diff --git a/iiab-network b/iiab-network index 0bef05005..d73978e63 100755 --- a/iiab-network +++ b/iiab-network @@ -11,16 +11,34 @@ if [ ! -f iiab-network.yml ]; then exit 1 fi -if [ ! -f /etc/iiab/config_vars.yml ]; then - echo "Creating stub /etc/iiab/config_vars.yml" - mkdir -p /etc/iiab - echo "{}" > /etc/iiab/config_vars.yml -fi - OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit if [ -f /etc/iiab/iiab.env ]; then echo "Reading /etc/iiab/iiab.env" + STAGE=0 source /etc/iiab/iiab.env + if grep -q STAGE= /etc/iiab/iiab.env ; then + echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env" + if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer" + exit 1 + elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range" + exit 1 + elif [ "$STAGE" -lt 3 ]; then + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE" + echo -e "\nIIAB Stage 3 not complete." + echo -e "\nPlease run: ./iiab-install" + exit 1 + fi + else + echo -e "\nEXITING: STAGE (counter) not found" + echo -e "\nIIAB not installed." + echo -e "\nPlease run: ./iiab-install" + exit 1 + fi +else + echo -e "\nEXITING: /etc/iiab/iiab.env not found" + exit 1 fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" diff --git a/roles/2-common/tasks/udev.yml b/roles/2-common/tasks/udev.yml index 2e16038d2..618c414b1 100644 --- a/roles/2-common/tasks/udev.yml +++ b/roles/2-common/tasks/udev.yml @@ -34,7 +34,7 @@ state: restarted when: udev_unit.stat.exists is defined and udev_unit.stat.exists -- name: Enable the udev-reload service during boot. +- name: Enable the udev-reload service during boot systemd: name: udev-reload enabled: yes diff --git a/roles/2-common/templates/iiab-startup.sh b/roles/2-common/templates/iiab-startup.sh index b563b908d..e84eab8f0 100644 --- a/roles/2-common/templates/iiab-startup.sh +++ b/roles/2-common/templates/iiab-startup.sh @@ -31,8 +31,8 @@ if [[ $(grep -i raspbian /etc/*release) && #) #]]; then - ip link set dev wlan0 promisc on - echo "wlan0 promiscuous mode ON, internal AP OFF: github.com/iiab/iiab/issues/638" +# ip link set dev wlan0 promisc on + echo "wlan0 promiscuous mode ON, internal AP OFF: github.com/iiab/iiab/issues/638 DISABLED" fi exit 0 diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index 4403d1e32..70a67d517 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -14,7 +14,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -calibreweb_version: 0.6.6 # WAS: master, 0.6.4, 0.6.5 +calibreweb_version: 0.6.7 # WAS: master, 0.6.4, 0.6.5, 0.6.7 calibreweb_venv_path: /usr/local/calibre-web-py3 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" diff --git a/roles/calibre/tasks/enable.yml b/roles/calibre/tasks/enable.yml deleted file mode 100644 index 21bde746b..000000000 --- a/roles/calibre/tasks/enable.yml +++ /dev/null @@ -1,49 +0,0 @@ -# 5. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC - -# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) -# -# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: -# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 -# (anyway this works great for calibre-web, allowing http://box/books -# to work even better than http://box:8083 when box == 192.168.0.x !) -- name: Attempt to enable http://box/calibre via Apache (UNTESTED) - command: a2ensite calibre.conf - when: apache_installed and calibre_enabled - -- name: Attempt to disable http://box/calibre via Apache (UNTESTED) - command: a2dissite calibre.conf - when: apache_installed and not calibre_enabled - -- name: Enable & Start service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal) - service: - name: calibre-serve - enabled: yes - state: started - when: calibre_enabled | bool - #async: 900 - #poll: 5 - -- name: Reload Apache service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - state: reloaded - -- name: Add 'calibre' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: calibre - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Calibre - - option: description - value: '"Calibre is an extremely popular personal library system for e-books."' - - option: url - value: "{{ calibre_src_url }}" - - option: database - value: "{{ calibre_dbpath }}" - - option: port - value: "{{ calibre_port }}" - - option: calibre_enabled - value: "{{ calibre_enabled }}" diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 1424a81b5..856fbfbf9 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -1,25 +1,28 @@ -# 1. INSTALL THE LATEST CALIBRE 3.X+ (calibre, calibredb, calibre-server etc) ON ALL OS'S +# 1. INSTALL CALIBRE 3.39.1+ or 4.12+ (calibre, calibredb, calibre-server etc) ON ALL OS'S -- name: Does /usr/bin/calibre exist? - stat: - path: "/usr/bin/calibre" - register: calib_executable - -- name: "Install OS's latest packages: calibre, calibre-bin (IF not rpi AND /usr/bin/calibre MISSING)" +- name: "Install OS's latest packages: calibre, calibre-bin" package: name: - calibre - calibre-bin state: latest - when: internet_available and not is_raspbian and (not calib_executable.stat.exists) -- name: Install Calibre .debs IF calibre_via_debs (AND /usr/bin/calibre WAS MISSING) - include_tasks: debs.yml - when: calibre_via_debs and (not calib_executable.stat.exists) +# 2020-04-29: AT YOUR OWN RISK, this *sometimes* works, e.g. to upgrade from +# Raspbian 10's Calibre 3.39.1 to "4.99.4+dfsg+really4.12.0-1" or higher, from: +# http://raspbian.raspberrypi.org/raspbian/pool/main/c/calibre/ +# http://archive.raspbian.org/raspbian/pool/main/c/calibre/ +# +#- name: Install Calibre via .debs (if Raspbian) +# command: scripts/calibre-install-latest-rpi.sh # WORKED for Calibre 3.33.1 on 2018-10-23. And Calibre 3.28 on 2018-07-26 (PR #971). Likewise for Calibre 3.26.x. FAILED with Calibre 3.24+ ("calibre : Depends: python-pyqt5 (>= 5.10.1+dfsg-2) but 5.10.1+dfsg-1+rpi1 is to be installed") since June 2018. +# when: is_raspbian | bool -- name: Install Calibre via calibre-installer.py IF calibre_via_python (AND /usr/bin/calibre WAS MISSING) - include_tasks: py-installer.yml - when: calibre_via_python and (not calib_executable.stat.exists) +# 2020-04-29: Can work *IF* you do 'apt install python2' and change top line +# of /opt/iiab/downloads/calibre-installer.py from '#!/usr/bin/env python2' +# to '#!/usr/bin/python2' e.g. to upgrade Calibre 4.12 on Ubuntu 20.04 LTS. +# +#- name: Install Calibre via py-installer.yml -> calibre-installer.py (if not Raspbian) +# include_tasks: py-installer.yml +# when: not is_raspbian # True Debian or any Ubuntu? # SEE calibre_via_python's value vars/default_vars.yml, vars/ubuntu-18.yml & # vars/raspbian-9.yml: try to AVOID Python installer on Raspbian since its @@ -34,19 +37,13 @@ # 2. SYSTEMD SERVICES -- name: Create calibre-serve.service and calibre.conf (IF /usr/bin/calibre WAS MISSING) +- name: Create /etc/systemd/system/calibre-serve.service and /etc/{{ apache_conf_dir }}/calibre.conf template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - backup: no - #register: calibre_config with_items: - - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'} - - { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}', mode: '0644'} - when: (not calib_executable.stat.exists) + - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service' } + - { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}' } # apache2/sites-available (this doesn't work, see #529: let's try to create /etc/nginx/conf.d/calibre-nginx.conf in future!) - name: Stop service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal) systemd: @@ -57,20 +54,15 @@ # 3. CREATE USER DATABASE -- name: Create /library/calibre (mandatory since Calibre 3.x) +- name: Create {{ calibre_dbpath }} (mandatory since Calibre 3.x) file: - path: "{{ calibre_dbpath }}" + path: "{{ calibre_dbpath }}" # /library/calibre state: directory - #mode: 0755 -- name: Copy template userdb to /library/calibre/users.sqlite (IF /usr/bin/calibre WAS MISSING) +- name: Copy template userdb to {{ calibre_userdb }} copy: src: /opt/iiab/iiab/roles/calibre/templates/users.sqlite - dest: "{{ calibre_userdb }}" - owner: root - group: root - mode: 0644 - when: (not calib_executable.stat.exists) + dest: "{{ calibre_userdb }}" # /library/calibre/users.sqlite # 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x) diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index 6b0a77d70..e5c9d11c1 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -1,5 +1,83 @@ -- include_tasks: install.yml - when: calibre_install and not calibre_installed is defined +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- include_tasks: enable.yml - when: calibre_install or calibre_installed is defined +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "calibre_install is sameas true" (boolean not string etc) + assert: + that: calibre_install is sameas true + fail_msg: "PLEASE SET 'calibre_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "calibre_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: calibre_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'calibre_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: calibre_installed is undefined + +# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) +# +# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: +# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 +# (anyway this works great for calibre-web, allowing http://box/books +# to work even better than http://box:8083 when box == 192.168.0.x !) +# +#- name: Attempt to enable http://box/calibre via Apache (UNTESTED) +# command: a2ensite calibre.conf +# when: apache_installed and calibre_enabled +# +#- name: Attempt to disable http://box/calibre via Apache (UNTESTED) +# command: a2dissite calibre.conf +# when: apache_installed and not calibre_enabled + +- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled + systemd: + daemon_reload: yes + name: calibre-serve + enabled: yes + state: restarted + when: calibre_enabled | bool + +- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled + systemd: + name: calibre-serve + enabled: no + state: stopped + when: not calibre_enabled + +#- name: Enable/Disable/Restart Apache if primary +# include_tasks: apache.yml +# when: not nginx_enabled +# +#- name: Enable/Disable/Restart NGINX if primary +# include_tasks: nginx.yml +# when: nginx_enabled | bool + + +- name: Add 'calibre' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Calibre + - option: description + value: '"Calibre is an extremely popular personal library system for e-books."' + - option: calibre_src_url + value: "{{ calibre_src_url }}" + - option: calibre_dbpath + value: "{{ calibre_dbpath }}" + - option: calibre_port + value: "{{ calibre_port }}" + - option: calibre_enabled + value: "{{ calibre_enabled }}" diff --git a/roles/kalite/tasks/enable.yml.unused b/roles/kalite/tasks/enable.yml.unused deleted file mode 100644 index 529cf86e8..000000000 --- a/roles/kalite/tasks/enable.yml.unused +++ /dev/null @@ -1,59 +0,0 @@ -# By the time we get here we should have ka-lite of some version -# And the systemd unit files should be defined - -- name: Enable & (re)start 'kalite-serve' service - systemd: - daemon_reload: yes - name: kalite-serve - enabled: yes - state: restarted - when: kalite_enabled - -- name: Disable & stop 'kalite-serve' service - systemd: - name: kalite-serve - enabled: no - state: stopped - when: not kalite_enabled - -# 2019-10-20: Below is for Fedora 18 (XO laptops) only. -# Since F18 we don't have a separate unit file for kalite-cron. -# -# SEE --skip-job-scheduler @ https://ka-lite.readthedocs.io/en/latest/usermanual/cli.html -# ...as implemented in templates/kalite-serve.service.j2 -# ...if not kalite_cron_enabled -# ...using {{ job_scheduler_stanza }} from kalite/tasks/install.yml - -- name: Enable & (re)start 'kalite-cron' service (F18) - service: - name: kalite-cron - enabled: yes - state: restarted - when: kalite_cron_enabled and is_F18 - -- name: Disable & stop 'kalite-cron' service (F18) - service: - name: kalite-cron - enabled: no - state: stopped - when: not kalite_cron_enabled and is_F18 - -- name: Add 'kalite' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: kalite - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: "KA Lite" - - option: description - value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' - - option: path - value: "{{ kalite_root }}" - - option: port - value: "{{ kalite_server_port }}" - - option: kalite_enabled - value: "{{ kalite_enabled }}" - - option: cron_enabled - value: "{{ kalite_cron_enabled }}" diff --git a/roles/kalite/tasks/install-f18.yml.unused b/roles/kalite/tasks/install-f18.yml.unused deleted file mode 100644 index 28cd4cb1c..000000000 --- a/roles/kalite/tasks/install-f18.yml.unused +++ /dev/null @@ -1,76 +0,0 @@ -# This is for Fedora 18, assumed to be an XO - -- name: Install dependent packages (Fedora 18) - package: - name: "{{ item }}" - state: present - with_items: - - python-psutil - - expect - when: is_F18 | bool - -- name: Install dependent pip packages (Fedora 18) - pip: - name: selenium - when: internet_available and is_F18 - -- name: Determine if KA Lite is already downloaded - stat: - path: "{{ downloads_dir }}/ka-lite" - register: kalite - -- name: Download the latest KA Lite repo - git: - repo: "{{ kalite_repo_url }}" - dest: "{{ downloads_dir }}/ka-lite" - depth: 1 - version: 0.13.x - ignore_errors: yes - when: internet_available and kalite.stat.exists is defined and not kalite.stat.exists - -- name: Create iiab-kalite user and password (Fedora 18) - user: - name: "{{ kalite_user }}" - password: "{{ kalite_password_hash }}" - update_password: on_create - -- name: Create kalite_root directory (Fedora 18) - file: - path: "{{ kalite_root }}" - owner: root - group: root - mode: 0755 - state: directory - -- name: Copy the KA Lite repo into place (Fedora 18) - command: "rsync -at {{ downloads_dir }}/ka-lite/ {{ kalite_root }}" - -- name: Make kalite_user owner - file: - path: "{{ kalite_root }}" - owner: "{{ kalite_user }}" - group: "{{ kalite_user }}" - recurse: yes - state: directory - -# local_settings is deprecated -- name: Copy local_settings file - template: - src: f18/local_settings.py.j2 - dest: "{{ kalite_root }}/kalite/local_settings.py" - owner: "{{ kalite_user }}" - group: "{{ kalite_user }}" - mode: 0644 - -- name: Create kalite-serve & kalite-cron services, and iiab_cronservectl.sh - template: - backup: no - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - with_items: - - { src: 'f18/kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'} - - { src: 'f18/kalite-cron.service.j2', dest: '/etc/systemd/system/kalite-cron.service', mode: '0644'} - - { src: 'f18/iiab_cronservectl.sh.j2', dest: '{{ kalite_root }}/scripts/iiab_cronservectl.sh', mode: '0755'} diff --git a/roles/kalite/tasks/install-old.yml.unused b/roles/kalite/tasks/install-old.yml.unused deleted file mode 100644 index 1e0879c58..000000000 --- a/roles/kalite/tasks/install-old.yml.unused +++ /dev/null @@ -1,95 +0,0 @@ -# For OS's other than Fedora 18 -- name: Download {{ kalite_requirements }} to {{ pip_packages_dir }}/kalite.txt - get_url: - url: "{{ kalite_requirements }}" - dest: "{{ pip_packages_dir }}/kalite.txt" # /opt/iiab/pip-packages/kalite.txt - timeout: "{{ download_timeout }}" - when: internet_available | bool - -# 2020-01-19: https://github.com/piwheels/packages/issues/74 says the following is not longer needed... -#- name: Run 'mv /etc/pip.conf /etc/pip.conf.see-iiab-issue-2139' as "TEMPORARY" workaround (2020-01-17) for piwheels.org's setuptools Python 2/3 brokenness on RPi (https://github.com/iiab/iiab/issues/2139) -# command: mv /etc/pip.conf /etc/pip.conf.see-iiab-issue-2139 -# ignore_errors: yes -# when: is_raspbian | bool - -#- name: Install KA Lite non-static + reqs file with pip - (debuntu) -# pip: requirements={{ pip_packages_dir }}/kalite.txt -# virtualenv={{ kalite_venv }} -# virtualenv_site_packages=no -# extra_args="--no-cache-dir" -# extra_args="--disable-pip-version-check" -# when: internet_available and is_debuntu - -- name: Install KA Lite static to {{ kalite_venv }}, using pip (debuntu) - pip: - name: ka-lite-static - version: "{{ kalite_version }}" - virtualenv: "{{ kalite_venv }}" - virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv - virtualenv_python: python2.7 - extra_args: "--no-cache-dir" -# extra_args="--disable-pip-version-check" - when: internet_available and is_debuntu - -#- name: Install KA Lite non-static + reqs file with pip (OS's other than debuntu) -# pip: requirements={{ pip_packages_dir }}/kalite.txt -# virtualenv={{ kalite_venv }} -# virtualenv_site_packages=no -# extra_args="--no-cache-dir" -# extra_args="--disable-pip-version-check" -# when: internet_available and not is_debuntu - -- name: Install KA Lite static to {{ kalite_venv }}, using pip (OS's other than debuntu) - pip: - name: ka-lite-static - version: "{{ kalite_version }}" - virtualenv: "{{ kalite_venv }}" - virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv - virtualenv_python: python2.7 -# extra_args="--no-cache-dir" -# extra_args="--disable-pip-version-check" - when: internet_available and not is_debuntu - -# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-* -# pkgs are not installed FWIW. But it's included to safeguard us across all -# OS's, in case others OS's like Ubermix later appear. See #1382 for details. -# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix! -- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix - shell: apt -y remove "libgeos-*" - -# 2019-10-20: For Fedora 18 legacy (XO laptops) specially -- name: Default is to have cronserve started with KA Lite - set_fact: - job_scheduler_stanza: "" - -- name: Add --skip-job-scheduler to start if cronserve not enabled - set_fact: - job_scheduler_stanza: "--skip-job-scheduler " - when: not kalite_cron_enabled - -- name: "Install from template: venv wrapper /usr/bin/kalite, systemd unit file kalite-serve.service, Apache's kalite.conf" - template: - backup: no - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - with_items: - - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755'} - - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'} - - { src: 'kalite.conf', dest: '/etc/{{ apache_conf_dir }}', mode: '0644'} - -- name: Fix KA Lite bug in regex parsing ifconfig output, for @m-anish's network names that contain dashes - replace: - path: /usr/local/kalite/venv/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py - regexp: 'a-zA-Z0-9' - replace: 'a-zA-Z0-9\-' - - -# RECORD KA Lite AS INSTALLED - -# TO DO: move the last 2 stanzas from setup.yml so they live right here, -# as any action named "install.yml" should do exactly what it says (install!) diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 7335cafbe..18f46dc65 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -30,7 +30,7 @@ name: kalite-serve enabled: yes state: restarted - when: kalite_enabled + when: kalite_enabled | bool - name: Disable & Stop 'kalite-serve' service, if not kalite_enabled systemd: diff --git a/roles/kalite/tasks/setup-f18.yml.unused b/roles/kalite/tasks/setup-f18.yml.unused deleted file mode 100644 index 23037d260..000000000 --- a/roles/kalite/tasks/setup-f18.yml.unused +++ /dev/null @@ -1,14 +0,0 @@ -# This is for Fedora 18, assumed to be an XO - -- name: Run the setup using 'kalite manage' (Fedora 18) - command: "/usr/bin/su {{ kalite_user }} -c '{{ kalite_root }}/bin/kalite manage setup --username={{ kalite_user }} --password={{ kalite_password }} --noinput'" - async: 900 - poll: 10 - -- name: Finish setup by running 'kalite start' (Fedora 18) - command: "/usr/bin/su {{ kalite_user }} -c '{{ kalite_root }}/bin/kalite start'" - async: 900 - poll: 10 - -- name: Stop kalite server started in previous step because we use systemd - command: "/usr/bin/su {{ kalite_user }} -c '{{ kalite_root }}/bin/kalite stop'" diff --git a/roles/kalite/tasks/setup.yml.unused b/roles/kalite/tasks/setup.yml.unused deleted file mode 100644 index 7884e6be2..000000000 --- a/roles/kalite/tasks/setup.yml.unused +++ /dev/null @@ -1,32 +0,0 @@ -# For OS's other than Fedora 18 - -- name: Create {{ kalite_root }} directory - file: - path: "{{ kalite_root }}/httpsrv/static" # /library/ka-lite - # owner: root - # group: root - # mode: 0755 - state: directory - -- name: Run the setup using 'kalite manage' - command: "{{ kalite_program }} manage setup --username={{ kalite_admin_user }} --password={{ kalite_admin_password }} --noinput" # Runs /usr/local/kalite/venv/bin/kalite - environment: - KALITE_HOME: "{{ kalite_root }}" # /library/ka-lite - async: 1800 - poll: 10 - - -# RECORD KA Lite AS INSTALLED - -# TO DO: move these last 2 stanzas to install.yml, -# as any action named "install.yml" should do exactly what it says (install!) - -- name: "Set 'kalite_installed: True'" - set_fact: - kalite_installed: True - -- name: "Add 'kalite_installed: True' to {{ iiab_state_file }}" - lineinfile: - path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^kalite_installed' - line: 'kalite_installed: True' diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 7cdf5b37c..d1928bdb2 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -25,19 +25,12 @@ # # hostapd_install: True # 2020-01-21: do not rely on this var for now (might be implemented in future) # hostapd_enabled: True -# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is -# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes -# and content is downloaded, to enable the internal WiFi Access Point / AP!) -# -# reboot_to_AP: False -# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above -# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless. -# -# Above 2 vars set in /opt/iiab/iiab/vars/default_vars.yml -# +# Above set in /opt/iiab/iiab/vars/default_vars.yml + hostapd_wait: 5 host_wireless_n: False driver_name: nl80211 +ap0_mac_addr: b8:27:99:12:34:56 # DNS / name resolution # dhcpd_install: False @@ -61,13 +54,14 @@ strict_networking: False iiab_demo_mode: False gui_static_wan: False wan_cidr: +virtual_network_devices: "-e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth" # Set defaults for discovery process as strings wifi1: "not found-1" wifi2: "not found-2" -ap_device: "none" +exclude_device: "none" device_gw: "none" -device_gw2: "" +prior_gw_device: "" iiab_wan_iface: "none" iiab_lan_iface: "none" diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 0c095a4bb..7b3a356f5 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -3,27 +3,39 @@ include_tasks: down-debian.yml # provide keyfile layout like the XO's used way back. -- name: Create uuid for NM's keyfile store - shell: uuidgen - register: uuid_response +#- name: Create uuid for NM's keyfile store +# shell: uuidgen +# register: uuid_response -- name: Put the uuid in place - set_fact: - gen_uuid: "{{ uuid_response.stdout_lines[0] }}" +#- name: Put the uuid in place +# set_fact: +# gen_uuid: "{{ uuid_response.stdout_lines[0] }}" -# NM might have a watcher on this path and we don't have to restart NM -- name: Copy the bridge script for NetworkManager - template: - dest: /etc/NetworkManager/system-connections/ - src: network/bridge-br0 - mode: 0600 - when: iiab_network_mode != "Appliance" - -- name: Remove br0 in Appliance Mode for NetworkManager +# systemd-networkd handles br0 except for Raspbian +- name: Remove stale br0 for NetworkManager file: dest: /etc/NetworkManager/system-connections/bridge-br0 state: absent - when: iiab_network_mode == "Appliance" + +- name: Copy ap0-manage.conf for NetworkManager + template: + dest: /etc/NetworkManager/conf.d/ap0-manage.conf + src: network/ap0-manage.conf + mode: 0644 + when: wifi_up_down + +- name: Copy manage.conf for NetworkManager when wifi_up_down False + template: + dest: /etc/NetworkManager/conf.d/wifi-manage.conf + src: network/manage.conf.j2 + mode: 0644 + when: discovered_wireless_iface != "none" and not wifi_up_down + +- name: Remove manage.conf for NetworkManager when wifi_up_down True + file: + dest: /etc/NetworkManager/conf.d/wifi-manage.conf + state: absent + when: wifi_up_down - name: Removing static for NetworkManager file: @@ -58,16 +70,6 @@ mode: 0600 when: wan_ip != "dhcp" -- name: Stop wpa_supplicant service - service: - name: wpa_supplicant - state: stopped - when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" - -- name: Mask wpa_supplicant - shell: systemctl mask wpa_supplicant - when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" - - name: Reload systemd systemd: daemon_reload: yes diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index fb27dc7b5..08540b94e 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -6,20 +6,6 @@ user_wan_iface: "{{ discovered_wan_iface }}" when: not (discovered_wan_iface == "none") and not (xo_model == "none") and has_ifcfg_gw == "none" -#- name: Checking for NetworkManager-config-server -# shell: rpm -qa | grep NetworkManager-config-server | wc -l -# register: strict_networking_check - -#- name: Found Checking for NetworkManager-config-server -# set_fact: -# strict_networking: True -# when: strict_networking_check == "1" - -#- name: Use restricted network features -# set_fact: -# iiab_demo_mode: True -# when: teamviewer_install and not strict_networking - - name: XO laptop wants USB WiFi interface as AP mode set_fact: iiab_wireless_lan_iface: "{{ discovered_lan_iface }}" @@ -62,7 +48,7 @@ user_wan_iface: "none" when: not iiab_wan_enabled -# gui wants LanController # keeps ifcfg-WAN but onboot=no +# gui wants LanController # the change over might be a little bumpy ATM. - name: Setting GUI wants 'LanController' set_fact: @@ -71,10 +57,9 @@ iiab_gateway_enabled: "False" when: gui_desired_network_role is defined and gui_desired_network_role == "LanController" -# device_gw is used with the LAN detection and LAN's ifcfg file deletion. -# single interface vars/ users would need to set iiab_wan_enabled False as above, to disable the WAN -# and set user_lan_iface = to suppress the auto detection for the same effect. - +# discovered_wan_iface is used with the LAN detection, single interface vars/ users would +# need to set iiab_wan_enabled False as above, to disable the WAN and set +# user_lan_iface: to suppress the auto detection for the same effect. - name: Setting user_lan_iface for 'LanController' for single interface set_fact: user_lan_iface: "{{ discovered_wan_iface }}" @@ -143,24 +128,6 @@ iiab_lan_iface: "{{ user_lan_iface }}" when: not (user_lan_iface == "auto") -# so this works -- name: Interface count - shell: ls /sys/class/net | grep -v -e lo -e bridge0 -e veth -e "br-*" -e docker| wc | awk '{print $1}' - register: adapter_count - -# well if there ever was a point to tell the user things are FUBAR this is it. -- name: We're hosed no work interfaces - set_fact: - iiab_network_mode: "No_network_found" - when: adapter_count.stdout|int == 0 - -# well if there ever was a point to tell the user things are FUBAR this is it. -- name: I'm not guessing declare gateway please - set_fact: - iiab_network_mode: "Undetectable_use_local_vars" - iiab_wan_iface: "none" - when: adapter_count.stdout|int >= 5 and device_gw == "none" and gui_wan_iface == "unset" and gui_static_wan is defined - - name: Record IIAB_WAN_DEVICE to {{ iiab_env_file }} lineinfile: path: "{{ iiab_env_file }}" @@ -197,11 +164,3 @@ value: "{{ iiab_lan_iface }}" - option: iiab_network_mode value: "{{ iiab_network_mode }}" - - option: hostapd_enabled - value: "{{ hostapd_enabled }}" - - option: host_ssid - value: "{{ host_ssid }}" - - option: host_wifi_mode - value: "{{ host_wifi_mode }}" - - option: host_channel - value: "{{ host_channel }}" diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 72fdd951c..26523cd1c 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -3,6 +3,7 @@ dansguardian_enabled: False squid_enabled: False wondershaper_enabled: False + hostapd_enabled: False iiab_network_mode: "Appliance" when: iiab_lan_iface == "none" or user_lan_iface == "none" @@ -74,3 +75,11 @@ value: "{{ dnsmasq_enabled }}" - option: no_net_restart value: "{{ no_net_restart }}" + - option: hostapd_enabled + value: "{{ hostapd_enabled }}" + - option: host_ssid + value: "{{ host_ssid }}" + - option: host_wifi_mode + value: "{{ host_wifi_mode }}" + - option: host_channel + value: "{{ host_channel }}" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 25f71d48d..c6d73192f 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,23 +1,36 @@ -- name: iiab_wan_device - shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}' - when: iiab_stage|int > 4 - register: prior_gw +# so this works +- name: Interface count + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}' + register: adapter_count + +# well if there ever was a point to tell the user things are FUBAR this is it. +- name: We're hosed no work interfaces + fail: # FORCE IT RED THIS ONCE! + msg: "No_network_found" + when: adapter_count.stdout|int == 0 - name: Checking for old device gateway interface for device test + shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}' + when: iiab_stage|int == 9 + register: prior_gw + +- name: Setting device_gw, prior_gw_device set_fact: device_gw: "{{ prior_gw.stdout }}" - device_gw2: "{{ prior_gw.stdout }}" - when: iiab_stage|int > 4 and prior_gw is defined and prior_gw.stdout != "" + prior_gw_device: "{{ prior_gw.stdout }}" + when: prior_gw.stdout is defined and prior_gw.stdout != "" -- name: Setting WAN if detected +- name: Setting WAN, device_gw if detected set_fact: iiab_wan_iface: "{{ discovered_wan_iface }}" device_gw: "{{ discovered_wan_iface }}" when: ansible_default_ipv4.gateway is defined -- name: Red Hat network detection (redhat) - include_tasks: detected_redhat.yml - when: is_redhat | bool +- name: Figure out netplan file name + shell: ls /etc/netplan + register: netplan + ignore_errors: True # pre 17.10 doesn't use netplan + when: is_ubuntu - name: Setting dhcpcd_test results set_fact: @@ -75,16 +88,15 @@ set_fact: wifi2: "{{ item|trim }}" discovered_wireless_iface: "{{ item|trim }}" - when: wireless_list2.stdout is defined and not wireless_list2.stdout == "ap0" + when: wireless_list2.stdout is defined and item|trim != "ap0" with_items: - "{{ wireless_list2.stdout_lines }}" #item|trim != discovered_wan_iface - name: Count WiFi ifaces - shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}' | wc -l" + shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}' | grep -v -e ap0 | wc -l" register: count_wifi_interfaces -# facts are apparently all stored as text, so do text comparisons from here on - name: Remember number of WiFi devices set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" @@ -94,16 +106,16 @@ - name: XO laptop override 2 WiFi on LAN set_fact: - ap_device: "eth0" + exclude_device: "eth0" when: iiab_wan_iface != "eth0" and discovered_wireless_iface != "none" and xo_model == "XO-1.5" -- name: Exclude reserved WiFi adapter if defined - takes adapter name +- name: Exclude reserved Network Adapter if defined - takes adapter name set_fact: - ap_device: "{{ reserved_wifi }}" - when: reserved_wifi is defined and discovered_wireless_iface != iiab_wan_iface and num_wifi_interfaces >= "2" + exclude_device: "{{ reserved_device }}" + when: reserved_device is defined - name: Count LAN ifaces - shell: ls /sys/class/net | grep -v -e ap0 -e wwlan -e ppp -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e {{ device_gw }} -e {{ ap_device }} | wc -l + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_device }} | wc -l register: num_lan_interfaces_result - name: Calculate number of LAN interfaces including WiFi @@ -112,7 +124,7 @@ # LAN - pick non WAN's - name: Create list of LAN (non WAN) ifaces - shell: ls /sys/class/net | grep -v -e ap0 -e wwlan -e ppp -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e {{ device_gw }} -e {{ ap_device }} + shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} -e wwlan -e ppp -e {{ device_gw }} -e {{ exclude_device }} when: num_lan_interfaces != "0" register: lan_list_result @@ -133,20 +145,22 @@ with_items: - "{{ lan_list_result.stdout_lines }}" -- name: Set iiab_wireless_lan_iface if present + +- name: Set iiab_wireless_lan_iface to {{ discovered_wireless_iface }} if not none set_fact: iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" - when: discovered_wireless_iface is defined and discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface + when: discovered_wireless_iface != "none" and not wifi_up_down + +- name: Set iiab_wireless_lan_iface to ap0 if WiFi device is present + set_fact: + iiab_wireless_lan_iface: ap0 + when: discovered_wireless_iface != "none" and wifi_up_down - name: Set iiab_wired_lan_iface if present set_fact: iiab_wired_lan_iface: "{{ discovered_wired_iface }}" when: discovered_wired_iface is defined and discovered_wired_iface != "none" and discovered_wired_iface != iiab_wan_iface and not is_raspbian -#unused -#- name: Get a list of ifcfg files to delete -# moved to detected_redhat - # use value only if present - name: 2 or more devices on the LAN - use bridging set_fact: @@ -197,8 +211,8 @@ with_items: - option: has_ifcfg_gw value: "{{ has_ifcfg_gw }}" - - option: prior_gateway_(device_gw2) - value: "{{ device_gw2 }}" + - option: prior_gateway_device + value: "{{ prior_gw_device }}" - option: dhcpcd_result value: "{{ dhcpcd_result }}" - option: network_manager_active @@ -227,3 +241,10 @@ value: "{{ iiab_lan_iface }}" - option: iiab_wan_iface value: "{{ iiab_wan_iface }}" + +# well if there ever was a point to tell the user things are FUBAR this is it. +# limit 2 network adapters wifi wired +- name: I'm not guessing declare gateway please + fail: # FORCE IT RED THIS ONCE! + msg: "Undetectable gateway or prior gateway for use with static network addressing from admin-console use local_vars to declare user_wan_iface" + when: adapter_count.stdout|int >=3 and gui_wan_iface == "unset" and gui_static_wan diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index b0df14178..60d28a9f4 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -79,23 +79,23 @@ #- debug: # var: nd_enabled -- name: Check if /etc/networkd-dispatcher/routable.d exists - stat: - path: /etc/networkd-dispatcher/routable.d - register: nd_dir +#- name: Check if /etc/networkd-dispatcher/routable.d exists +# stat: +# path: /etc/networkd-dispatcher/routable.d +# register: nd_dir #- debug: # var: nd_dir #- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and networkd-dispatcher is enabled, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04) -- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04) - template: - src: roles/network/templates/network/dnsmasq.sh.j2 - dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh - mode: 0755 - owner: root - group: root - when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") +#- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04) +# template: +# src: roles/network/templates/network/dnsmasq.sh.j2 +# dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh +# mode: 0755 +# owner: root +# group: root +# when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") diff --git a/roles/network/tasks/NM.yml b/roles/network/tasks/fedora/NM.yml similarity index 100% rename from roles/network/tasks/NM.yml rename to roles/network/tasks/fedora/NM.yml diff --git a/roles/network/tasks/fedora/create_ifcfg.yml.deprecated b/roles/network/tasks/fedora/create_ifcfg.yml.deprecated new file mode 100644 index 000000000..7c982dbd2 --- /dev/null +++ b/roles/network/tasks/fedora/create_ifcfg.yml.deprecated @@ -0,0 +1,17 @@ +- name: Stop 'Wired WAN connection' + shell: nmcli dev disconnect {{ discovered_wan_iface }} + ignore_errors: True + changed_when: False + when: discovered_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" + +# set user_wan_iface: for static +# use wan_* for static info +- name: Supply ifcfg-WAN file + template: src=network/ifcfg-WAN.j2 + dest=/etc/sysconfig/network-scripts/ifcfg-WAN + when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" + +- name: Now setting ifcfg-WAN True after creating file + set_fact: + has_WAN: True + when: iiab_wan_iface != "none" and has_ifcfg_gw == "none" diff --git a/roles/network/tasks/detected_redhat.yml b/roles/network/tasks/fedora/detected_redhat.yml similarity index 100% rename from roles/network/tasks/detected_redhat.yml rename to roles/network/tasks/fedora/detected_redhat.yml diff --git a/roles/network/tasks/edit_ifcfg.yml b/roles/network/tasks/fedora/edit_ifcfg.yml similarity index 100% rename from roles/network/tasks/edit_ifcfg.yml rename to roles/network/tasks/fedora/edit_ifcfg.yml diff --git a/roles/network/tasks/enable_wan.yml b/roles/network/tasks/fedora/enable_wan.yml similarity index 100% rename from roles/network/tasks/enable_wan.yml rename to roles/network/tasks/fedora/enable_wan.yml diff --git a/roles/network/tasks/fedora/hosts.yml.deprecated b/roles/network/tasks/fedora/hosts.yml.deprecated new file mode 100644 index 000000000..ce4a7467f --- /dev/null +++ b/roles/network/tasks/fedora/hosts.yml.deprecated @@ -0,0 +1,28 @@ +# this (hosts.yml) WAS invoked by roles/network/tasks/main.yml up until 2019-12-10 + +#TODO: Use vars instead of hardcoded values +- name: Remove FQDN with 172.18.96.1 in /etc/hosts without LAN (if iiab_lan_iface == "none" and not installing) + lineinfile: + path: /etc/hosts + regexp: '^172\.18\.96\.1' + state: absent + when: iiab_lan_iface == "none" and not installing + +- name: Configure FQDN with 172.18.96.1 in /etc/hosts with LAN (if iiab_lan_iface != "none" and not installing) + lineinfile: + path: /etc/hosts + regexp: '^172\.18\.96\.1' + line: '172.18.96.1 {{ iiab_hostname }}.{{ iiab_domain }} {{ iiab_hostname }} box box.lan' + state: present + when: not (iiab_lan_iface == "none") and not installing + +# roles/0-init/tasks/hostname.yml ALSO does this: +- name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)' + lineinfile: + path: /etc/hosts + regexp: '^127\.0\.0\.1' + line: '127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan' + owner: root + group: root + mode: 0644 + when: iiab_lan_iface == "none" and not installing diff --git a/roles/network/tasks/ifcfg_mods.yml b/roles/network/tasks/fedora/ifcfg_mods.yml similarity index 100% rename from roles/network/tasks/ifcfg_mods.yml rename to roles/network/tasks/fedora/ifcfg_mods.yml diff --git a/roles/network/tasks/redetect.yml b/roles/network/tasks/fedora/redetect.yml similarity index 100% rename from roles/network/tasks/redetect.yml rename to roles/network/tasks/fedora/redetect.yml diff --git a/roles/network/tasks/static.yml b/roles/network/tasks/fedora/static.yml similarity index 100% rename from roles/network/tasks/static.yml rename to roles/network/tasks/fedora/static.yml diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 386eafb92..8ecd42cd1 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,7 +1,23 @@ -- name: Turn off hostapd when no wifi interface present or in "Appliance Mode" +- name: Unmask the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + masked: no + +- name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present set_fact: hostapd_enabled: False - when: not iiab_wireless_lan_iface is defined or iiab_network_mode == "Appliance" + when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" + +- name: Detect current Wifi channel + shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 + register: current_host_channel + when: discovered_wireless_iface != "none" + +- name: Setting WiFi channel to {{ current_host_channel.stdout }} + set_fact: + host_channel: "{{ current_host_channel.stdout }}" + when: current_host_channel.stdout is defined and current_host_channel.stdout != "" and current_host_channel.stdout|int <= 13 - name: Create /etc/hostapd/hostapd.conf from template template: @@ -14,21 +30,38 @@ - name: Create backup /etc/hostapd/hostapd.conf.iiab from template template: - src: hostapd/iiab-hostapd.conf.j2 + src: hostapd/hostapd.conf.j2 dest: /etc/hostapd/hostapd.conf.iiab owner: root group: root mode: 0644 when: discovered_wireless_iface != "none" -- name: Use custom systemd unit file to start 'hostapd' service +- name: Generate new random mac address for ap0 + shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' + register: ap0_mac + +- name: Setting ap0 mac address for use in hostapd service file + set_fact: + ap0_mac_addr: "{{ ap0_mac.stdout }}" + +- name: Use custom 'hostapd' systemd service unit file using ap0 when wifi_up_down template: src: hostapd/hostapd.service.j2 dest: /etc/systemd/system/hostapd.service owner: root group: root mode: 0644 - when: discovered_wireless_iface != "none" + when: discovered_wireless_iface != "none" and wifi_up_down + +- name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down + template: + src: hostapd/hostapd.legacy.j2 + dest: /etc/systemd/system/hostapd.service + owner: root + group: root + mode: 0644 + when: discovered_wireless_iface != "none" and not wifi_up_down - name: Create /usr/bin/iiab-hotspot-on from template template: @@ -37,7 +70,6 @@ owner: root group: root mode: 0755 - when: is_raspbian | bool - name: Create /usr/bin/iiab-hotspot-off from template template: @@ -46,14 +78,60 @@ owner: root group: root mode: 0755 - when: is_raspbian | bool -- name: Disable the Access Point 'hostapd' service - systemd: - name: hostapd - enabled: no -# cheap workaround for when /etc/init.d is populated -# when: not hostapd_enabled +- name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True + template: + src: hostapd/50-hostapd + dest: /lib/dhcpcd/dhcpcd-hooks/50-hostapd + owner: root + group: root + mode: 0644 + when: is_raspbian and wifi_up_down + +- name: Remove dhcpcd hook for hostapd if WiFi is not split using ap0 + file: + path: /lib/dhcpcd/dhcpcd-hooks/50-hostapd + state: absent + when: is_raspbian and not wifi_up_down + +- name: Create networkd-dispatcher diagnosic hook for recording network events + template: + owner: root + group: root + mode: 0755 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/carrier.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/degraded.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/dormant.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/no-carrier.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/off.d/00-iiab-debug' } + - { src: 'hostapd/00-iiab-debug', dest: '/etc/networkd-dispatcher/routable.d/00-iiab-debug' } + when: systemd_networkd_active and discovered_wireless_iface != "none" + +- name: Create networkd-dispatcher hook for hostapd wifi_up_down True + template: + owner: root + group: root + mode: 0755 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } + - { src: 'hostapd/netd-disp', dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } + when: systemd_networkd_active and discovered_wireless_iface != "none" and wifi_up_down + +- name: Remove networkd-dispatcher hook wifi_up_down False + file: + path: "{{ item.dest }}" + state: absent + with_items: + - { dest: '/etc/networkd-dispatcher/carrier.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/no-carrier.d/iiab-wifi' } + - { dest: '/etc/networkd-dispatcher/routable.d/iiab-wifi' } + when: systemd_networkd_active and discovered_wireless_iface != "none" and not wifi_up_down - name: Enable the Access Point 'hostapd' service systemd: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index b2729314b..fe61a9c0f 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,13 +1,12 @@ - include_tasks: detected_network.yml - when: not installing # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml - name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY set_fact: - hostapd_enabled: False # used in (1) hostapd.yml, (2) rpi_debian.yml + - # (3) its dhcpcd.conf.j2, (4) restart.yml no_net_restart: True # used below in (1) sysd-netd-debian.yml, - # (2) debian.yml, (3) rpi_debian.yml - when: discovered_wireless_iface == iiab_wan_iface and not reboot_to_AP + # (2) debian.yml, (3) rpi_debian.yml, + # (4) NM-debian.yml + when: discovered_wireless_iface == iiab_wan_iface + # EITHER WAY: hostapd_enabled's state is RECORDED into {{ iiab_env_file }} # in hostapd.yml for later use by... # /usr/libexec/iiab-startup.sh, iiab-hotspot-off & iiab-hotspot-on @@ -25,9 +24,6 @@ # when: is_raspbian and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP - include_tasks: computed_network.yml - when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml - -- include_tasks: hostapd.yml #- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network # set_fact: @@ -35,13 +31,6 @@ # hostapd_enabled: False # when: is_raspbian and discovered_wireless_iface is defined and discovered_wired_iface != iiab_wan_iface -##### Start static ip address info for first run ##### -#- include_tasks: static.yml -# when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"' -##### End static ip address info - -#- include_tasks: hosts.yml - - name: Configure wondershaper include_tasks: wondershaper.yml when: wondershaper_install or wondershaper_installed is defined @@ -58,9 +47,15 @@ include_tasks: squid.yml when: squid_install and FQDN_changed and iiab_stage|int == 9 +#preprep for backends +- name: Netplan in use on Ubuntu 18.04+ + include_tasks: netplan.yml + when: is_ubuntu and not is_ubuntu_16 + #### Start services - include_tasks: avahi.yml +- include_tasks: hostapd.yml - include_tasks: computed_services.yml - include_tasks: enable_services.yml @@ -73,12 +68,6 @@ when: is_redhat | bool #and not installing -- name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 - #when: is_ubuntu_18 | bool - #and not installing - - name: NetworkManager in use include_tasks: NM-debian.yml when: is_debuntu and network_manager_active @@ -89,7 +78,7 @@ when: is_debuntu and systemd_networkd_active #and not installing -- name: RPi's have dhcpcd in use +- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active include_tasks: rpi_debian.yml when: is_raspbian #and not installing diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 69959b77f..0eb96166b 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,20 +1,14 @@ -- name: Figure out netplan file name - shell: ls /etc/netplan - register: netplan - - name: Disable cloud-init the easy way shell: touch /etc/cloud/cloud-init.disabled - when: ("item" == "50-cloud-init.yaml") + when: item|trim == "50-cloud-init.yaml" with_items: - "{{ netplan.stdout_lines }}" -- name: Remove stock netplan template - file: - state: absent - path: /etc/netplan/{{ item }} +- name: Moving 50-cloud-init.yaml to 02-iiab-config.yaml + shell: mv /etc/netplan/50-cloud-init.yaml /etc/netplan/02-iiab-config.yaml + when: netplan.stdout.find("yaml") != -1 and item|trim == "50-cloud-init.yaml" with_items: - "{{ netplan.stdout_lines }}" - when: netplan.stdout.find("yaml") != -1 - name: Cheap way to do systemd unmask file: @@ -29,25 +23,46 @@ - systemd-networkd-wait-online when: systemd_networkd_active | bool +- name: Unmask and enable the systemd-networkd service for br0 + systemd: + name: systemd-networkd + enabled: yes + masked: no + when: network_manager_active | bool and iiab_lan_iface == "br0" + +- name: Ensure systemd-networkd gets enabled for br0 + set_fact: + systemd_networkd_active: True + when: network_manager_active | bool and iiab_lan_iface == "br0" + # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and # overrides gui_static_wan_ip that is present. Changing wan_ip in local_vars # is a oneway street to static. -- name: Static IP computing CIDR - shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}' - register: CIDR - when: wan_ip != "dhcp" +#- name: Static IP computing CIDR +# shell: netmask {{ wan_ip }}/{{ wan_netmask }} | awk -F "/" '{print $2}' +# register: CIDR +# when: wan_ip != "dhcp" -- name: Static IP setting CIDR - set_fact: - wan_cidr: "{{ CIDR.stdout }}" - when: wan_ip != "dhcp" +#- name: Static IP setting CIDR +# set_fact: +# wan_cidr: "{{ CIDR.stdout }}" +# when: wan_ip != "dhcp" -- name: Supply netplan template - template: - dest: /etc/netplan/01-iiab-config.yaml - src: network/netplan.j2 - backup: no +- name: Remove stock netplan template + file: + state: absent + path: /etc/netplan/{{ item }} + when: netplan.stdout.find("yaml") != -1 and item|trim != "02-iiab-config.yaml" and wan_ip != "dhcp" + with_items: + - "{{ netplan.stdout_lines }}" + +#- name: Supply netplan template +# template: +# dest: /etc/netplan/01-iiab-config.yaml +# src: network/netplan.j2 +# backup: no +# when: iiab_wan_iface != discovered_wireless_iface and wan_ip != "dhcp" # should blow up here if we messed up the yml file #- name: Generate netplan config diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 6c6720d3c..c87609893 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,8 +1,14 @@ -- name: Restart hostapd when WiFi is present +#iiab_wireless_lan_iface(wlan0) - wifi_up_down False needs hw +#iiab_wireless_lan_iface(ap0) - wifi_up_down True needs hw +#hostapd_enabled False - set in hostapd.yml to avoid the enable with wifi_up_down False +#no_net_restart: True - main.yml discovered_wireless_iface == iiab_wan_iface +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway systemd: name: hostapd state: restarted - when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance" +# when: iiab_wireless_lan_iface is defined and hostapd_enabled and discovered_wireless_iface != iiab_wan_iface +# when: hostapd_enabled and iiab_wireless_lan_iface is defined and discovered_wireless_iface == iiab_wireless_lan_iface + when: hostapd_enabled and not no_net_restart - name: Start named service systemd: @@ -53,6 +59,11 @@ creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway when: iiab_network_mode == "Gateway" +#netplan de-configures pre-created bridged interfaces +#- name: Reload netplan when Wifi is not gateway on Ubuntu 18+ +# shell: netplan apply +# when: not no_net_restart and is_ubuntu and netplan.stdout.find("yaml") != -1 + - name: Waiting {{ hostapd_wait }} seconds for network to stabilize (dnsmasq will fail if br0 isn't in a 'up' state!) shell: sleep {{ hostapd_wait }} @@ -61,7 +72,7 @@ - name: Checking if WiFi slave is active shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l - when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_lan_iface == "br0" + when: hostapd_enabled and discovered_wireless_iface != iiab_wan_iface and iiab_lan_iface == "br0" register: wifi_slave - name: Restart hostapd if WiFi slave is inactive @@ -70,10 +81,13 @@ state: restarted when: hostapd_enabled and wifi_slave.stdout is defined and wifi_slave.stdout == 0 +#both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0 - name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} systemd: name: "{{ dhcp_service2 }}" state: restarted - when: not no_net_restart + when: (not no_net_restart) or wifi_up_down #when: (iiab_network_mode != "Appliance") # Sufficient b/c br0 exists thanks to /etc/network/interfaces.d/iiab #when: iiab_network_mode != "Appliance" and iiab_wan_iface != discovered_wireless_iface +#keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address +#due to hostapd didn't go to a carrier state. All others should get dnsmasq restarted diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 7bc70071b..1b652e831 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -11,11 +11,14 @@ src: network/systemd-br0-network.j2 when: iiab_lan_iface == "br0" -- name: Copy the bridge script - Assigns br0 wired slaves +# can be more than one wired interface +- name: Wired enslaving - Assigns lan_list_results to br0 as wired slaves if present template: - dest: /etc/systemd/network/IIAB-Slave.network src: network/systemd-br0-slave.j2 - when: iiab_wired_lan_iface is defined and iiab_lan_iface == "br0" + dest: /etc/systemd/network/IIAB-Slave-{{ item|trim }}.network + with_items: + - "{{ lan_list_result.stdout_lines }}" + when: iiab_wired_lan_iface is defined and num_lan_interfaces|int >= 1 and not network_manager_active - name: Remove static WAN template file: @@ -33,11 +36,12 @@ wan_cidr: "{{ CIDR.stdout }}" when: wan_ip != "dhcp" -- name: Supply static WAN template (ubuntu-16) +- name: Supply static WAN template when network_manager_active is False template: dest: /etc/systemd/network/IIAB-Static.network src: network/systemd-static-net.j2 - when: wan_ip != "dhcp" and is_ubuntu_16 + when: wan_ip != "dhcp" and ( is_ubuntu_16 or not network_manager_active ) + #when: wan_ip != "dhcp" and not is_ubuntu_18 - name: Stopping services @@ -50,6 +54,4 @@ - name: Restart the systemd-networkd service systemd: name: systemd-networkd - enabled: yes state: restarted - when: not nobridge is defined and not no_net_restart diff --git a/roles/network/templates/hostapd/00-iiab-debug b/roles/network/templates/hostapd/00-iiab-debug new file mode 100644 index 000000000..d1d028d52 --- /dev/null +++ b/roles/network/templates/hostapd/00-iiab-debug @@ -0,0 +1,2 @@ +#!/bin/bash +echo "NET-DISP-$AdministrativeState $IFACE $STATE" diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd new file mode 100644 index 000000000..47a769639 --- /dev/null +++ b/roles/network/templates/hostapd/50-hostapd @@ -0,0 +1,20 @@ + +if [ "$interface" = "wlan0" ]; then + REASON="$reason" + if [ "$reason" = "CARRIER" ]; then + syslog info "50-iiab CARRIER change wlan0" + # wpa_supplicant wants MHz for frequency= while hostapd wants channel..... whatever + # FREQ=`iw wlan0 info|grep channel|cut -d' ' -f9` + FREQ=`iw wlan0 info|grep channel|cut -d' ' -f2` + syslog info "40-iiab set channel $FREQ" + sed -i -e "s/^channel.*/channel=$FREQ /" /etc/hostapd/hostapd.conf + # will need a reboot for hostapd if the channel changed + fi + # spams the logging + #syslog info "50-iiab set ap0 spam $REASON" + if [ -e /sys/class/net/ap0 ] && ! [ "$reason" = "ROUTERADVERT" ]; then + syslog info "50-iiab set ap0 up $REASON" + # keeps ap0 up so hostapd works + ip link set ap0 up + fi +fi diff --git a/roles/network/templates/hostapd/70-persistent-net.rules b/roles/network/templates/hostapd/70-persistent-net.rules new file mode 100644 index 000000000..3ced0ef8b --- /dev/null +++ b/roles/network/templates/hostapd/70-persistent-net.rules @@ -0,0 +1,3 @@ +SUBSYSTEM=="ieee80211", ACTION=="add|change", KERNEL=="phy0", \ + RUN+="/sbin/iw phy phy0 interface add ap0 type __ap", \ + RUN+="/sbin/ip link set ap0 address {{ ap0_mac_addr }}" diff --git a/roles/network/templates/hostapd/hostapd.conf.j2 b/roles/network/templates/hostapd/hostapd.conf.j2 index 9e38ace62..28c558e14 100644 --- a/roles/network/templates/hostapd/hostapd.conf.j2 +++ b/roles/network/templates/hostapd/hostapd.conf.j2 @@ -1,7 +1,6 @@ # Basic configuration -interface={% if iiab_wireless_lan_iface is defined %}{{ iiab_wireless_lan_iface }}{% endif %} - +interface={{ iiab_wireless_lan_iface }} ssid={{ host_ssid }} channel={{ host_channel }} diff --git a/roles/network/templates/hostapd/hostapd.legacy.j2 b/roles/network/templates/hostapd/hostapd.legacy.j2 new file mode 100644 index 000000000..4094b812a --- /dev/null +++ b/roles/network/templates/hostapd/hostapd.legacy.