### Example Playbook for OpenWISP2 Development Deployment Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst An example Ansible playbook for installing a fully-featured version of OpenWISP2 on Debian 11. It enables various OpenWISP2 modules and features. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2-dev vars: openwisp2_network_topology: true openwisp2_firmware_upgrader: true openwisp2_radius: true openwisp2_monitoring: true # monitoring is enabled by default ``` -------------------------------- ### Install Docker Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Installs the docker.io package on Debian/Ubuntu based systems. This is a prerequisite for running tests. ```shell sudo apt install docker.io ``` -------------------------------- ### Run Ansible Playbook Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/installing-on-vm.rst Execute the Ansible playbook to install OpenWISP on the VM. Prompts for become password (-K) and uses su as the become method. ```shell ansible-playbook -i hosts playbook.yml -b -k -K --become-method=su ``` -------------------------------- ### Install Test Dependencies Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Installs the necessary Python packages for running tests using pip. Ensure you are in the root of the repository. ```shell pip install -r requirements-test.txt ``` -------------------------------- ### Switch to www-data User and Activate Environment Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/troubleshooting.rst Switch to the www-data user and activate the Python virtual environment to access OpenWISP files and manage the installation. ```shell sudo su www-data -s /bin/bash cd /opt/openwisp2 source env/bin/activate ``` -------------------------------- ### Ansible Playbook for OpenWISP Installation Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/installing-on-vm.rst The main Ansible playbook to install OpenWISP. The 'postfix_myhostname' variable is required when using an IP address as the inventory hostname. ```yaml - hosts: openwisp2 roles: - openwisp.openwisp2 # the following line is needed only when an IP address is used as the inventory hostname vars: postfix_myhostname: localhost ``` -------------------------------- ### Example Inventory File for OpenWISP Domain Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/certbot-ssl.rst This text block shows the required format for your Ansible inventory file, specifying a valid domain name for the OpenWISP instance. ```text [openwisp2] openwisp2.yourdomain.com ``` -------------------------------- ### Install OpenWISP Ansible Role Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Installs the OpenWISP2 Ansible role using ansible-galaxy. Ensure you have Ansible installed on your local machine. ```shell ansible-galaxy install openwisp.openwisp2 ``` -------------------------------- ### Install Community and Posix Collections Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Installs or updates the necessary Ansible collections, community.general and ansible.posix, required for the OpenWISP role. Ensure these collections are up to date for compatibility. ```shell ansible-galaxy collection install "community.general:>=3.6.0" ansible-galaxy collection install "ansible.posix" ``` -------------------------------- ### Install Ansible Requirements Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Install the roles and collections specified in 'requirements.yml' using 'ansible-galaxy'. This command fetches and installs the necessary components. ```shell ansible-galaxy install -r requirements.yml ``` -------------------------------- ### Install Certbot Ansible Role Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/certbot-ssl.rst This shell command installs the 'geerlingguy.certbot' Ansible role, which is necessary for managing Let's Encrypt certificates. ```shell ansible-galaxy install geerlingguy.certbot ``` -------------------------------- ### Run OpenWISP2 Playbook Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Execute the main Ansible playbook for OpenWISP2 deployment. Substitute with your production server's username. The -k argument requires the sshpass program. Remove -k, --become, and -K if your public SSH key is installed on the server. ```shell ansible-playbook -i hosts playbook.yml -u -k --become -K ``` -------------------------------- ### Enable RADIUS Module Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/enabling-modules.rst To enable the RADIUS module, set 'openwisp2_radius' to true. 'openwisp2_freeradius_install' should also be true for basic FreeRADIUS setup, and 'openwisp2_radius_urls' to true to register API endpoints. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: openwisp2_radius: true openwisp2_freeradius_install: true # set to false when you don't want to register openwisp-radius # API endpoints. openwisp2_radius_urls: true ``` -------------------------------- ### Control Supervisor Service Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/troubleshooting.rst Use these commands to start, stop, or check the status of the supervisor service, which manages OpenWISP's background processes. ```shell sudo service supervisor start|stop|status ``` -------------------------------- ### Configure FreeRADIUS for WPA Enterprise (EAP-TTLS-PAP) Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/deploying-wpa-eap-ttls-pap.rst This playbook enables the OpenWISP RADIUS module, installs FreeRADIUS, and configures it for WPA Enterprise authentication per organization. It requires defining organization-specific details like name, UUID, RADIUS token, and authentication/accounting ports. Custom certificates can also be specified. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: openwisp2_radius: true openwisp2_freeradius_install: true # Define a list of dictionaries detailing each organization's # name, UUID, RADIUS token, and ports for authentication, # accounting, and the inner tunnel. These details will be used # to create FreeRADIUS sites tailored for WPA Enterprise # (EAP-TTLS-PAP) authentication per organization. freeradius_eap_orgs: # A reference name for the organization, # used in FreeRADIUS configurations. # Don't use spaces or special characters. - name: openwisp # UUID of the organization. # You can retrieve this from the organization admin # in the OpenWISP web interface. uuid: 00000000-0000-0000-0000-000000000000 # Radius token of the organization. # You can retrieve this from the organization admin # in the OpenWISP web interface. radius_token: secret-radius-token # Port used by the authentication service for # this FreeRADIUS site auth_port: 1822 # Port used by the accounting service for this FreeRADIUS site acct_port: 1823 # Port used by the authentication service of inner tunnel # for this FreeRADIUS site inner_tunnel_auth_port: 18230 # If you want to use a custom certificate for FreeRADIUS # EAP module, you can specify the path to the CA, server # certificate, and private key, and DH key as follows. # Ensure that these files can be read by the "freerad" user. cert: /etc/freeradius/certs/cert.pem private_key: /etc/freeradius/certs/key.pem ca: /etc/freeradius/certs/ca.crt dh: /etc/freeradius/certs/dh tls_config_extra: | private_key_password = whatever ecdh_curve = "prime256v1" # You can add as many organizations as you want - name: demo uuid: 00000000-0000-0000-0000-000000000001 radius_token: demo-radius-token auth_port: 1832 acct_port: 1833 inner_tunnel_auth_port: 18330 # If you omit the certificate fields, # the FreeRADIUS site will use the default certificates # located in /etc/freeradius/certs. ``` -------------------------------- ### Update OpenWISP2 Ansible Role Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Update the OpenWISP2 Ansible role to the latest version using ansible-galaxy. The --force flag ensures the latest version is installed. ```shell ansible-galaxy install --force openwisp.openwisp2 ``` -------------------------------- ### Create Hosts and Playbook Files Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Navigates to the parent directory and creates empty hosts and playbook.yml files. ```bash cd ../ touch hosts touch playbook.yml ``` -------------------------------- ### Create Development Directories Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Creates the necessary directory structure for development and navigates into the roles directory. ```bash mkdir -p ~/openwisp-dev/roles cd ~/openwisp-dev/roles ``` -------------------------------- ### Create Development Directories Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Set up the necessary directory structure for deploying the development version of OpenWISP2. This includes 'roles' and 'collections' directories. ```shell mkdir -p ~/openwisp-dev/roles mkdir -p ~/openwisp-dev/collections ``` -------------------------------- ### Define Inventory File Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Creates an inventory file named 'hosts' to define the production server group. Replace 'openwisp2.mydomain.com' with your server's hostname. Using a hostname is crucial for email functionality. ```text [openwisp2] openwisp2.mydomain.com ``` -------------------------------- ### Create Ansible Configuration and Requirements Files Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Create the 'ansible.cfg' and 'requirements.yml' files for configuring the Ansible environment for the development version. ```shell cd ~/openwisp-dev/ touch ansible.cfg touch requirements.yml ``` -------------------------------- ### Create Ansible Hosts and Playbook Files Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Create the 'hosts' inventory file and the 'playbook.yml' file, which are essential for running Ansible playbooks. ```shell touch hosts touch playbook.yml ``` -------------------------------- ### Configure Firmware Upgrader Custom Settings Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/enabling-modules.rst Use 'openwisp2_extra_django_settings_instructions' to provide custom Django settings for the firmware upgrader, such as defining custom OpenWRT images. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: openwisp2_firmware_upgrader: true openwisp2_extra_django_settings_instructions: - | OPENWISP_CUSTOM_OPENWRT_IMAGES = ( ('my-custom-image-squashfs-sysupgrade.bin', { 'label': 'My Custom Image', 'boards': ('MyCustomImage',) }), ) ``` -------------------------------- ### SSH into VM Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/installing-on-vm.rst Connect to the configured VM using SSH. ```shell ssh 192.168.56.2 ``` -------------------------------- ### Configure VM Network Interface Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/installing-on-vm.rst Add static IP configuration to the VM's network interface. Replace 'enp0s8' with your actual network interface name. ```text auto enp0s8 iface enp0s8 inet static address 192.168.56.2 netmask 255.255.255.0 network 192.168.56.0 broadcast 192.168.56.255 ``` -------------------------------- ### RADIUS Module Configuration Note Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/enabling-modules.rst The 'openwisp2_freeradius_install' option provides a basic FreeRADIUS configuration. Disable it if you manage FreeRADIUS separately or use a different mechanism. ```text ``openwisp2_freeradius_install`` option provides a basic configuration of freeradius for OpenIWSP, it sets up the :ref:`radius user token mechanism ` if you want to use another mechanism or manage your freeradius separately, please disable this option by setting it to ``false``. ``` -------------------------------- ### Create Working Directory Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Creates a dedicated directory on your local machine to store OpenWISP Ansible playbook configurations. This directory is useful for future upgrades. ```shell mkdir ~/openwisp2-ansible-playbook cd ~/openwisp2-ansible-playbook ``` -------------------------------- ### Run Ansible Playbook Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Executes the Ansible playbook to deploy OpenWISP to the production server. This command should be run from your local machine's working directory. ```shell ansible-playbook playbook.yml ``` -------------------------------- ### Enable Network Topology Module Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/enabling-modules.rst Set 'openwisp2_network_topology' to true in your playbook to enable the Network Topology module. This follows the standard pattern for module enablement. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: openwisp2_network_topology: true ``` -------------------------------- ### Create Playbook File Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Defines the main Ansible playbook 'playbook.yml' to deploy OpenWISP. It specifies the host group, enables sudo usage by default, includes the OpenWISP2 role, and sets a default email sender. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: openwisp2_default_from_email: "openwisp2@openwisp2.mydomain.com" ``` -------------------------------- ### Default Admin Credentials Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/configuring-cors-headers.rst These are the default credentials provided after a successful playbook run. ```text username: admin password: admin ``` -------------------------------- ### Download Docker Images for Testing Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Downloads the required Docker images that will be used by Molecule for testing different Ansible environments. ```shell docker pull geerlingguy/docker-ubuntu2404-ansible:latest docker pull geerlingguy/docker-ubuntu2204-ansible:latest docker pull geerlingguy/docker-debian13-ansible:latest docker pull geerlingguy/docker-debian12-ansible:latest ``` -------------------------------- ### Default Admin Credentials Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/enabling-modules.rst These are the default credentials provided after a successful playbook run. They can be changed post-installation. ```text username: admin password: admin ``` -------------------------------- ### Run Molecule Tests Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Executes the Molecule tests for the local scenario. Successful execution will not produce any error messages. ```shell molecule test -s local ``` -------------------------------- ### Clone Ansible Repositories Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Clones the required ansible-openwisp2 and related repositories into the roles directory. ```bash git clone https://github.com/openwisp/ansible-openwisp2.git openwisp.openwisp2 git clone https://github.com/Stouts/Stouts.postfix git clone https://github.com/openwisp/ansible-ow-influxdb openwisp.influxdb ``` -------------------------------- ### Ansible Inventory File Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/installing-on-vm.rst Define the target host for the Ansible playbook. ```ini [openwisp2] 192.168.56.2 ``` -------------------------------- ### Configure Ansible Paths Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Set the 'roles_path' and 'collections_paths' variables in 'ansible.cfg' to point to the newly created directories for managing roles and collections. ```ini [defaults] roles_path=~/openwisp-dev/roles collections_paths=~/openwisp-dev/collections ``` -------------------------------- ### Enable Firmware Upgrader Module Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/enabling-modules.rst Set 'openwisp2_firmware_upgrader' to true in your playbook to enable the Firmware Upgrader module. This playbook structure is a common pattern for enabling modules. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: openwisp2_firmware_upgrader: true ``` -------------------------------- ### Ansible Playbook for OpenWISP and FreeRADIUS Deployment Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/deploying-wpa-eap-ttls-pap.rst This playbook configures Nginx with Let's Encrypt certificates and sets up FreeRADIUS for WPA-EAP-TTLS-PAP authentication. It includes variables for certificate management and FreeRADIUS organization details. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - geerlingguy.certbot - openwisp.openwisp2 vars: # certbot configuration certbot_auto_renew_minute: "20" certbot_auto_renew_hour: "5" certbot_create_if_missing: true certbot_auto_renew_user: "" certbot_certs: - email: "" domains: - "{{ inventory_hostname }}" # If you choose to re-use the same certificate for both services, # you can omit the following item in your playbook. - email: "" domains: - "freeradius.yourdomain.com" # Configuration to use Let's Encrypt certificate for OpenWISP server (Nnginx) openwisp2_ssl_cert: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem" openwisp2_ssl_key: "/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem" # Configuration for openwisp-radius openwisp2_radius: true openwisp2_freeradius_install: true freeradius_eap_orgs: - name: demo uuid: 00000000-0000-0000-0000-000000000001 radius_token: demo-radius-token auth_port: 1832 acct_port: 1833 inner_tunnel_auth_port: 18330 # Update the cert_file and private_key paths to point to the # Let's Encrypt certificate. cert: /etc/letsencrypt/live/freeradius.yourdomain.com/fullchain.pem private_key: /etc/letsencrypt/live/freeradius.yourdomain.com/privkey.pem # If you choose to re-use the same certificate for both services, # your configuration would look like this # cert: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem # private_key: /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem tasks: # Tasks to ensure the Let's Encrypt certificate can be read by the FreeRADIUS server. # If you are using the same certificate for both services, you need to # replace "freeradius.yourdomain.com" with "{{ inventory_hostname }}" # in the following task. - name: "Create a renewal hook for setting permissions on /etc/letsencrypt/live/freeradius.yourdomain.com" copy: content: | #!/bin/bash chown -R root:freerad /etc/letsencrypt/live/ /etc/letsencrypt/archive/ chmod 0750 /etc/letsencrypt/live/ /etc/letsencrypt/archive/ chmod -R 0640 /etc/letsencrypt/archive/freeradius.yourdomain.com/ chmod 0750 /etc/letsencrypt/archive/freeradius.yourdomain.com/ dest: /etc/letsencrypt/renewal-hooks/post/chown_freerad owner: root group: root mode: '0700' register: chown_freerad_result - name: Change the ownership of the certificate files when: chown_freerad_result.changed command: /etc/letsencrypt/renewal-hooks/post/chown_freerad ``` -------------------------------- ### Clone ansible-openwisp2 Repository Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Clones the ansible-openwisp2 repository and changes the directory to its root. Replace with your forked repository URL. ```shell git clone https://github.com//ansible-openwisp2.git openwisp.openwisp2 cd openwisp.openwisp2 ``` -------------------------------- ### Control Nginx Web Server Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/troubleshooting.rst Manage the nginx web server, which sits in front of the uWSGI application server, using these commands. ```shell service nginx status start|stop|status ``` -------------------------------- ### Ansible Requirements for Development Version Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Specify the OpenWISP2 development role source and the community.general collection in the 'requirements.yml' file. ```yaml --- roles: - src: https://github.com/openwisp/ansible-openwisp2.git version: master name: openwisp.openwisp2-dev collections: - name: community.general version: ">=3.6.0" ``` -------------------------------- ### Configure CORS Headers with Ansible Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/configuring-cors-headers.rst Use this playbook to enable and configure basic CORS settings, including allowed origins. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: # Cross-Origin Resource Sharing (CORS) settings openwisp2_django_cors: enabled: true allowed_origins_list: - https://frontend.openwisp.org - https://logs.openwisp.org ``` -------------------------------- ### Ansible Playbook for OpenWISP with Certbot Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/certbot-ssl.rst This YAML playbook configures Ansible to use the Certbot role for SSL certificate management and the OpenWISP2 role for the application. It includes variables for SSL certificate paths and Certbot auto-renewal settings. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - geerlingguy.certbot - openwisp.openwisp2 vars: # SSL certificates openwisp2_ssl_cert: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem" openwisp2_ssl_key: "/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem" # certbot configuration certbot_auto_renew_minute: "20" certbot_auto_renew_hour: "5" certbot_create_if_missing: true # you may change this if needed certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" certbot_certs: # set your email address here - email: "" domains: - "{{ inventory_hostname }}" pre_tasks: - name: Update APT package cache apt: update_cache: true changed_when: false retries: 5 delay: 10 register: result until: result is success ``` -------------------------------- ### Speed Up Subsequent Test Runs Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/developer/installation.rst Use this command with Molecule to prevent the destruction of containers after tests, speeding up subsequent runs. ```shell molecule test --destroy=never ``` -------------------------------- ### RADIUS Module Access URL Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/enabling-modules.rst This is the default URL to access the OpenWISP admin interface when the RADIUS module is enabled and the playbook has completed successfully. ```text https://openwisp2.mydomain.com/admin username: admin password: admin ``` -------------------------------- ### Configure OpenWISP2 Role Variables Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/role-variables.rst This snippet shows