Git Product home page Git Product logo

ansible-openwisp-wifi-login-pages's Introduction

ansible-openwisp-wifi-login-pages

Ansible OpenWISP WiFi Login Pages CI Build

Ansible role to deploy and manage openwisp-wifi-login-pages.

Required variables:

  • wifi_login_pages_domains: a list with the hostname where the app will be reachable.
  • wifi_login_pages_organizations_src: local path of the directory containing the configuration of the organizations

Usage (tutorial)

If you don't know how to use ansible, don't panic, this procedure will guide you towards a fully working basic openwisp-wifi-login-pages installation.

If you already know how to use ansible, you can skip this tutorial.

First of all you need to understand two key concepts:

  • for "production server" we mean a server (not a laptop or a desktop computer!) with public ipv4 / ipv6 which is used to host openwisp2
  • for "local machine" we mean the host from which you launch ansible, eg: your own laptop

Ansible is a configuration management tool that works by entering production servers via SSH, so you need to install it and configure it on the machine where you launch the deployment and this machine must be able to SSH into the production server.

Ansible will be run on your local machine and from there it will connect to the production server to install openwisp-wifi-login-pages.

Install ansible

Install ansible (version 2.13 or higher) on your local machine (not the production server!) if you haven't done already.

To install ansible we suggest you follow the official ansible installation guide. It is recommended to install ansible through a virtual environment to avoid dependency issues.

Please ensure that you have the correct version of Jinja installed in your Python environment:

pip install Jinja>=2.11

Choose a working directory

Choose a working directory on your local machine where to put the configuration of openwisp-wifi-login-pages.

This will be useful when you will need to upgrade openwisp-wifi-login-pages.

Eg:

mkdir ~/openwisp-wifi-login-pages-ansible-playbook
cd ~/openwisp-wifi-login-pages-ansible-playbook

Putting this working directory under version control is also a very good idea.

Install ansible role from ansible-galaxy

ansible-galaxy install openwisp.wifi_login_pages

Create inventory file

The inventory file is where group of servers are defined. In our simple case we can get away with defining just one group in which we will put just one server.

Create a new file called hosts in your local machine's working directory (the directory just created in the previous step), with the following contents:

[openwisp-wifi-login-pages]
openwisp-wifi-login-pages.mydomain.com

Create playbook file

Create a new playbook file playbook.yml on your local machine with the following contents:

- hosts: openwisp-wifi-login-pages
  become: "{{ become | default('yes') }}"
  roles:
    - openwisp.wifi_login_pages
  vars:
    wifi_login_pages_domains: ["wifi.openwisp.org"]

The line become: "{{ become | default('yes') }}" means ansible will use the sudo program to run each command. You may remove this line if you don't need it (eg: if you are using the root user on the production server).

You may replace openwisp-wifi-login-pages on the hosts field with your production server's hostname if you desire.

The wifi_login_pages_domains is only required vars. It is a list with the hostname where the app will be reachable.

Run the playbook

Now is time to deploy openwisp-wifi-login-pages to the production server.

Run the playbook from your local machine with:

ansible-playbook -i hosts playbook.yml -u <user> -k --become -K

Substitute <user> with your production server's username.

The -k argument will need the sshpass program.

You can remove -k, --become and -K if your public SSH key is installed on the server.

Tips:

  • If you have an error like Authentication or permission failure then try to use root user ansible-playbook -i hosts playbook.yml -u root -k
  • If you have an error about adding the host's fingerprint to the known_hosts file, you can simply connect to the host via SSH and answer yes when prompted; then you can run ansible-playbook again.

Deploy organizations configurations and assets

For deploying organization YAML config files and their related static assets (logo, CSS, etc), proceed with the following steps:

Step 1: Change directory to ansible playbook file.

cd <path_to_playbook_file >

Step 2: Create the directory files.

mkdir files

Step 3: Copy all the organizations configuration and assets from organizations directory to the files/owlp_organizations.

cp -r <path_to_organizations_directory> files/owlp_organizations

Deploy translations

For deploying normal and custom translations copy all the translations from i18n directory to the files/owlp_i18n.

cp -r <path_to_i18n_directory> files/owlp_i18n

Now run the playbook and the files will be uploaded to remote.

Deploying custom static content

For deploying custom static content (HTML files, PDF, etc.) add all the static content inside files/owlp_static directory. The files inside owlp_static will be uploaded to remote static directory while running the playbook.

How to run tests

If you want to contribute to ansible-openwisp-wifi-login-pages you should run tests in your development environment to ensure your changes are not breaking anything.

To do that, proceed with the following steps:

Step 1: Clone ansible-openwisp-wifi-login-pages

Clone repository by:

git clone https://github.com/<your_fork>/ansible-openwisp-wifi-login-pages.git

Step 2: Install docker

If you haven't installed docker yet, you need to install it (example for linux debian/ubuntu systems):

sudo apt-get install docker.io

Step 3: Install molecule and dependences

pip install molecule[docker] yamllint ansible-lint docker

Step 4: Download docker images

docker pull geerlingguy/docker-ubuntu2404-ansible:latest
docker pull geerlingguy/docker-ubuntu2204-ansible:latest
docker pull geerlingguy/docker-ubuntu2004-ansible:latest
docker pull geerlingguy/docker-debian11-ansible:latest
docker pull geerlingguy/docker-debian12-ansible:latest

Step 5: Install ansible dependencies

ansible-galaxy collection install community.docker

Step 6: Run molecule test

molecule test -s local

If you don't get any error message it means that the tests ran successfully without errors.

ProTip: Use molecule test --destroy=never to speed up subsequent test runs.

ansible-openwisp-wifi-login-pages's People

Contributors

codesankalp avatar neerajsati avatar nemesifier avatar pandafy avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

codesankalp neerajsati ghostfreak-077 bridgecrew-perf7 ericcleptonsilva luxxluciano

ansible-openwisp-wifi-login-pages's Issues

[feature] Easily allow to upload organization specific files (YAML and assets)

We need to add a way to easily deploy organization YAML config files and their related static assets (logo, CSS, etc).

Ideally we could allow specifying all the assets in one directory and upload all those files in some way to the organizations/ directory.

We need to document this, and would be great to have a basic test in the CI build: eg define some static assets of an org and at the end of the CI build ensure these have been uploaded.

Authentication failure in yarn build task

Hi,
My server is Ubuntu 22.04 and I am trying to configure ansible-openwisp-wifi-login-pages.

I configured the playbook.yml as in the documentation:

- hosts: openwisp-wifi-login-pages become: "{{ become | default('yes') }}" roles: - openwisp.wifi_login_pages vars: wifi_login_pages_domains: ["wifi.openwisp.org"]

also the hosts file:

[openwisp-wifi-login-pages] openwisp-wifi-login-pages.mydomain.com
when I try to run the playbook in my server, I face the following error in the yarn build task:

TASK [openwisp.wifi_login_pages : yarn build] *********************************************************************************************************************************************************************
fatal: [openwisp-wifi-login-pages.mydomain.com]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chmod: invalid mode: 'A+user:www-data:rx:allow'\nTry 'chmod --help' for more information.\n}). For information on working around this, see https://docs.ansible.com/ansible-core/2.13/user_guide/become.html#risks-of-becoming-an-unprivileged-user"}

PLAY RECAP ********************************************************************************************************************************************************************************************************
openwisp-wifi-login-pages.mydomain.com : ok=17   changed=4    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

image

seems that the www-data user dont have permissions to do all yarn build task.

Also when I check the wifi-login-pages folder, seems that everything is okay. www-data is the owner and the group.

Do you know how to solve it?

Thanks,
Pablo

[bug] Command issue on ansible-core~=2.14.0

This task fails with ansible-core~=2.14.0

ansible-openwisp-wifi-login-pages/tasks/nginx.yml

Lines 22 to 34 in e565eda

- name: create SSL cert if not exists yet
command: >
openssl req -new -nodes -x509 \
-subj "/C={{ openwisp2_ssl_country }}/ST={{ openwisp2_ssl_state }} \
/L={{ openwisp2_ssl_locality }}/O={{ openwisp2_ssl_organization }} \
/CN={{ openwisp2_ssl_common_name }}" \
-days 3650 \
-keyout {{ wifi_login_pages_ssl_key }} \
-out {{ wifi_login_pages_ssl_cert }} \
-extensions v3_ca creates={{ wifi_login_pages_ssl_cert }}
args:
warn: false
notify: restart nginx

It appears that from ansible-core>=2.14, the ansible.builtin.command module no longer accepts warn argument.

We should update this task which maintaining the same functionality.

[change] Instead of reloading supervisor after changes, restart only the affected process

The reload supervisor handler affects all the supervisor processes that are running on the system.

ansible-openwisp-wifi-login-pages/handlers/main.yml

Lines 3 to 7 in 83b8818

- name: reload supervisor
service:
name: supervisor
state: restarted
become: true

This could cause unwanted downtime for other supervisor processes running on the system. We shall update this handler to only restart the affected supervisor process. The supervisor process name can be deduced as follows:

We can keep this simple by updating the reload supervisor handler like this

- name: Restart WiFi Login Pages
  command: "supervisorctl restart wifi_login_pages"

This is untested code, we would need proper manual testing for this.

[bug] Ownership error when pulling git repo

This seems to happen when running the playbook again to upgrade an instance.

fatal: [********]: FAILED! => {"changed": false, "msg": "Failed to set a new url https://github.com/openwisp/openwisp-wifi-login-pages.git for origin:  fatal: unsafe repository ('/opt/openwisp2/wifi-login-pages' is owned by someone else)\nTo add an exception for this directory, call:\n\n\tgit config --global --add safe.directory /opt/openwisp2/wifi-login-pages\n"}

captive portal... where?

I have installed ansible-openwisp-wifi-login-pages to setup the captive portal...

Is it supposed to be available in gui as a template after running ansible or is there other steps?

[feature] Allow easily uploading files to static directory

Static files can be deployed as mentioned in the README: https://github.com/openwisp/ansible-openwisp-wifi-login-pages#deploying-custom-static-content

[bug] Remove old TLS ciphers

Remove the following ciphers from the nginx ssl conf:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.2

We have to make sure TLS v1.0 and TLS v1.1 will not be supported anymore.

Yarn error and blank page

Hi,
My server is Debian 11, I installed all openwisp2 with ansible.
For ansible-openwisp-wifi-login-pages, I copied the default organization and only changed the variables based on my organization.
I have 502 gateway error.
If I do a permissions fix with this scripts:

#!/bin/bash
set -e
yarn
# everything owned by www-data
chown -R www-data:www-data .
# remove any world permission
chmod -R o-rwx .
sudo -u www-data yarn build --mode production
supervisorctl restart wifi_login_pages

I only have a blank page.

With the "yarn check" command I have these warnings and errors.

root@controller:wifi-login-pages # yarn check
yarn check v1.22.19
warning "@babel/helper-create-class-features-plugin#@babel/helper-annotate-as-pure@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "@babel/helper-create-class-features-plugin#@babel/helper-replace-supers@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "@babel/helper-create-class-features-plugin#@babel/helper-split-export-declaration@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "@babel/helper-module-transforms#@babel/helper-replace-supers@^7.15.0" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "@babel/helper-module-transforms#@babel/helper-simple-access@^7.14.8" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "@babel/helper-module-transforms#@babel/helper-split-export-declaration@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "@babel/traverse#@babel/helper-hoist-variables@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "@babel/traverse#@babel/helper-split-export-declaration@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
error "acorn" is wrong version: expected "8.4.1", got "7.4.1"
warning "autoprefixer#browserslist@^4.12.0" could be deduped from "4.16.7" to "[email protected]"
warning "@babel/polyfill#regenerator-runtime@^0.13.4" could be deduped from "0.13.9" to "[email protected]"
warning "@babel/preset-env#@babel/plugin-transform-spread@^7.14.6" could be deduped from "7.15.8" to "@babel/[email protected]"
warning "@babel/runtime#regenerator-runtime@^0.13.4" could be deduped from "0.13.9" to "[email protected]"
warning "copy-webpack-plugin#fast-glob@^3.2.4" could be deduped from "3.2.11" to "[email protected]"
warning "eslint#@babel/code-frame#@babel/highlight@^7.10.4" could be deduped from "7.14.5" to "@babel/[email protected]"
warning "@babel/code-frame#@babel/highlight#@babel/helper-validator-identifier@^7.14.5" could be deduped from "7.14.9" to "@babel/[email protected]"
warning "autoprefixer#browserslist#electron-to-chromium@^1.3.723" could be deduped from "1.3.808" to "[email protected]"
warning "autoprefixer#browserslist#node-releases@^1.1.71" could be deduped from "1.1.74" to "[email protected]"
warning "enzyme#cheerio#tslib@^2.2.0" could be deduped from "2.3.0" to "[email protected]"
warning "ttag-cli#koa-router#http-errors@^1.7.3" could be deduped from "1.8.1" to "[email protected]"
warning "ttag-cli#koa#http-errors@^1.6.3" could be deduped from "1.8.1" to "[email protected]"
warning "@babel/core#@babel/helper-compilation-targets#browserslist@^4.16.6" could be deduped from "4.16.7" to "[email protected]"
warning "@babel/preset-env#@babel/plugin-transform-object-super#@babel/helper-replace-supers@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "@babel/plugin-transform-async-to-generator#@babel/helper-remap-async-to-generator#@babel/helper-annotate-as-pure@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
warning "eslint#@babel/code-frame#@babel/highlight#@babel/helper-validator-identifier@^7.14.0" could be deduped from "7.14.9" to "@babel/[email protected]"
warning "aria-query#@babel/runtime-corejs3#regenerator-runtime@^0.13.4" could be deduped from "0.13.9" to "[email protected]"
error "acorn-globals#acorn" not installed
error "espree#acorn" not installed
warning "@babel/helper-compilation-targets#browserslist#electron-to-chromium@^1.3.723" could be deduped from "1.3.808" to "[email protected]"
warning "@babel/helper-compilation-targets#browserslist#node-releases@^1.1.71" could be deduped from "1.1.74" to "[email protected]"
warning "koa-body#co-body#raw-body@^2.2.0" could be deduped from "2.4.2" to "[email protected]"
warning "@babel/plugin-proposal-unicode-property-regex#@babel/helper-create-regexp-features-plugin#@babel/helper-annotate-as-pure@^7.14.5" could be deduped from "7.15.4" to "@babel/[email protected]"
error "espree#acorn-jsx" not installed
warning "cssnano-preset-default#postcss-colormin#browserslist@^4.16.6" could be deduped from "4.16.7" to "[email protected]"
warning "cssnano-preset-default#postcss-merge-rules#browserslist@^4.16.6" could be deduped from "4.16.7" to "[email protected]"
warning "postcss-colormin#browserslist#electron-to-chromium@^1.3.723" could be deduped from "1.3.808" to "[email protected]"
warning "postcss-colormin#browserslist#node-releases@^1.1.71" could be deduped from "1.1.74" to "[email protected]"
warning "postcss-merge-rules#browserslist#electron-to-chromium@^1.3.723" could be deduped from "1.3.808" to "[email protected]"
warning "postcss-merge-rules#browserslist#node-releases@^1.1.71" could be deduped from "1.1.74" to "[email protected]"
warning "babel-preset-jest#babel-plugin-jest-hoist#@types/babel__core@^7.0.0" could be deduped from "7.1.15" to "@types/[email protected]"
info Found 36 warnings.
error Found 4 errors.
info Visit https://yarnpkg.com/en/docs/cli/check for documentation about this command.

How do you solve the problem?
Thanks.
Michele

[bug] Role does not install system packages

Some system packages are not installed when this role is used. The role should install all system packages it requires, otherwise it will fail.

These system packages are installed for running molecule tests.

ansible-openwisp-wifi-login-pages/molecule/resources/converge.yml

Lines 11 to 33 in c0b9e74

- name: Update apt cache
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
- name: Install gpg agent
apt:
name: gpg-agent
update_cache: true
- name: Install git
apt:
name: git
update_cache: true
- name: Install supervisor
apt:
name: supervisor
update_cache: true
- name: Install nginx
apt:
name: nginx
update_cache: true

These should be in tasks/apt.yml

[bug] Role fails if owlp_static/ does not exist

I just tried to run the role on a playbook which doesn't have files/owlp_static/ and this happened:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
fatal: [****************]: FAILED! => {"changed": false, "msg": "Could not find or access 'owlp_static/'\nSearched in:\n\t/Code/openwisp/ansible-openwisp-wifi-login-pages/files/owlp_static/\n\t/Code/openwisp/ansible-openwisp-wifi-login-pages/owlp_static/\n\t/Code/openwisp/ansible-openwisp-wifi-login-pages/tasks/files/owlp_static/\n\t/Code/openwisp/ansible-openwisp-wifi-login-pages/tasks/owlp_static/\n\t/Code/ansible-******-openwisp2/files/owlp_static/\n\t/Code/ansible-******-openwisp2/owlp_static/ on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}

We should prevent this failure, let's check also the other 2 directories we use (owlp_i18n, owlp_organizations), I think the role shouldn't fail if these are missing.

[change] Upgrade nodejs version

After merging openwisp/openwisp-wifi-login-pages#523 I get:

yarn 
yarn install v1.19.1
[1/4] Resolving packages...
[2/4] Fetching packages...
error [email protected]: The engine "node" is incompatible with this module. Expected version "^12.20.0 || ^14.13.0 || >=16.0.0". Got "15.14.0"
error Found incompatible module.

We are using nodejs 15 here too, we have to look for a solution.

Locally I installed nodejs 16, hopefully it doesn't cause issues.

Bug in nginx run task

Hello!

TASK [openwisp.wifi_login_pages : enable nginx site] ********************************************************************************************************************
fatal: [wifi.ntonline.com.br]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0644", "msg": "refusing to convert from file to symlink for /etc/nginx/sites-enabled/wifi_login_pages", "owner": "root", "path": "/etc/nginx/sites-enabled/wifi_login_pages", "size": 1881, "state": "file", "uid": 0}

PLAY RECAP **************************************************************************************************************************************************************
wifi.ntonline.com.br : ok=26 changed=3 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

I tried to deploy today and discovered this error. When I checked the file /etc/nginx/sites-available/wifi_login_pages, I noticed that the value of server_name was incorrect:
server_name w i f i . n t o n l i n e . c o m . b r;
Throughout the deployment process, the domain keeps reverting to be incorrect again.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.