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +Before=network.target +Wants=network-pre.target + +[Service] +Type=idle +PIDFile=/run/hostapd.pid +ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid /etc/hostapd/hostapd.conf + +[Install] +WantedBy=multi-user.target diff --git a/roles/network/templates/hostapd/hostapd.service.j2 b/roles/network/templates/hostapd/hostapd.service.j2 index 4094b812a..a6ec1f79b 100644 --- a/roles/network/templates/hostapd/hostapd.service.j2 +++ b/roles/network/templates/hostapd/hostapd.service.j2 @@ -1,12 +1,30 @@ [Unit] Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -Before=network.target Wants=network-pre.target +After=network-pre.target +{% if is_raspbian %} +Before=dhcpcd.service +{% endif %} +Before=wpa_supplicant.service +Before=wpa_supplicant@{{ discovered_wireless_iface }}.service +{% if network_manager_active %} +Before=network-manager.service +{% endif %} +{% if is_ubuntu and netplan.stdout.find("yaml") != -1 %} +Before=netplan-wpa-{{ discovered_wireless_iface }}.service +{% endif %} +Before=network.target [Service] -Type=idle +Type=forking +Restart=on-failure +RestartSec=2 PIDFile=/run/hostapd.pid -ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid /etc/hostapd/hostapd.conf +ExecStartPre=-/sbin/iw phy phy0 interface add ap0 type __ap +ExecStartPre=-/sbin/ip link set ap0 address {{ ap0_mac_addr }} +ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf +ExecStartPost=-/sbin/ip link set ap0 up +ExecStopPost=-/sbin/iw dev ap0 del [Install] WantedBy=multi-user.target diff --git a/roles/network/templates/hostapd/iiab-hostapd.conf.j2 b/roles/network/templates/hostapd/iiab-hostapd.conf.j2 deleted file mode 100644 index 3cfffc69e..000000000 --- a/roles/network/templates/hostapd/iiab-hostapd.conf.j2 +++ /dev/null @@ -1,32 +0,0 @@ -# Basic configuration - -interface={{ discovered_wireless_iface }} - -ssid={{ host_ssid }} -channel={{ host_channel }} -{%if iiab_lan_iface == "br0" %} -bridge=br0 -{% endif %} - -# Hardware configuration -driver={{ driver_name }} -{%if host_wireless_n %} -ieee80211n=1 -{% endif %} -country_code={{ host_country_code }} -# limit emissions to what is legal in country -ieee80211d=1 -hw_mode={{ host_wifi_mode }} - -{%if hostapd_secure %} -# Use WPA authentication -auth_algs=1 -# Use WPA2 -wpa=2 -# Use a pre-shared key -wpa_key_mgmt=WPA-PSK -# The network passphrase -wpa_passphrase={{ hostapd_password }} -# Use AES, instead of TKIP -rsn_pairwise=CCMP -{% endif %} diff --git a/roles/network/templates/hostapd/netd-disp b/roles/network/templates/hostapd/netd-disp new file mode 100644 index 000000000..af9a7977b --- /dev/null +++ b/roles/network/templates/hostapd/netd-disp @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ "$IFACE" == "{{ discovered_wireless_iface }}" ]; then + echo "NET-DISP-WiFi $IFACE $STATE" + /usr/sbin/ip link set ap0 up +fi + diff --git a/roles/network/templates/network/ap0-manage.conf b/roles/network/templates/network/ap0-manage.conf new file mode 100644 index 000000000..400832df1 --- /dev/null +++ b/roles/network/templates/network/ap0-manage.conf @@ -0,0 +1,3 @@ +# IIAB WiFi +[keyfile] +unmanaged-devices=interface-name:ap0 diff --git a/roles/network/templates/network/dhcpcd.conf.j2 b/roles/network/templates/network/dhcpcd.conf.j2 index f1265b10c..bc8f47ebd 100644 --- a/roles/network/templates/network/dhcpcd.conf.j2 +++ b/roles/network/templates/network/dhcpcd.conf.j2 @@ -38,21 +38,22 @@ require dhcp_server_identifier slaac private # IIAB +denyinterfaces {{ iiab_wireless_lan_iface }} +# Setting iiab_wired_lan_iface would install the device as a slave under +# br0 so we need to turn off the dhcp client in that network layout. +# Auto creation of the wired slave is suppressed in discovered_network.yml +# -> Set iiab_wired_lan_iface if present is conditional on is_raspbian +# Slave creation can be forced by populating local_vars.yml with +# 'iiab_wired_lan_iface: eth0' which populates /etc/network/interfaces.d/iiab +# with 'bridge_ports eth0' in place of 'bridge_ports none' # Always (try) to run DHCP client on RPi's Ethernet port, for in-field # "cablemodems" used by many non-technical operators, who want Zero-Hassle # Updates. This means AVOIDING "denyinterfaces eth0" below: -{% if is_raspbian and hostapd_enabled %} -denyinterfaces{% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }}{% endif %} -{% elif is_raspbian %} -#denyinterfaces{% if discovered_wireless_iface != "none" %} {{ discovered_wireless_iface }}{% endif %} -{% else %} -denyinterfaces{% if iiab_wireless_lan_iface is defined %} {{ iiab_wireless_lan_iface }}{% endif %}{% if iiab_wired_lan_iface is defined %} {{ iiab_wired_lan_iface }}{% endif %} +{% if iiab_wired_lan_iface is defined %} +denyinterfaces {{ iiab_wired_lan_iface }} {% endif %} -# FYI this 'denyinterfaces' line (here in /etc/dhcpcd.conf) is commented out by -# /usr/bin/iiab-hotspot-off, and uncommented by /usr/bin/iiab-hotspot-on - {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %} interface {{ iiab_lan_iface }} static ip_address={{ lan_ip }}/19 diff --git a/roles/network/templates/network/dnsmasq.sh.j2 b/roles/network/templates/network/dnsmasq.sh.j2 index 31700113e..1969f8da5 100755 --- a/roles/network/templates/network/dnsmasq.sh.j2 +++ b/roles/network/templates/network/dnsmasq.sh.j2 @@ -1,5 +1,7 @@ #!/bin/bash if [ "$IFACE" == "{{ iiab_lan_iface }}" ]; then - /bin/systemctl restart dnsmasq.service + echo "Restarting dnsmasq in 5 seconds" + /bin/sleep 5 && /bin/systemctl --no-block restart dnsmasq.service + echo "Restarting dnsmasq" fi diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index 2341c6f5b..7cc396dac 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -1,4 +1,6 @@ #!/bin/bash +{% if is_raspbian %} +# hotspot-off before ap0_updown sed -i -e "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf systemctl disable hostapd systemctl stop hostapd @@ -7,13 +9,24 @@ systemctl stop hostapd systemctl daemon-reload systemctl restart dhcpcd #systemctl restart networking 6/15/2019 TFM removed - +sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} # Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease" # Set wlan0 to promiscuous when AP's OFF (for possible WiFi gateway) # SEE ALSO iiab-hotspot-on + /usr/libexec/iiab-startup.sh # https://github.com/iiab/iiab/issues/638#issuecomment-355455454 -if grep -qi raspbian /etc/*release; then - ip link set dev wlan0 promisc on -fi - +#if grep -qi raspbian /etc/*release; then +# ip link set dev wlan0 promisc on +#fi +{% else %} +systemctl disable hostapd +systemctl stop hostapd sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} +echo " IIAB hotspot access point Disabled" +{% if wifi_up_down %} +exit 0 +{% else %} +sed -i -e "s|managed=0|managed=1|" /etc/NetworkManager/conf.d/wifi-manage.conf +echo -e "\nPlease reboot to enable upstream WiFi access.\n" +exit 0 +{% endif %} +{% endif %} diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/network/iiab-hotspot-on index 9b57c579a..03c038197 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/network/iiab-hotspot-on @@ -1,24 +1,36 @@ #!/bin/bash + +{% if is_raspbian %} +# just do what we have always done in hotspot-on cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf # shut down wlan0 in case connected to network ip link set wlan0 down systemctl enable hostapd -#systemctl enable dnsmasq +#systemctl daemon-reload systemctl daemon-reload systemctl restart dhcpcd -#systemctl restart networking 6/15/2019 TFM removed systemctl start hostapd systemctl start dnsmasq +sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} # Temporary promiscuous-mode workaround for RPi's WiFi "10SEC disease" # Disable "promiscuous" on wlan0 when AP (i.e. no WiFi gateway) # SEE ALSO iiab-hotspot-off + /usr/libexec/iiab-startup.sh # https://github.com/iiab/iiab/issues/638#issuecomment-355455454 -if grep -qi raspbian /etc/*release; then - ip link set dev wlan0 promisc off -fi +#if grep -qi raspbian /etc/*release; then +# ip link set dev wlan0 promisc off +#fi +{% else %} +systemctl enable hostapd sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} - -echo -e "\nPlease consider rebooting now.\n" +{% if wifi_up_down %} +echo -e "\nPlease reboot to activate hostapd feature.\n" +exit 0 +{% else %} +sed -i -e "s|managed=1|managed=0|" /etc/NetworkManager/conf.d/wifi-manage.conf +echo -e "\nPlease reboot to activate hostapd feature.\n" +exit 0 +{% endif %} +{% endif %} diff --git a/roles/network/templates/network/manage.conf.j2 b/roles/network/templates/network/manage.conf.j2 new file mode 100644 index 000000000..ddd857e52 --- /dev/null +++ b/roles/network/templates/network/manage.conf.j2 @@ -0,0 +1,4 @@ +# IIAB WiFi +[device] +match-device=interface-name:{{ discovered_wireless_iface }} +managed=1 diff --git a/roles/network/templates/network/rpi.j2 b/roles/network/templates/network/rpi.j2 index 9e3c1b69b..a2860fb95 100644 --- a/roles/network/templates/network/rpi.j2 +++ b/roles/network/templates/network/rpi.j2 @@ -3,6 +3,8 @@ # gui_desired_network_role is {{ gui_desired_network_role }} {% endif %} {% if iiab_network_mode != "Appliance" %} +# auto wired slave creation is suppressed in detected_network.yml +# 'none' would become the name of the wired slave device. ################# LANCONTROLLER ################### auto br0 iface br0 inet manual diff --git a/roles/network/templates/network/systemd-br0-network.j2 b/roles/network/templates/network/systemd-br0-network.j2 index b3eb787cc..21dd6e1d2 100644 --- a/roles/network/templates/network/systemd-br0-network.j2 +++ b/roles/network/templates/network/systemd-br0-network.j2 @@ -5,6 +5,7 @@ Name=br0 [Network] Address={{ lan_ip }}/19 LinkLocalAddressing=no +ConfigureWithoutCarrier=yes # Commenting the below line as it has been causing race/looping issues between dnsmasq and systemd-resolved # IIAB ticket #1747 #DNS={{ lan_ip }} diff --git a/roles/network/templates/network/systemd-br0-slave.j2 b/roles/network/templates/network/systemd-br0-slave.j2 index 8a31fef2e..15fb5b16e 100644 --- a/roles/network/templates/network/systemd-br0-slave.j2 +++ b/roles/network/templates/network/systemd-br0-slave.j2 @@ -1,5 +1,9 @@ -# /etc/systemd/network/IIAB-Slave.network +# /etc/systemd/network/IIAB-Slave-{{ iiab_wired_lan_iface }}.network [Match] Name={{ iiab_wired_lan_iface }} + +[Link] +RequiredForOnline=no + [Network] Bridge=br0 diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 261d0ac74..6b8edd323 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,7 +10,7 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2020-04-24: +3. Current state of IIAB App/Service migrations as of 2020-04-29: 1. These support "Native" NGINX but ***NOT*** Apache * Admin Console @@ -39,7 +39,7 @@ * nodered 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) - * calibre (menu goes directly to port 8080) [*] + * calibre (menu goes directly to port 8080) * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*] * kalite (menu goes directly to ports 8006-8008) * minetest [*] @@ -47,4 +47,4 @@ * pbx [*] * transmission [*] -[*] The 5 above starred roles could use improvement, as of 2020-04-24. +[*] The 4 above starred roles could use improvement, as of 2020-04-29. diff --git a/scripts/calibre-install-latest-rpi-plus.sh b/scripts/calibre-install-latest-rpi-plus.sh.unused similarity index 100% rename from scripts/calibre-install-latest-rpi-plus.sh rename to scripts/calibre-install-latest-rpi-plus.sh.unused diff --git a/scripts/calibre-install-latest.sh b/scripts/calibre-install-latest.sh.unused similarity index 100% rename from scripts/calibre-install-latest.sh rename to scripts/calibre-install-latest.sh.unused diff --git a/scripts/calibre-install-packages.sh b/scripts/calibre-install-packages.sh.unusued similarity index 100% rename from scripts/calibre-install-packages.sh rename to scripts/calibre-install-packages.sh.unusued diff --git a/scripts/calibre-install-pinned-rpi.sh b/scripts/calibre-install-pinned-rpi.sh.unused similarity index 100% rename from scripts/calibre-install-pinned-rpi.sh rename to scripts/calibre-install-pinned-rpi.sh.unused diff --git a/scripts/calibre-install-unstable.sh b/scripts/calibre-install-unstable.sh.unused similarity index 100% rename from scripts/calibre-install-unstable.sh rename to scripts/calibre-install-unstable.sh.unused diff --git a/vars/centos-7.yml b/vars/centos-7.yml index c57ab58f7..18e99ac54 100644 --- a/vars/centos-7.yml +++ b/vars/centos-7.yml @@ -25,6 +25,3 @@ sshd_service: sshd php_version: 7.0 postgresql_version: 9.5 systemd_location: /usr/lib/systemd/system -# Upgrade OS's own Calibre to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/debian-10.yml b/vars/debian-10.yml index 9780612da..3dc80fa27 100644 --- a/vars/debian-10.yml +++ b/vars/debian-10.yml @@ -25,6 +25,3 @@ sshd_service: ssh php_version: 7.3 postgresql_version: 11 systemd_location: /lib/systemd/system -# Upgrade OS's own Calibre to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/debian-8.yml b/vars/debian-8.yml index bb23c04b0..e1713a1df 100644 --- a/vars/debian-8.yml +++ b/vars/debian-8.yml @@ -24,6 +24,3 @@ sshd_service: ssh php_version: 5 postgresql_version: 9.4 systemd_location: /lib/systemd/system -# Upgrade OS's own Calibre to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/debian-9.yml b/vars/debian-9.yml index 19ef67bb3..ac1fc1b73 100644 --- a/vars/debian-9.yml +++ b/vars/debian-9.yml @@ -25,6 +25,3 @@ sshd_service: ssh php_version: 7.0 postgresql_version: 9.6 systemd_location: /lib/systemd/system -# Upgrade OS's own Calibre to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 90fbf7ca8..953e7d51c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -98,9 +98,8 @@ hostapd_enabled: True # Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is # being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes # and content is downloaded, to enable the internal WiFi Access Point / AP!) -reboot_to_AP: False -# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above -# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless. +wifi_up_down: True # Creates a second virtual wifi adapter for WiFi upstream to internet + # as well as classroom hotspot, use iiab_gateway_enabled for pass through # Gateway mode iiab_lan_enabled: True diff --git a/vars/fedora-18.yml b/vars/fedora-18.yml index ca863a016..f35a81364 100644 --- a/vars/fedora-18.yml +++ b/vars/fedora-18.yml @@ -26,6 +26,3 @@ sshd_service: sshd nextcloud_install: False nextcloud_enabled: False systemd_location: /usr/lib/systemd/system -# Upgrade OS's own Calibre to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/fedora-22.yml b/vars/fedora-22.yml index 2c8ec05b6..6dcfa4337 100644 --- a/vars/fedora-22.yml +++ b/vars/fedora-22.yml @@ -22,6 +22,3 @@ apache_log: /var/log/httpd/access_log sshd_package: openssh-server sshd_service: sshd systemd_location: /usr/lib/systemd/system -# Upgrade OS's own Calibre to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 24ef93c34..e69e4c303 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -46,6 +46,8 @@ host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme +wifi_up_down: True # Creates a second virtual wifi adapter for WiFi upstream to internet + # as well as classroom hotspot, use iiab_gateway_enabled for pass through # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO wan_ip: dhcp # wan_ip: 192.168.1.99 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index b8f66307b..d2a33a1a6 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -46,6 +46,8 @@ host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme +wifi_up_down: True # Creates a second virtual wifi adapter for WiFi upstream to internet + # as well as classroom hotspot, use iiab_gateway_enabled for pass through # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO wan_ip: dhcp # wan_ip: 192.168.1.99 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 8918cd634..eb8cb8ca3 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -46,6 +46,8 @@ host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme +wifi_up_down: True # Creates a second virtual wifi adapter for WiFi upstream to internet + # as well as classroom hotspot, use iiab_gateway_enabled for pass through # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO wan_ip: dhcp # wan_ip: 192.168.1.99 diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml index 1f156a007..3c73327bc 100644 --- a/vars/raspbian-10.yml +++ b/vars/raspbian-10.yml @@ -27,11 +27,6 @@ sshd_service: ssh php_version: 7.3 postgresql_version: 11 systemd_location: /lib/systemd/system -# Upgrade Raspbian Buster's Calibre 3.x: (via role/calibre/tasks/debs.yml, -# with .deb's released about 5-10 days after Calibre's quasi-monthly releases) -calibre_via_debs: True -# roles/calibre/tasks/py-installer.yml FAILS on ARM as of 2018-05-10: -calibre_via_python: False # minetest for rpi minetest_server_bin: /library/games/minetest/bin/minetestserver diff --git a/vars/raspbian-8.yml b/vars/raspbian-8.yml index 1d5e190e3..94d628895 100644 --- a/vars/raspbian-8.yml +++ b/vars/raspbian-8.yml @@ -26,8 +26,3 @@ sshd_service: ssh php_version: 5 postgresql_version: 9.4 systemd_location: /lib/systemd/system -# Upgrade Raspbian Jessie's Calibre 2.5.0: (via role/calibre/tasks/debs.yml, -# with .deb's released about 5-10 days after Calibre's quasi-monthly releases) -calibre_via_debs: True -# roles/calibre/tasks/py-installer.yml FAILS on ARM as of 2018-05-10: -calibre_via_python: False diff --git a/vars/raspbian-9.yml b/vars/raspbian-9.yml index 069afaac9..d25755700 100644 --- a/vars/raspbian-9.yml +++ b/vars/raspbian-9.yml @@ -27,11 +27,6 @@ sshd_service: ssh php_version: 7.0 postgresql_version: 9.6 systemd_location: /lib/systemd/system -# Upgrade Raspbian Stretch's Calibre 2.75.1: (via role/calibre/tasks/debs.yml, -# with .deb's released about 5-10 days after Calibre's quasi-monthly releases) -calibre_via_debs: True -# roles/calibre/tasks/py-installer.yml FAILS on ARM as of 2018-05-10: -calibre_via_python: False # minetest for rpi minetest_server_bin: /library/games/minetest/bin/minetestserver diff --git a/vars/ubuntu-16.yml b/vars/ubuntu-16.yml index 96312974a..5c1cdeb7e 100644 --- a/vars/ubuntu-16.yml +++ b/vars/ubuntu-16.yml @@ -25,6 +25,3 @@ sshd_service: ssh php_version: 7.0 postgresql_version: 9.5 systemd_location: /lib/systemd/system -# Upgrade Ubuntu 16.04's Calibre 2.55.0 to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/ubuntu-17.yml b/vars/ubuntu-17.yml index 751b16706..ff03515e0 100644 --- a/vars/ubuntu-17.yml +++ b/vars/ubuntu-17.yml @@ -26,6 +26,3 @@ sshd_service: ssh php_version: 7.1 postgresql_version: 9.6 systemd_location: /lib/systemd/system -# Upgrade Ubuntu 17.10's Calibre 3.7.0 to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/ubuntu-18.yml b/vars/ubuntu-18.yml index 1b5579da8..32b0923b6 100644 --- a/vars/ubuntu-18.yml +++ b/vars/ubuntu-18.yml @@ -27,6 +27,3 @@ php_version: 7.2 # "postgresql_version: 10.3" fails (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 18.04) postgresql_version: 10 systemd_location: /lib/systemd/system -# Upgrade Ubuntu 18.04's Calibre 3.21.0 to very latest: -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/ubuntu-19.yml b/vars/ubuntu-19.yml index 348146c67..ac6ccda75 100644 --- a/vars/ubuntu-19.yml +++ b/vars/ubuntu-19.yml @@ -27,6 +27,3 @@ php_version: 7.3 # "postgresql_version: 11.2" fails (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 19.04) postgresql_version: 11 systemd_location: /lib/systemd/system -# Upgrade Ubuntu 19.x's Calibre 3.39.1+ to very latest -calibre_via_debs: False -calibre_via_python: True diff --git a/vars/ubuntu-20.yml b/vars/ubuntu-20.yml index de8990863..f58ba79ed 100644 --- a/vars/ubuntu-20.yml +++ b/vars/ubuntu-20.yml @@ -27,6 +27,3 @@ php_version: 7.4 # "postgresql_version: 11.2" failed (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 19.04) postgresql_version: 12 systemd_location: /lib/systemd/system -# Upgrade Ubuntu 20.04's Calibre 4.x to very latest...for now? -calibre_via_debs: False -calibre_via_python: True