diff --git a/roles/1-prep/tasks/computed_vars.yml b/roles/1-prep/tasks/computed_vars.yml index bbd7b8091..f9fb64852 100644 --- a/roles/1-prep/tasks/computed_vars.yml +++ b/roles/1-prep/tasks/computed_vars.yml @@ -47,14 +47,51 @@ file: path=/tmp/heart-beat.txt state=absent -- name: no prior domain name +- name: set FQDN set_fact: - iiab_domain: "{{ iiab_domain }}" - iiab_hostname: "{{ iiab_hostname }}" + iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" + FQDN_changed: False + +- name: FQDN changed + set_fact: + FQDN_changed: True + when: iiab_fqdn != ansible_fqdn # Now check FQDN - include: roles/2-common/tasks/hostname.yml - when: not first_run and "iiab_hostname.iiab_domain" != ansible_fqdn + when: not first_run and FQDN_changed + +# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate +- name: Finding gateway + set_fact: + discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: 'ansible_default_ipv4.gateway is defined' + +- name: Verify gateway present + shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" &> /dev/null ; echo $? + when: discovered_wan_iface != "none" + register: gw_active_test + +- name: Recording gateway response + set_fact: + gw_active: True + when: discovered_wan_iface != "none" and gw_active_test.stdout == "0" + +- name: Test for internet access + get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt + ignore_errors: True +# async: 10 +# poll: 2 + register: internet_access_test + +- name: Set internet_available true if wget succeeded + set_fact: + internet_available: True + when: not internet_access_test|failed and not disregard_network + +- name: Cleanup internet test file + file: path=/tmp/heart-beat.txt + state=absent # Put all computed vars here so derive properly from any prior var file - name: If the TZ is not set in env, set it to UTC @@ -190,3 +227,9 @@ value: '{{ gw_active }}' - option: 'internet_available' value: '{{ internet_available }}' + - option: 'first_run' + value: '{{ first_run }}' + - option: 'local_tz' + value: '{{ local_tz }}' + - option: 'FQDN_changed' + value: '{{ FQDN_changed }}' diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index a7fd839d8..6f5f7ce1d 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,7 +1,7 @@ - name: iiab_wan_device - shell: "cat /etc/sysconfig/iiab_wan_device" - register: prior_gw + shell: grep IIAB_WAN_DEVICE /etc/iiab/iiab.env | awk -F "=" '{print $2}' when: not first_run + register: prior_gw - name: Checking for old device gateway interface for device test set_fact: diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index ab3f82733..e24bcb142 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -70,8 +70,10 @@ when: not dansguardian_enabled and dansguardian_install - name: Create xs_httpcache flag - shell: echo 1 > /etc/sysconfig/xs_httpcache_on - creates=/etc/sysconfig/xs_httpcache_on + lineinfile: dest=/etc/iiab/iiab.env + regexp='^HTTPCACHE_ON=*' + line='HTTPCACHE_ON=True' + state=present when: squid_enabled and squid_install - name: Enable Squid service @@ -105,8 +107,10 @@ when: not squid_enabled and squid_install - name: Remove xs_httpcache flag - file: path=/etc/sysconfig/xs_httpcache_on - state=absent + lineinfile: dest=/etc/iiab/iiab.env + regexp='^HTTPCACHE_ON=*' + line='HTTPCACHE_ON=False' + state=present when: not squid_enabled - name: Enable Wondershaper service diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index b9ad86872..e1fe66ea7 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -81,17 +81,26 @@ - network when: is_debuntu and is_rpi and not installing -- name: Create IIAB network flags - template: src=network/{{ item }}.j2 - dest=/etc/sysconfig/{{ item }} - mode=0644 - with_items: - - iiab_wan_device - - iiab_lan_device +- name: Record iiab_wan_device + lineinfile: dest=/etc/iiab/iiab.env + regexp='^IIAB_WAN_DEVICE=*' + line='IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"' + state=present when: not installing tags: - network +- name: Record iiab_lan_device + lineinfile: dest=/etc/iiab/iiab.env + regexp='^IIAB_LAN_DEVICE=*' + line='IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"' + state=present + when: not installing + tags: + - network + +#### end network layout +#### start services - include_tasks: computed_services.yml tags: - network diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 63f3a20ff..284db36ef 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -1,4 +1,5 @@ #!/bin/bash -x +source /etc/iiab/iiab.env {% if is_debuntu %} IPTABLES=/sbin/iptables IPTABLES_DATA=/etc/iptables.up.rules @@ -6,8 +7,8 @@ IPTABLES_DATA=/etc/iptables.up.rules IPTABLES=/usr/sbin/iptables IPTABLES_DATA=/etc/sysconfig/iptables {% endif %} -LANIF=`cat /etc/sysconfig/iiab_lan_device` -WANIF=`cat /etc/sysconfig/iiab_wan_device` +LANIF=$IIAB_LAN_DEVICE +WANIF=$IIAB_WAN_DEVICE MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` clear_fw() { @@ -33,7 +34,7 @@ $IPTABLES -A INPUT -p tcp --dport 5984 -j DROP $IPTABLES -A INPUT -p udp --dport 5984 -j DROP } -if [ "x$WANIF" == "x" ] || [ "$MODE" == 'Appliance' ]; then +if [ "x$WANIF" == "xnone" ] || [ "$MODE" == 'Appliance' ]; then clear_fw # save the rule set {% if is_debuntu %} @@ -119,7 +120,7 @@ if [ "$captive_portal_enabled" == "True" ];then $IPTABLES -t mangle -A internet -j MARK --set-mark 99 $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }} -elif [ -f /etc/sysconfig/xs_httpcache_on ]; then +elif [ "$HTTPCACHE_ON" == "True" ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128 fi