how to define and customize variables for the OpenWISP2 Ansible role within a playbook. It includes enabling specific modules, setting package versions, configuring email settings, database connections, and SSL certificates. ```yaml - hosts: yourhost roles: # you can add other roles here - openwisp.openwisp2 vars: # Enable the modules you want to use openwisp2_network_topology: false openwisp2_firmware_upgrader: false openwisp2_monitoring: true # you may replace the values of these variables with any value or URL # supported by pip (the python package installer) # use these to install forks, branches or development versions # WARNING: only do this if you know what you are doing; disruption # of service is very likely to occur if these variables are changed # without careful analysis and testing openwisp2_controller_version: "openwisp-controller~=1.0.0" openwisp2_network_topology_version: "openwisp-network-topology~=1.0.0" openwisp2_firmware_upgrader_version: "openwisp-firmware-upgrader~=1.0.0" openwisp2_monitoring_version: "openwisp-monitoring~=1.0.0" openwisp2_radius_version: "openwisp-radius~=1.0.0" openwisp2_django_version: "django~=3.2.13" # Extra arguments passed to pip when reinstalling Python packages with --force-reinstall # By default, packages are upgraded on each playbook run. # Can be overridden, for example: # openwisp2_pip_extra_args: "--upgrade --force-reinstall" openwisp2_pip_extra_args: "--upgrade" # Setting this to true will enable subnet division feature of # openwisp-controller. Refer openwisp-controller documentation # for more information. https://github.com/openwisp/openwisp-controller#subnet-division-app # By default, it is set to false. openwisp2_controller_subnet_division: true # when openwisp2_radius_urls is set to false, the radius module # is setup but it's urls are not added, which means API and social # views cannot be used, this is helpful if you have an external # radius instance. openwisp2_radius_urls: "{{ openwisp2_radius }}" openwisp2_path: /opt/openwisp2 # It is recommended that you change the value of this variable if you intend to use # OpenWISP2 in production, as a misconfiguration may result in emails not being sent openwisp2_default_from_email: "openwisp2@yourhostname.com" # Email backend used by Django for sending emails. By default, the role # uses "CeleryEmailBackend" from django-celery-email. # (https://github.com/pmclanahan/django-celery-email) openwisp2_email_backend: "djcelery_email.backends.CeleryEmailBackend" # Email timeout in seconds used by Django for blocking operations # like connection attempts. For more info read the Django documentation, # https://docs.djangoproject.com/en/4.2/ref/settings/#email-timeout. # Defaults to 10 seconds. openwisp2_email_timeout: 5 # edit database settings only if you are not using sqlite # eg, for deploying with PostgreSQL (recommended for production usage) # you will need the PostGIS spatial extension, find more info at: # https://docs.djangoproject.com/en/4.1/ref/contrib/gis/tutorial/ openwisp2_database: engine: django.contrib.gis.db.backends.postgis name: "{{ DB_NAME }}" user: "{{ DB_USER }}" host: "{{ DB_HOST }}" password: "{{ DB_PASSWORD }}" port: 5432 # SPATIALITE_LIBRARY_PATH django setting # The role will attempt determining the right mod-spatialite path automatically # But you can use this variable to customize the path or fix future arising issues openwisp2_spatialite_path: "mod_spatialite.so" # customize other django settings: openwisp2_language_code: en-gb openwisp2_time_zone: UTC # openwisp-controller context openwisp2_context: {} # additional allowed hosts openwisp2_allowed_hosts: - myadditionalhost.openwisp.org # geographic map settings openwisp2_leaflet_config: DEFAULT_CENTER: [42.06775, 12.62011] DEFAULT_ZOOM: 6 # enable/disable geocoding check openwisp2_geocoding_check: true # specify path to a valid SSL certificate and key # (a self-signed SSL cert will be generated if omitted) openwisp2_ssl_cert: "/etc/nginx/ssl/server.crt" openwisp2_ssl_key: "/etc/nginx/ssl/server.key" # customize the self-signed SSL certificate info if needed openwisp2_ssl_country: "US" openwisp2_ssl_state: "California" ``` -------------------------------- ### Run OpenWISP2 Playbook After Update Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/quickstart.rst Re-run the Ansible playbook after updating the OpenWISP2 role to apply any changes. This command is executed from your local machine. ```shell ansible-playbook -i hosts playbook.yml ``` -------------------------------- ### View Individual Supervisor Process Status Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/troubleshooting.rst Check the status of each individual process managed by supervisor, such as uWSGI, daphne, or celery. ```shell sudo supervisorctl status ``` -------------------------------- ### Configure Additional CORS Settings Source: https://github.com/openwisp/ansible-openwisp2/blob/master/docs/user/configuring-cors-headers.rst Use this method to configure advanced django-cors-headers settings not directly exposed by the role variables. ```yaml - hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: openwisp2_django_cors: enabled: true allowed_origins_list: - https://frontend.openwisp.org - https://logs.openwisp.org # Configuring additional settings for django-cors-headers openwisp2_extra_django_settings_instructions: - | CORS_ALLOW_CREDENTIALS = True CORS_ALLOW_ALL_ORIGINS = True ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.