Update IPFire from 2.25 to 2.29 and solve unbound issue

[1ncludeSteven]

Dear Author:

I have found that you haven't the time to update the IPFire from 2.25 to 2.29. I have done this thing. Below is the boot command for internet router and company router:

iso_urls and iso_checksum:

      "iso_checksum": "sha256:ae9c1f9639e30e9e88b7363426d69297300cf15543498bef0b18e27f3dd66222",
      "iso_urls": [
        "https://downloads.ipfire.org/releases/ipfire-2.x/2.29-core189/ipfire-2.29-core189-x86_64.iso"
      ],

boot command for internet router:

"boot_command": [
        "<enter><wait10s>",
        "<tab><enter>",
        "<wait><enter>",
        "<wait><enter>",
        "<wait><tab><enter>",
        "<wait60s><enter>",
        "<wait30s><enter><wait><enter>",
        "<wait><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>internetrouter<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>localdomain<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach<tab>breach<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach<tab>breach<tab><spacebar>",       
	      "<wait10s><tab><spacebar>",
        "<wait><down><down><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><tab><tab><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><spacebar>",
        "<wait>172.18.0.1<tab>",
        "<wait><left><left><bs><bs><bs>0<tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait>192.168.56.30<tab>",
        "<wait><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar><tab><tab><tab><tab><spacebar>",
        "<wait><tab><tab><spacebar>",
        "<wait><tab><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><spacebar>",    
        "<wait60s>",
        "root<wait><enter>breach<wait><enter>",
        "<wait20s>iptables -I INPUT -p tcp --dport 444 -j ACCEPT<enter>",
        "<wait>iptables -I INPUT -p tcp --dport 222 -j ACCEPT<enter>",
        "<wait>sed -i 's/ENABLE_SSH=off/ENABLE_SSH=on/g' /var/ipfire/remote/settings<enter>",
        "<wait>sed -i 's/ENABLE_SSH_PORTFW=off/ENABLE_SSH_PORTFW=on/g' /var/ipfire/remote/settings<enter>",
        "<wait>sed -i 's/ENABLE_SSH_KEYS=off/ENABLE_SSH_KEYS=on/g' /var/ipfire/remote/settings<enter>",
        "<wait>touch /var/ipfire/remote/enablessh<enter>",
        "<wait>chown nobody:nobody /var/ipfire/remote/enablessh<enter>",
        "<wait>sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config<enter>",
        "<wait>sed -i 's/Port 22/Port 222/g' /etc/ssh/sshd_config<enter>",
        "<wait>/etc/rc.d/init.d/sshd restart<enter>",
        "<wait10s>/etc/init.d/sshd restart<enter>",
        "<wait10s>"
      ],

boot command for company router:

      "boot_command": [
        "<enter><wait10s>",
        "<tab><enter>",
        "<wait><enter>",
        "<wait><enter>",
        "<wait><tab><enter>",
        "<wait60s><enter>",
        "<wait30s><enter><wait><enter>",
        "<wait><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>companyrouter<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>localdomain<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach<tab>breach<tab><spacebar>",
        "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach<tab>breach<tab><spacebar>",
        "<wait10s><tab><spacebar>",
        "<wait><down><down><down><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><down><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><up><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><down><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><tab><tab><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><spacebar>",
        "<wait><spacebar>",
        "<wait>172.16.0.1<tab>",
        "<wait><left><left><bs><bs><bs>0<tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait>192.168.56.10<tab>",
        "<wait><tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait>172.17.0.1<tab>",
        "<wait><left><left><bs><bs><bs>0<tab><spacebar>",
        "<wait><down><tab><spacebar>",
        "<wait><tab><tab><tab>172.18.0.2<tab>",
        "<wait><left><left><bs><bs><bs>0<tab>",
        "<wait>172.18.0.1<tab><spacebar>",
        "<wait><tab><tab><spacebar>",
        "<wait><tab><tab><spacebar>",
        "<wait><spacebar>",
        "<wait><tab>172.16.1.1<tab>",
        "<wait>172.16.255.254<tab><tab><tab><tab><tab>",
        "<wait><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>breach.local<tab><spacebar>",
        "<wait><spacebar>",
        "<wait60s>",
        "root<wait><enter>breach<wait><enter>",
        "<wait20s>iptables -I INPUT -p tcp --dport 444 -j ACCEPT<enter>",
        "<wait>iptables -I INPUT -p tcp --dport 222 -j ACCEPT<enter>",
        "<wait>echo 'ENABLE_SSH_PORTFW=on' > /var/ipfire/remote/settings<enter>",
        "<wait>echo 'ENABLE_SSH=on' >> /var/ipfire/remote/settings<enter>",
        "<wait>echo 'ENABLE_SSH_PASSWORDS=on' >> /var/ipfire/remote/settings<enter>",
        "<wait>echo 'ENABLE_SSH_KEYS=on' >> /var/ipfire/remote/settings<enter>",
        "<wait>echo 'SSH_PORT=off' >> /var/ipfire/remote/settings<enter>",
        "<wait>touch /var/ipfire/remote/enablessh<enter>",
        "<wait>chown nobody:nobody /var/ipfire/remote/enablessh<enter>",
        "<wait>sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config<enter>",
        "<wait>sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config<enter>",
        "<wait>sed -i 's/Port 22/Port 222/g' /etc/ssh/sshd_config<enter>",
        "<wait>/etc/rc.d/init.d/sshd restart<enter>",
        "<wait10s> /etc/init.d/sshd restart<enter>",
        "<wait10s>"
      ],

after update IPFire, I think add manual dns server is recommend for stable dns lookup, so I add two dns server to internet router using ansible role named post_unbound (directory is ansible/roles/post_unbound/tasks/main.yml) as below:

---

- name: Add 8.8.8.8 to the DNS servers file
  lineinfile:
    path: /var/ipfire/dns/servers
    line: "3,8.8.8.8,,enabled,"
    create: yes  
    state: present 

- name: Add 114.114.114.114 to the DNS servers file
  lineinfile:
    path: /var/ipfire/dns/servers
    line: "4,114.114.114.114,,enabled,"
    create: yes 
    state: present 

- name: Restart unbound service
  service:
    name: unbound
    state: restarted 

and then add this role to internet router as below:

---
- hosts: internetrouter
  become: yes
  gather_facts: true

  roles:
    - configure_internet_router
    - rsyslog_install_ipfire
    - rsyslog_ISO8601
    - post_unbound

then unbound service in internet router can running stably!

[Maspital]

Hi, thanks for your issue.
There are currently some fixes waiting to be merged in #94 , we'll test and implement your suggestions after these have been moved into main.