml
|
||||
when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode
|
||||
|
||||
- name: Configuring LAN interface as iiab_lan_iface
|
||||
|
|
@ -76,7 +76,7 @@
|
|||
tags:
|
||||
- network
|
||||
|
||||
- include: enable_wan.yml
|
||||
- include_tasks: enable_wan.yml
|
||||
when: not installing and not iiab_demo_mode
|
||||
|
||||
- name: ask systemd to reread the unit files, picks up changes done
|
||||
|
|
|
|||
|
|
@ -1,131 +1,83 @@
|
|||
- include: detected_network.yml
|
||||
- include_tasks: detected_network.yml
|
||||
when: not installing
|
||||
tags:
|
||||
- network
|
||||
- network-discover
|
||||
|
||||
- include: computed_network.yml
|
||||
- include_tasks: computed_network.yml
|
||||
when: not installing
|
||||
tags:
|
||||
- network
|
||||
- network-discover
|
||||
|
||||
- name: Set hostname
|
||||
template: dest=/etc/hostname
|
||||
src=network/hostname.j2
|
||||
owner=root
|
||||
mode=0644
|
||||
when: is_debuntu
|
||||
register: hostname_change
|
||||
tags:
|
||||
- network
|
||||
- domain
|
||||
|
||||
- name: Configure /etc/sysconfig/network
|
||||
template: src=network/sysconfig.network.j2
|
||||
dest=/etc/sysconfig/network
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
when: is_redhat
|
||||
register: hostname_change
|
||||
tags:
|
||||
- network
|
||||
- domain
|
||||
|
||||
- name: Create iiab_domain_name flag
|
||||
template: src=network/{{ item }}.j2
|
||||
dest=/etc/sysconfig/{{ item }}
|
||||
mode=0644
|
||||
with_items:
|
||||
- iiab_domain_name
|
||||
tags:
|
||||
- network
|
||||
- domain
|
||||
|
||||
##### Start static ip address info for first run #####
|
||||
#- include: static.yml
|
||||
#- include_tasks: static.yml
|
||||
# when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"'
|
||||
##### End static ip address info
|
||||
|
||||
- include: hosts.yml
|
||||
- include_tasks: hosts.yml
|
||||
tags:
|
||||
- network
|
||||
- hostname
|
||||
- domain
|
||||
|
||||
##### end hostname setup
|
||||
##### start install portion
|
||||
# only needs to be done once
|
||||
- include: installing.yml
|
||||
tags:
|
||||
- network
|
||||
- named
|
||||
- dhcpd
|
||||
- dnsmasq
|
||||
- squid
|
||||
- domain
|
||||
# when: hostname_change.changed or installing
|
||||
|
||||
|
||||
- include: avahi.yml
|
||||
- include_tasks: iptables.yml
|
||||
tags:
|
||||
- network
|
||||
|
||||
#### end install portion
|
||||
#### start network layout
|
||||
# setting installing would skip configuring network
|
||||
# but would configure but not start services
|
||||
#- include: computed_network.yml
|
||||
# when: not installing
|
||||
# tags:
|
||||
# - network
|
||||
# - network-discover
|
||||
|
||||
- include: computed_services.yml
|
||||
tags:
|
||||
- network
|
||||
- named
|
||||
- dhcpd
|
||||
- dnsmasq
|
||||
- squid
|
||||
|
||||
# templates needed from above install section live here
|
||||
- include: enable_services.yml
|
||||
tags:
|
||||
- network
|
||||
- named
|
||||
- dhcpd
|
||||
- dnsmasq
|
||||
- squid
|
||||
|
||||
- include: hostapd.yml
|
||||
- include_tasks: avahi.yml
|
||||
tags:
|
||||
- network
|
||||
|
||||
- include: ifcfg_mods.yml
|
||||
when: not is_debuntu and not installing
|
||||
- include_tasks: hostapd.yml
|
||||
tags:
|
||||
- network
|
||||
- AP
|
||||
|
||||
|
||||
- include_tasks: ifcfg_mods.yml
|
||||
tags:
|
||||
- network
|
||||
|
||||
- include: debian.yml
|
||||
when: is_debuntu and not installing
|
||||
- include_tasks: debian.yml
|
||||
tags:
|
||||
- network
|
||||
when: is_debuntu and not is_rpi and not installing
|
||||
|
||||
- name: Create IIAB network flags
|
||||
