Allow for network role to be fully optional, building on PR #3173

[holta]

This is @jvonau's PR #3145 with a few adjustments building on:

• PR Allow for network role to be fully optional #3173

Lightly tested on 64-bit RasPiOS Lite on RPi 4.

Related:

• How many of these 10 sysctl {kernel, IPv4, IPv6} tweaks are still needed ~5 years later? #2650

[holta]

I'd also like to test this PR on Ubuntu Desktop 22.04[*] on RPi 4. Possibly that's good enough?

What aspects most need to be tested? (Beyond basic hotspot functionality.)

[*] An OS that's a bit overweight so it will take time to download + unpack + install etc.

[jvonau]

iiab/iiab-factory#231

[jvonau]

Why 91046a4 when in #3286 (comment) the advantage was pointed out of having the install role in that location?

[holta]

test this PR on Ubuntu Desktop 22.04[*] on RPi 4

Done, with iiab-diagnostics output here: http://sprunge.us/jzV7JG?en

1. Do we care that 10.8.0.34 appears twice?

root@183-u2204-rpi4:~# hostname -I
192.168.0.183 10.8.0.34 10.8.0.34 10.10.10.10

2. Unfortunately Ubuntu Desktop still takes a long time to install on Raspberry Pi 4, as in years past.

[holta]

Why 91046a4 when in #3286 (comment) the advantage was pointed out of having the install role in that location?

A painfully long delay[*] before installing sshd, and remote access essentials (OpenVPN, remote.it) and similar support/diagnostic "bootstrapping tools" at the beginning of Stage 1 is a bad idea.

[*] Installing 12+ networking tools (possibly including Squid, and configuring /etc/sysctl.conf) are just not quite as urgent as the above.

[holta]

@tim-moody @georgejhunt I'd like to merge this today — so doc refinement can begin — if you do not see any serious risks/problems?

[jvonau]

test this PR on Ubuntu Desktop 22.04[*] on RPi 4

Done: http://sprunge.us/jzV7JG?en

1. Do we care that 10.8.0.34 appears twice?

root@183-u2204-rpi4:~# hostname -I
192.168.0.183 10.8.0.34 10.8.0.34 10.10.10.10

 919 4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
 920     link/none 
 921     inet 10.8.0.34 peer 10.8.0.33/32 scope global tun0
 922        valid_lft forever preferred_lft forever
 923     inet 10.8.0.34/32 scope global noprefixroute tun0
 924        valid_lft forever preferred_lft forever

ubuntu@libraryimg:~$ hostname -I
192.168.122.240 10.8.0.42 

4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet 10.8.0.42 peer 10.8.0.41/32 scope global tun0
       valid_lft forever preferred_lft forever

Top is jzV7JG?en bottom 2 are multipass vm, Is that second route present after a reboot?

2. Unfortunately Ubuntu Desktop still takes a _long_ time to install on Raspberry Pi 4, as in years past.

On any budget hardware the initial install/boot is slow, but in the long run you get a more pristine engineered install with some security in mind.

[holta]

should [ /etc/hosts ] first entry match just hostname and domain move to after localhost?

line: '127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan'

Good question (I don't know what's best). Post another PR if possible?

[jvonau]

Your ball game now, you figure it out.

[jvonau]

#1815 is the starting point for the thread. #2904 for some more issues

[holta]

Recap:

1. box.lan does not resolve at the command-line (IIAB installed on Debian 10 Buster VM) #1815 was solved by...

   • PR Make Ansible happy [so box.lan resolves on Debian 10 Buster] #1847

2. "IIAB destroys the Internet connection" [due to periods in /etc/hostname ?] #2904 was solved by...

   • PR Try box.lan -> box in /etc/hostname, for #2904 #2973

[jvonau]

The '127.0.0.1 box.lan hack in /etc/hosts' was more to ease the need for rewriting documentation, where what would be needed to be entered in the browser's address bar 'localhost' on the iiab box with a desktop vs 'box' or 'box.lan' from a client on the LAN could be the same was the excuse that was made for the hack at that point of time in the past. #8

[holta]

Thanks @jvonau for digging up these prior tickets that explain how http://box and http://box.lan are critical — e.g. when schools/clinics/etc are onboarding new people (who often struggle even with their own smartphone).

[holta]

Is that second route present after a reboot?

Good news, it goes away after reboot:

root@box:~# hostname -I
192.168.0.183 10.10.10.10 10.8.0.34

[holta]

It's been almost 24h so let's give this PR a shot.