wpa_supplicant

Role Name

Role for wpa_supplicant management configuration with all options and systemd support.

Requirements

None.

Role Variables

Most variables, except for the first one, directly correspond to the options in wpa_supplicant.conf reference. Configuration file is generated by translating the Ansible dictionary variables, as in country: GB into configuration file variables in the form of country=GB. Note that wpa_supplicant expects some variables to be quoted (as in username="[email protected]") in which case the Ansible variable must be double-quoted (username: '"[email protected]"').

This option determines which interface wpa_supplicant will be running on:

wpa_supplicant_interface: wlan0

Global wpa_supplicant config options:

wpa_supplicant_config:
  update_config: 1
  country: GB

There can be many creds blocks:

wpa_supplicant_credentials:
  - realm: '"example.com"'
    username: '"[email protected]"'

There may be many network blocks:

wpa_supplicant_networks:
  - scan_ssid: 1
    ssid: '"MySSID"'
    key_mgmt: WPA-PSK
    psk: '"Kohjioqu5Iefae1iedee"'

The psk secret should be encrypted with ansible-vault or, better yet, hashed with wpa_passphrase utility, in which case it goes without quotes.

Dependencies

You can use this role along shibumi.systemd-conf to manage network configuration entirely from Ansible:

systemd_conf_network:
  10-wlan:
    - Match:
        - Name: wlan0
    - Network:
        - Address: '192.168.1.251/24'
        - Gateway: '192.168.1.252'

Example Playbook

Assuming the above configuration in host_vars:

- hosts: access_point
  roles:
    - role: kravietz.wpa_supplicant
      wpa_supplicant_interface: wlan0
      wpa_supplicant_config:
        ctrl_interface: DIR=/var/run/wpa_supplicant GROUP=netdev
        country: GB
      wpa_supplicant_networks:
        - scan_ssid: 1
          ssid: '"TEST"'
          psk: '"TEST-TEST-TEST"'
          key_mgmt: WPA-PSK
    - role: shibumi.systemd-conf