template: src=network/{{ item }}.j2
|
||||
dest=/etc/sysconfig/{{ item }}
|
||||
mode=0644
|
||||
with_items:
|
||||
- iiab_wan_device
|
||||
- iiab_lan_device
|
||||
- include_tasks: rpi_debian.yml
|
||||
tags:
|
||||
- network
|
||||
when: is_debuntu and is_rpi and not installing
|
||||
|
||||
- name: Record iiab_wan_device
|
||||
lineinfile: dest=/etc/iiab/iiab.env
|
||||
regexp='^IIAB_WAN_DEVICE=*'
|
||||
line='IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
|
||||
state=present
|
||||
when: not installing
|
||||
tags:
|
||||
- network
|
||||
|
||||
- name: Record iiab_lan_device
|
||||
lineinfile: dest=/etc/iiab/iiab.env
|
||||
regexp='^IIAB_LAN_DEVICE=*'
|
||||
line='IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
|
||||
state=present
|
||||
when: not installing
|
||||
tags:
|
||||
- network
|
||||
|
||||
#### end network layout
|
||||
#### start services
|
||||
- include_tasks: computed_services.yml
|
||||
tags:
|
||||
- network
|
||||
|
||||
- include: restart.yml
|
||||
- include_tasks: enable_services.yml
|
||||
tags:
|
||||
- network
|
||||
|
||||
- include_tasks: restart.yml
|
||||
when: not installing
|
||||
tags:
|
||||
- network
|
||||
|
|
|
|||
|
|
@ -41,37 +41,37 @@
|
|||
group=root
|
||||
mode={{ item.mode }}
|
||||
with_items:
|
||||
- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
|
||||
- { src: 'named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
|
||||
- { src: 'named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
|
||||
- { src: 'named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
|
||||
- { src: 'named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
|
||||
- { src: 'named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
|
||||
- { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
|
||||
- { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
|
||||
- { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
|
||||
- { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
|
||||
- { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
|
||||
- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
|
||||
- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
|
||||
- { src: 'named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
|
||||
|
||||
- name: Substitute our unit file which uses $OPTIONS from sysconfig
|
||||
template: src=named/{{ dns_service }}.service
|
||||
template: src=roles/network/templates/named/{{ dns_service }}.service
|
||||
dest=/etc/systemd/system/{{ dns_service }}.service
|
||||
mode=0644
|
||||
|
||||
- name: The dns-jail redirect requires the named.blackhole,disabling recursion
|
||||
# in named-iiab.conf, and the redirection of 404 error documents to /
|
||||
template: src=named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
|
||||
template: src=roles/network/templates/named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
|
||||
when: dns_jail_enabled
|
||||
|
||||
- name: Separate enabling required for Debian
|
||||
|
|
|
|||
|
|
@ -19,32 +19,32 @@
|
|||
group={{ item.group }}
|
||||
mode={{ item.mode }}
|
||||
with_items:
|
||||
- src: 'squid/squid.sysconfig'
|
||||
- src: 'roles/network/templates/squid/squid.sysconfig'
|
||||
dest: '/etc/sysconfig/squid'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
mode: '0755'
|
||||
- src: 'squid/sites.whitelist.txt'
|
||||
- src: 'roles/network/templates/squid/sites.whitelist.txt'
|
||||
dest: '/etc/{{ proxy }}/sites.whitelist.txt'
|
||||
owner: '{{ proxy_user }}'
|
||||
group: '{{ proxy_user }}'
|
||||
mode: '0644'
|
||||
- src: 'squid/allowregex.rules'
|
||||
- src: 'roles/network/templates/squid/allowregex.rules'
|
||||
dest: '/etc/{{ proxy }}/allowregex.rules'
|
||||
owner: '{{ proxy_user }}'
|
||||
group: '{{ proxy_user }}'
|
||||
mode: '0644'
|
||||
- src: 'squid/denyregex.rules'
|
||||
- src: 'roles/network/templates/squid/denyregex.rules'
|
||||
dest: '/etc/{{ proxy }}/denyregex.rules'
|
||||
owner: '{{ proxy_user }}'
|
||||
group: '{{ proxy_user }}'
|
||||
mode: '0644'
|
||||
- src: 'squid/dstaddress.rules'
|
||||
- src: 'roles/network/templates/squid/dstaddress.rules'
|
||||
dest: '/etc/{{ proxy }}/dstaddress.rules'
|
||||
owner: '{{ proxy_user }}'
|
||||
group: '{{ proxy_user }}'
|
||||
mode: '0644'
|
||||
- src: 'squid/iiab-httpcache.j2'
|
||||
- src: 'roles/network/templates/squid/iiab-httpcache.j2'
|
||||
dest: '/usr/bin/iiab-httpcache'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
|
|
@ -64,7 +64,7 @@
|
|||
mode=0750
|
||||
state=directory
|
||||
|
||||
- include: dansguardian.yml
|
||||
- include_tasks: roles/network/tasks/dansguardian.yml
|
||||
when: dansguardian_install
|
||||
|
||||
#- name: Stop Squid
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
template: src=network/ifcfg-WAN.j2
|
||||
dest=/etc/sysconfig/network-scripts/ifcfg-WAN
|
||||
|
||||
- include: NM.yml
|
||||
- include_tasks: NM.yml
|
||||
when: 'ansible_distribution_version <= "20" and wan_ip != "dhcp"'
|
||||
|
||||
- name: Re-read network config files
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
- name: Copy Wondershaper service script
|
||||
template: backup=yes
|
||||
src=wondershaper/wondershaper.service
|
||||
src=roles/network/templates/wondershaper/wondershaper.service
|
||||
dest=/etc/systemd/system/wondershaper.service
|
||||
mode=0644
|
||||
|
||||
- name: Copy Wondershaper script
|
||||
template: backup=yes
|
||||
src=wondershaper/wondershaper.j2
|
||||
src=roles/network/templates/wondershaper/wondershaper.j2
|
||||
dest=/usr/bin/wondershaper
|
||||
owner=root
|
||||
group=root
|
||||
|
|
@ -20,7 +20,7 @@
|
|||
state=directory
|
||||
|
||||
- name: Copy Wondershaper config script
|
||||
template: src=wondershaper/wondershaper.conf
|
||||
template: src=roles/network/templates/wondershaper/wondershaper.conf
|
||||
dest=/etc/conf.d/wondershaper.conf
|
||||
owner=root
|
||||
group=root
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
#!/bin/bash -x
|
||||
source /etc/iiab/iiab.env
|
||||
{% if is_debuntu %}
|
||||
IPTABLES=/sbin/iptables
|
||||
IPTABLES_DATA=/etc/iptables.up.rules
|
||||
|
|
@ -6,8 +7,8 @@ IPTABLES_DATA=/etc/iptables.up.rules
|
|||
IPTABLES=/usr/sbin/iptables
|
||||
IPTABLES_DATA=/etc/sysconfig/iptables
|
||||
{% endif %}
|
||||
LANIF=`cat /etc/sysconfig/iiab_lan_device`
|
||||
WANIF=`cat /etc/sysconfig/iiab_wan_device`
|
||||
LANIF=$IIAB_LAN_DEVICE
|
||||
WANIF=$IIAB_WAN_DEVICE
|
||||
MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
|
||||
|
||||
clear_fw() {
|
||||
|
|
@ -33,7 +34,7 @@ $IPTABLES -A INPUT -p tcp --dport 5984 -j DROP
|
|||
$IPTABLES -A INPUT -p udp --dport 5984 -j DROP
|
||||
}
|
||||
|
||||
if [ "x$WANIF" == "x" ] || [ "$MODE" == 'Appliance' ]; then
|
||||
if [ "x$WANIF" == "xnone" ] || [ "$MODE" == 'Appliance' ]; then
|
||||
clear_fw
|
||||
# save the rule set
|
||||
{% if is_debuntu %}
|
||||
|
|
@ -119,7 +120,7 @@ if [ "$captive_portal_enabled" == "True" ];then
|
|||
$IPTABLES -t mangle -A internet -j MARK --set-mark 99
|
||||
$IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
|
||||
|
||||
elif [ -f /etc/sysconfig/xs_httpcache_on ]; then
|
||||
elif [ "$HTTPCACHE_ON" == "True" ]; then
|
||||
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue