XSCE · georgejhunt · Jul 23, 2016 · Jul 23, 2016 · Jul 24, 2016 · Jul 24, 2016
diff --git a/roles/0-once/templates/local_facts.fact.j2 b/roles/0-once/templates/local_facts.fact.j2
@@ -20,6 +20,13 @@ else
   PHPLIB_DIR=/usr/lib/php
 fi
 
+if [ -d /usr/lib64/squid ]
+then
+  SQUID_DIR=/usr/lib64/squid
+else
+  SQUID_DIR=/usr/lib/squid
+fi
+
 if [ -f /proc/device-tree/mfg-data/MN ]
 then
   XO_VERSION=`cat /proc/device-tree/mfg-data/MN`
@@ -48,6 +55,7 @@ fi
 ANSIBLE_VERSION=$(ansible --version|head -n 1|cut -f 2 -d " ")
 cat <<EOF
 {"phplib_dir"             : "$PHPLIB_DIR",
+"squid_dir"               : "$SQUID_DIR",
 "xsce_branch"             : "$BRANCH",
 "xsce_commit"             : "$COMMIT",
 "xsce_uuid"               : "$UUID",

diff --git a/roles/1-prep/tasks/computed_vars.yml b/roles/1-prep/tasks/computed_vars.yml
@@ -7,6 +7,7 @@
 - set_fact:
      xo_model: '{{ ansible_local["local_facts"]["xo_model"] }}'
      phplib_dir: '{{ ansible_local["local_facts"]["phplib_dir"] }}'
+     squid_dir: '{{ ansible_local["local_facts"]["squid_dir"] }}'
      xsce_base_ver: '{{ ansible_local["local_facts"]["xsce_base_ver"] }}'
      xsce_preload: '{{ ansible_local["local_facts"]["xsce_preload"] }}'
 
@@ -94,6 +95,12 @@
     docker_enabled: True
   when: schooltool_enabled or schooltool_install
 
+- name: Turn on squid if capture_enabled
+  set_fact:
+    squid_install: True
+    squid_enabled: True
+  when: capture_enabled
+
 # for various reasons the mysql service can not be enabled on fedora 20,
 # but 'mariadb', which is its real name can
 # on fedora 18 we need to use 'mysqld'

diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
@@ -9,3 +9,5 @@ host_wifi_mode: g
 host_channel: 6
 host_wireless_n: False
 host_country_code: US
+capture_enabled: False
+redirect_url: http://{{ xsce_hostname }}.{{ xsce_domain }}/redirect.php
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
@@ -106,6 +106,15 @@
   tags:
     - network
 
+- name: Configure misc
+  template: src={{ item.src }}
+            dest={{ item.dest }}
+            owner=root
+            group=root
+            mode={{ item.mode }}
+  with_items:
+   - { src: 'gateway/portal.j2', dest: '/etc/xsce/portal', mode: '0644' }
+
 - include: computed_services.yml
   tags:
     - network

diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml
@@ -45,6 +45,11 @@
       owner: 'root'
       group: 'root'
       mode: '0755'
+    - src: 'squid/redirect.php'
+      dest: '/var/www/html/redirect.php'
+      owner: 'root'
+      group: 'root'
+      mode: '0755'
 
 - name: Create squid cache directory
   file: path=/library/cache
@@ -60,6 +65,13 @@
         mode=0750
         state=directory
 
+- name: Create squid session database directory
+  file: path=/var/run/squid/session.db
+        owner=squid
+        group=squid
+        mode=0750
+        state=touch
+
 - include: dansguardian.yml
 
 - name: Stop Squid

diff --git a/roles/network/templates/gateway/portal.j2 b/roles/network/templates/gateway/portal.j2
@@ -0,0 +1 @@
+{{ xsce_home_url }}
diff --git a/roles/network/templates/gateway/xs-gen-iptables b/roles/network/templates/gateway/xs-gen-iptables
@@ -102,6 +102,9 @@ fi
 
 if [ -f /etc/sysconfig/xs_httpcache_on ]; then
     $IPTABLES  -t nat  -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
+{% if capture_enabled %}
+    $IPTABLES  -t nat  -A PREROUTING -i $lan -p tcp --dport 443 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
+{% endif %}
 fi
 
 # Enable routing.

diff --git a/roles/network/templates/squid/redirect.php b/roles/network/templates/squid/redirect.php
@@ -0,0 +1,4 @@
+<?php
+  $portal = file_get_contents("/etc/xsce/portal");
+  header( "Location: http://{{ xsce_hostname }}.{{ xsce_domain }}".$portal );
+?>
diff --git a/roles/network/templates/squid/squid-xs.conf.j2 b/roles/network/templates/squid/squid-xs.conf.j2
@@ -203,6 +203,23 @@ persistent_request_timeout  1 minute
 client_lifetime    1 hour
 ident_timeout      10 seconds
 
+{% if capture_enabled %}
+##################################
+# config splash page
+# without session.db, a restart will re-enable the splash -- for testing
+#external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 3600 -b /var/run/squid/session.db
+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 60 
+#
+#
+acl session external session
+#
+http_access deny !session
+#
+# # Deny page to display
+deny_info {{ redirect_url }} session
+##################################
+{% endif %}
+
 http_access allow manager localhost
 http_access deny manager