-
Notifications
You must be signed in to change notification settings - Fork 76
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2185 from holta/uwsgi
- Loading branch information
Showing
12 changed files
with
177 additions
and
152 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| # 2020-01-22: Package 'uwsgi' is installed by nginx/tasks/install.yml for | ||
| # Captive Portal (responds to browsers trying to detect a Captive Portal) and | ||
| # also for Admin Console. | ||
|
|
||
| # IIAB makes the 'uwsgi' service mandatory for now (see Line 45) but this could | ||
| # perhaps be auto-disabled in future (or never installed?) e.g. if Captive | ||
| # Portal + Admin Console are both unneeded...and impact of uWSGI is too high ? | ||
|
|
||
| - name: Stop 'uwsgi' systemd service (may include 3 child processes for Captive Portal, and 3 child processes for Admin Console) | ||
| systemd: | ||
| name: uwsgi | ||
| state: stopped | ||
|
|
||
| - name: Install /etc/uwsgi/apps-enabled/captiveportal.ini from template (if captiveportal_enabled) | ||
| template: | ||
| src: captiveportal.ini.j2 | ||
| dest: /etc/uwsgi/apps-enabled/captiveportal.ini | ||
| when: captiveportal_enabled | bool | ||
|
|
||
| - name: Delete /etc/uwsgi/apps-enabled/captiveportal.ini (if not captiveportal_enabled) | ||
| file: | ||
| path: /etc/uwsgi/apps-enabled/captiveportal.ini | ||
| state: absent | ||
| when: not captiveportal_enabled | ||
|
|
||
| - name: Symlink /etc/nginx/sites-enabled/capture.conf -> /etc/nginx/sites-available/capture.conf to enable NGINX to service the sites in checkurls list (if captiveportal_enabled) | ||
| file: | ||
| src: /etc/nginx/sites-available/capture.conf | ||
| path: /etc/nginx/sites-enabled/capture.conf | ||
| state: link | ||
| when: captiveportal_enabled | bool | ||
|
|
||
| - name: Delete symlink /etc/nginx/sites-enabled/capture.conf to disable NGINX to location definitions for checkurls (if not captiveportal_enabled) | ||
| file: | ||
| path: /etc/nginx/sites-enabled/capture.conf | ||
| state: absent | ||
| when: not captiveportal_enabled | ||
|
|
||
| - name: Delete /etc/dnsmasq.d/capture to make sure dnsmasq is not diverting (if not captiveportal_enabled) | ||
| file: | ||
| path: /etc/dnsmasq.d/capture | ||
| state: absent | ||
| when: not captiveportal_enabled | ||
|
|
||
| # Let's assume (for now) that Admin Console was/will be installed. Disabling of | ||
| # uWSGI's service can be implemented later as nec, e.g. if CP+AC both disabled? | ||
| - name: Start & Enable 'uwsgi' systemd service (may include 3 child processes for Captive Portal, and 3 child processes for Admin Console) | ||
| systemd: | ||
| name: uwsgi | ||
| daemon_reload: yes | ||
| state: started | ||
| enabled: true | ||
|
|
||
| # Unify 2 stanzas below ('state: restarted') when we end Ubuntu 16.04 support. | ||
| - name: Stop 'dnsmasq' systemd service (if dnsmasq_enabled) | ||
| systemd: | ||
| name: dnsmasq | ||
| state: stopped | ||
| when: dnsmasq_enabled | bool | ||
|
|
||
| - name: Start 'dnsmasq' systemd service (if dnsmasq_enabled) | ||
| systemd: | ||
| name: dnsmasq | ||
| state: started | ||
| when: dnsmasq_enabled | bool |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| - name: "Download & install packages: python3-dateutil, python3-jinja2" | ||
| package: | ||
| name: "{{ item }}" | ||
| state: present | ||
| with_items: | ||
| - python3-dateutil | ||
| - python3-jinja2 | ||
|
|
||
| - name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }} | ||
| file: | ||
| path: /opt/iiab/captiveportal | ||
| state: directory | ||
| owner: "{{ apache_user }}" | ||
|
|
||
| - name: mkdir /var/log/captiveportal for logs, set ownership {{ apache_user }}:{{ apache_user }}, set mode '0750' | ||
| file: | ||
| path: /var/log/captiveportal | ||
| state: directory | ||
| owner: "{{ apache_user }}" | ||
| group: "{{ apache_user }}" | ||
| mode: '0750' # Same as /var/log/apache2 | ||
|
|
||
| - name: "Install 3 scripts from template: /opt/iiab/captiveportal/checkurls, /usr/sbin/iiab-divert-to-nginx, /usr/sbin/iiab-make-cp-servers.py" | ||
| template: | ||
| src: "{{ item.src }}" | ||
| dest: "{{ item.dest }}" | ||
| mode: "{{ item.mode }}" | ||
| with_items: | ||
| - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' } | ||
| - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' } | ||
| - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' } | ||
|
|
||
| - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server) | ||
| template: | ||
| src: capture-wsgi.py.j2 | ||
| dest: /opt/iiab/captiveportal/capture-wsgi.py | ||
| mode: '0755' | ||
|
|
||
| - name: Copy files {simple.template, mac.template} into /opt/iiab/captiveportal/ | ||
| copy: | ||
| src: "{{ item }}" | ||
| dest: /opt/iiab/captiveportal/ | ||
| with_items: | ||
| - simple.template | ||
| - mac.template | ||
|
|
||
| - name: Run iiab-divert-to-nginx to generate diversion lists for NGINX | ||
| shell: /usr/sbin/iiab-divert-to-nginx | ||
|
|
||
| - name: Run iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf) | ||
| command: /usr/sbin/iiab-make-cp-servers.py | ||
| args: | ||
| creates: /etc/nginx/sites-available/capture.conf | ||
|
|
||
| - name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}" | ||
| lineinfile: | ||
| dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml | ||
| regexp: '^captiveportal_installed' | ||
| line: 'captiveportal_installed: True' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,128 +1,46 @@ | ||
| # TO DO: move ~7 stanzas below into tasks/install.yml | ||
|
|
||
| - name: "Download & install packages: python3-dateutil, python3-jinja2" | ||
| package: | ||
| name: "{{ item }}" | ||
| state: present | ||
| with_items: | ||
| - python3-dateutil | ||
| - python3-jinja2 | ||
|
|
||
| - name: Create directory /opt/iiab/captiveportal for scripts & templates; set owner to {{ apache_user }} | ||
| file: | ||
| path: /opt/iiab/captiveportal | ||
| state: directory | ||
| owner: "{{ apache_user }}" | ||
|
|
||
| - name: "Install 3 scripts from template: /opt/iiab/captiveportal/checkurls, /usr/sbin/iiab-make-cp-servers.py, /usr/sbin/iiab-divert-to-nginx" | ||
| template: | ||
| src: "{{ item.src }}" | ||
| dest: "{{ item.dest }}" | ||
| mode: "{{ item.mode }}" | ||
| with_items: | ||
| - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' } | ||
| - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' } | ||
| - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' } | ||
|
|
||
| - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template (creates the server) | ||
| template: | ||
| src: capture-wsgi.py.j2 | ||
| #src: roles/captiveportal/templates/capture-wsgi.py.j2 | ||
| dest: /opt/iiab/captiveportal/capture-wsgi.py | ||
| mode: '0755' | ||
|
|
||
| - name: Copy files {simple.template, mac.template} into /opt/iiab/captiveportal/ | ||
| copy: | ||
| src: "{{ item }}" | ||
| dest: /opt/iiab/captiveportal/ | ||
| # "How do i fail a task in Ansible if the variable contains a boolean value? | ||
| # I want to perform input validation for Ansible playbooks" | ||
| # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 | ||
|
|
||
| # If 0-init/tasks/validate_vars.yml has DEFINITELY been run (?) perhaps no need | ||
| # to re-check whether vars are defined here. As Ansible vars cannot be unset: | ||
| # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible | ||
|
|
||
| - name: Assert that "captiveportal_install is sameas true" (boolean not string etc) | ||
| assert: | ||
| that: captiveportal_install is sameas true | ||
| fail_msg: "PLEASE SET 'captiveportal_install: True' e.g. in: /etc/iiab/local_vars.yml" | ||
| quiet: yes | ||
| #that: captiveportal_install is defined and captiveportal_install is sameas true | ||
| #success_msg: captiveportal_install is defined and captiveportal_install is sameas true | ||
|
|
||
| - name: Assert that "captiveportal_enabled | type_debug == 'bool'" (boolean not string etc) | ||
| assert: | ||
| that: captiveportal_enabled | type_debug == 'bool' | ||
| fail_msg: "PLEASE GIVE VARIABLE 'captiveportal_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml" | ||
| quiet: yes | ||
| #that: captiveportal_enabled is defined and captiveportal_enabled | type_debug == 'bool' | ||
| #success_msg: captiveportal_enabled is defined and captiveportal_enabled | type_debug == 'bool' | ||
|
|
||
| - name: Install Captive Portal if 'captiveportal_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml | ||
| include_tasks: install.yml | ||
| when: captiveportal_installed is undefined | ||
|
|
||
| - name: Enable or Disable Captive Portal | ||
| include_tasks: enable-or-disable.yml | ||
|
|
||
| - name: Add 'captiveportal' variable values to {{ iiab_ini_file }} | ||
| ini_file: | ||
| path: "{{ iiab_ini_file }}" | ||
| section: captiveportal | ||
| option: "{{ item.option }}" | ||
| value: "{{ item.value | string }}" | ||
| with_items: | ||
| - simple.template | ||
| #- roles/captiveportal/files/simple.template | ||
| - mac.template | ||
| #- roles/captiveportal/files/mac.template | ||
|
|
||
| - name: Install uWSGI config file /opt/iiab/captiveportal/captiveportal.ini from template | ||
| template: | ||
| src: captiveportal.ini.j2 | ||
| #src: roles/captiveportal/templates/captiveportal.ini.j2 | ||
| dest: /opt/iiab/captiveportal/captiveportal.ini | ||
|
|
||
| - name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}" | ||
| lineinfile: | ||
| dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml | ||
| regexp: '^captiveportal_installed' | ||
| line: 'captiveportal_installed: True' | ||
|
|
||
| # TO DO: move most/all 7-10 stanzas below into enable-or-disable.yml | ||
|
|
||
| - name: Install /etc/systemd/system/uwsgi-captiveportal.service from template | ||
| template: | ||
| src: uwsgi-captiveportal.service | ||
| #src: roles/captiveportal/templates/uwsgi-captiveportal.service | ||
| dest: /etc/systemd/system/ | ||
|
|
||
| - name: Restart & Enable 'uwsgi-captiveportal' systemd service (uWSGI server) that responds to browsers trying to detect a Captive Portal | ||
| systemd: | ||
| name: uwsgi-captiveportal | ||
| daemon_reload: yes | ||
| state: restarted | ||
| enabled: True | ||
| when: captiveportal_enabled | bool | ||
|
|
||
| - name: Stop & Disable 'uwsgi-captiveportal' systemd service (uWSGI server) if Captive Portal has been disabled | ||
| systemd: | ||
| name: uwsgi-captiveportal | ||
| state: stopped | ||
| enabled: False | ||
| when: not captiveportal_enabled | ||
|
|
||
| - name: Run iiab-divert-to-nginx to generate diversion lists for NGINX | ||
| shell: /usr/sbin/iiab-divert-to-nginx | ||
|
|
||
| - name: Run iiab-make-cp-servers.py to generate NGINX servers from checkurls input list (creates /etc/nginx/sites-available/capture.conf) | ||
| command: /usr/sbin/iiab-make-cp-servers.py | ||
| args: | ||
| creates: /etc/nginx/sites-available/capture.conf | ||
|
|
||
| - name: Symlink /etc/nginx/sites-enabled/capture.conf -> /etc/nginx/sites-available/capture.conf, to enable NGINX to service the sites in checkurls list | ||
| file: | ||
| src: /etc/nginx/sites-available/capture.conf | ||
| path: /etc/nginx/sites-enabled/capture.conf | ||
| state: link | ||
| when: captiveportal_enabled | bool | ||
|
|
||
| - name: Delete symlink /etc/nginx/sites-enabled/capture.conf, to disable NGINX to location definitions for checkurls | ||
| file: | ||
| #src: /etc/nginx/sites-available/capture.conf | ||
| path: /etc/nginx/sites-enabled/capture.conf | ||
| state: absent | ||
| when: not captiveportal_enabled | ||
|
|
||
| - name: Make sure dnsmasq is not diverting if not captiveportal_enabled | ||
| file: | ||
| path: /etc/dnsmasq.d/capture | ||
| state: absent | ||
| when: not captiveportal_enabled | ||
|
|
||
| #- name: Restart dnsmasq | ||
| # systemd: | ||
| # name: dnsmasq | ||
| # state: restarted | ||
| # when: dnsmasq_enabled | bool | ||
|
|
||
| # ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!) | ||
|
|
||
| - name: Stop 'dnsmasq' systemd service | ||
| systemd: | ||
| name: dnsmasq | ||
| state: stopped | ||
| when: dnsmasq_enabled | bool | ||
|
|
||
| - name: Start 'dnsmasq' systemd service | ||
| systemd: | ||
| name: dnsmasq | ||
| state: started | ||
| when: dnsmasq_enabled | bool | ||
|
|
||
| # TO DO: add important captiveportal_* variable values to {{ iiab_ini_file }} = | ||
| # /etc/iiab/iiab.ini at the end of main.yml here, for /usr/bin/iiab-diagnostics | ||
| - option: name | ||
| value: Captive Portal | ||
| - option: description | ||
| value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' | ||
| - option: installed | ||
| value: "{{ captiveportal_install }}" | ||
| - option: enabled | ||
| value: "{{ captiveportal_enabled }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters