external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Major cleanup of roles/openvpn, openvpn_handle SSOT

Browse source
This commit is contained in:
root 2021-08-18 21:47:46 -04:00
parent d01a31d457
commit 011139bde6
18 changed files with 268 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

1
install-support.yml
View file

@ -9,5 +9,4 @@
roles: roles:
- { role: 0-init } - { role: 0-init }
- { role: sshd } - { role: sshd }
- { role: iiab-admin }
- { role: openvpn } - { role: openvpn }

9
roles/firmware/templates/iiab-check-firmware
View file

@ -3,12 +3,13 @@
WARN=0 WARN=0
DATE=$(date +%F-%T) DATE=$(date +%F-%T)
# 2021-08-17: bash scripts using default_vars.yml &/or local_vars.yml # 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml
# https://github.com/iiab/iiab-factory/blob/master/iiab#L79-L97 # https://github.com/iiab/iiab-factory/blob/master/iiab#L79-L97
# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L12 # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L13
# https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L47-L51 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52
# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34
# https://github.com/iiab/iiab/blob/master/iiab-support READS AND WRITES, INCL NON-BOOLEAN (openvpn_handle) # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN
if grep -q '^wifi_hotspot_capacity_rpi_fix:\s\+[fF]alse\b' /etc/iiab/local_vars.yml ; then if grep -q '^wifi_hotspot_capacity_rpi_fix:\s\+[fF]alse\b' /etc/iiab/local_vars.yml ; then
echo "'wifi_hotspot_capacity_rpi_fix: False' found in /etc/iiab/local_vars.yml" echo "'wifi_hotspot_capacity_rpi_fix: False' found in /etc/iiab/local_vars.yml"
echo "...so WiFi firmware will NOT be checked or replaced." echo "...so WiFi firmware will NOT be checked or replaced."

13
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -34,19 +34,20 @@ IPTABLES=/usr/sbin/iptables
IPTABLES_DATA=/etc/sysconfig/iptables IPTABLES_DATA=/etc/sysconfig/iptables
{% endif %} {% endif %}
# 2021-08-17: bash scripts using default_vars.yml &/or local_vars.yml # 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml
# https://github.com/iiab/iiab-factory/blob/master/iiab#L79-L97 # https://github.com/iiab/iiab-factory/blob/master/iiab#L79-L97
# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L12 # https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L13
# https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L47-L51 # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52
# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34
# https://github.com/iiab/iiab/blob/master/iiab-support READS AND WRITES, INCL NON-BOOLEAN (openvpn_handle) # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN
# "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and # "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and
# (2) Chops up Ansible vars containing multiple words w/o surrounding quotes. # (2) Chops up Ansible vars containing multiple words w/o surrounding quotes.
# So: sed is used instead, to emulate Ansible's parsing of vars from .yml # So: sed is used instead, to emulate Ansible's parsing of vars from .yml
iiab_var_value() { iiab_var_value() {
v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | head -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
[ "$v2" != "" ] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS [ "$v2" != "" ] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS
} }

29
roles/openvpn/tasks/install.yml
View file

@ -1,7 +1,7 @@
- name: "Install packages: ncat, nmap, openvpn, sudo" - name: "Install packages: ncat, nmap, openvpn, sudo"
package: package:
name: name:
- ncat # Newer versions of NMap do not include NCat, needed to announce /etc/iiab/openvpn_handle (if Debian > 9 or Ubuntu > 18) - ncat # Newer versions of NMap do not include NCat, needed to announce openvpn_handle (if Debian > 9 or Ubuntu > 18)
- nmap - nmap
- openvpn - openvpn
- sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by 1-prep here, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!) - sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by 1-prep here, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!)
@ -55,22 +55,23 @@
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
backup: yes backup: yes
with_items: with_items:
- { src: 'ca.crt', dest: '/etc/openvpn/keys/ca.crt', mode: '0644' } - { src: 'ca.crt', dest: '/etc/openvpn/keys/', mode: '0644' }
- { src: 'client1.crt', dest: '/etc/openvpn/keys/client1.crt', mode: '0644' } - { src: 'client1.crt', dest: '/etc/openvpn/keys/', mode: '0644' }
- { src: 'client1.key', dest: '/etc/openvpn/keys/client1.key', mode: '0600' } - { src: 'client1.key', dest: '/etc/openvpn/keys/', mode: '0600' }
- { src: 'announce', dest: '/etc/openvpn/scripts/announce', mode: '0755' } - { src: 'announce', dest: '/etc/openvpn/scripts/', mode: '0755' }
- { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } - { src: 'announcer', dest: '/etc/openvpn/scripts/', mode: '0755' }
- { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/', mode: '0755' }
- { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' }
- { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } # - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } # 2021-08-18 SSOT: Please instead set it in /etc/iiab/local_vars.yml
- { src: 'iiab-support', dest: '/usr/bin/', mode: '0755' }
- { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' }
- { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/', mode: '0755' }
- name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted e.g. on a smaller IIAB install # - name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted e.g. on a smaller IIAB install
copy: # copy:
src: "{{ iiab_dir }}/iiab-support" # src: "{{ iiab_dir }}/iiab-support"
dest: /usr/bin/ # dest: /usr/bin/
mode: '0755' # mode: '0755'
- name: Symlink /usr/bin/iiab-support-on -> /usr/bin/iiab-support - name: Symlink /usr/bin/iiab-support-on -> /usr/bin/iiab-support
file: file:

3
roles/openvpn/tasks/main.yml
View file

@ -42,13 +42,12 @@
value: OpenVPN value: OpenVPN
- option: description - option: description
value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."' value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."'
# openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle)
- option: openvpn_install - option: openvpn_install
value: "{{ openvpn_install }}" value: "{{ openvpn_install }}"
- option: openvpn_enabled - option: openvpn_enabled
value: "{{ openvpn_enabled }}" value: "{{ openvpn_enabled }}"
- option: openvpn_handle - option: openvpn_handle
value: "{{ openvpn_handle }}" value: "{{ openvpn_handle }}" # As of August 2018: (1) openvpn_handle could no longer be left undefined OR null (different concepts in Ansible, see /opt/iiab/iiab/tests.yml) -- (2) though an EMPTY STRING "" IS TOLERATED, in which case OpenVPN server instead tries to use 1st 6 chars of /etc/iiab/uuid -- (3) finally, if nec, OpenVPN server falls back to labelling the connection as generic: "client1's certificate" -- SEE ALSO: roles/openvpn/templates/announcer
- option: openvpn_cron_enabled - option: openvpn_cron_enabled
value: "{{ openvpn_cron_enabled }}" value: "{{ openvpn_cron_enabled }}"
- option: openvpn_server - option: openvpn_server

0
roles/openvpn/templates/15-openvpn.deprecated → roles/openvpn/templates/15-openvpn.unused
View file

72
roles/openvpn/templates/announcer Executable file
View file

@ -0,0 +1,72 @@
#!/bin/bash -x
# Small daemon to identify this machine to the OpenVPN server
# local_vars.yml code from /usr/bin/iiab-support and /usr/bin/iiab-gen-iptables
# Empty string, worst case, e.g. whether var is set to "" (or not set at all!)
HANDLE=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
# Change all spaces to underscores
HANDLE=${HANDLE// /_}
# Likewise empty string is the worst case, e.g. if file doesn't exist.
# If handle is "", OpenVPN server tries to use the 1st 6 chars of UUID
# e.g. e1a3d4 from e1a3d4e2-2d1a-4f37-9ba0-e836d7c8e3ca
# SEE ALSO: roles/openvpn/tasks/main.yml Line 50
UUID=$(cat /etc/iiab/uuid)
/usr/bin/ncat -l -k -p1705 --exec "/bin/echo HANDLE = $HANDLE|UUID = $UUID" &
# 2021-08-18: Let's finally do it 3 years lster, simplifying from 4 places to 1
# at long last. Per SSOT (single source of truth).
# #HANDLE=
# #UUID=
# #if [ -f /etc/iiab/openvpn_handle ]; then
# # Option #1: Source directly from /etc/iiab/local_vars.yml in future?
# # Option #2
# HANDLE=$(cat /etc/iiab/openvpn_handle) # Sets to "" if file doesn't exist (error is ok!)
# # Sourcing a variable from ~4 different places is a recipe for total confusion
# # (or worse!) Far better to make variable openvpn_handle and file
# # /etc/iiab/openvpn_handle "obligatory" (EMPTY STRING "" IS TOLERATED, IN WHICH
# # CASE OPENVPN SERVER TRIES TO USE /etc/iiab/uuid BELOW, IN LIEU OF HANDLE...)
# # CLARIF: "systemctl restart openvpn" still works tolerably even if the above
# # is defied, auto-starting child service openvpn@xscenet per usual
# # (e.g. if /etc/iiab/openvpn_handle is deleted by accident!)
# #else
# # # Option #3: Dangerous to invoke hypothetical variables :(
# # source {{ iiab_env_file }}
# # # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from {{ iiab_ini_file }}, but safer now that relegated to #4 ?
# # if [ -z "$HANDLE" ]; then
# # HANDLE=`cat {{ iiab_ini_file }} | gawk \
# # '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'`
# # fi
# #fi
# HANDLE=${HANDLE// /_} # Change all spaces to underscores
# #if [ -f /etc/iiab/uuid ]; then
# UUID=$(cat /etc/iiab/uuid) # Sets to "" if file doesn't exist (error is ok!)
# #fi
# SERVER=/usr/bin/ncat
# #ID=$(printf "HANDLE = %s|UUID = %s" $HANDLE $UUID)
# #ID=$(echo "HANDLE = ${HANDLE}|UUID = ${UUID}")
# ID=$(echo "HANDLE = $HANDLE|UUID = $UUID")
# # August 2018: Removal of trailing '|' tested on Raspbian, Ubuntu 18.04 & Ubuntu 16.04
# #ID=`printf "HANDLE = %s|UUID = %s|" $HANDLE $UUID`
# # Start the daemon which will serve the handle on demand
# {% if is_debuntu %}
# $SERVER -l -k -p1705 --exec "/bin/echo $ID" &
# # 2020-11-23: USE 1 LINE INSTEAD OF 9 LINES, IF WE MANDATE debuntu:
# #/usr/bin/ncat -l -k -p1705 --exec "/bin/echo HANDLE = $HANDLE|UUID = $UUID" &
# {% else %}
# source /etc/init.d/functions
# PID_FILE=/var/run/openvpn/announce.pid
# daemon --pidfile=${PID_FILE} $SERVER "-l -k -p1705 --exec \"/usr/bin/echo $ID\"" &
# #daemon --pidfile=${PID_FILE} $SERVER "-l -k -p1705 --exec \"/usr/bin/echo $(printf 'HANDLE = %s|UUID = %s' $HANDLE $UUID)\"" &
# {% endif %}

51
roles/openvpn/templates/announcer.j2
View file

@ -1,51 +0,0 @@
#!/bin/bash -x
# Small daemon to identify this machine to the OpenVPN server
#HANDLE=
#UUID=
#if [ -f /etc/iiab/openvpn_handle ]; then
# Option #1: Source directly from /etc/iiab/local_vars.yml in future?
# Option #2
HANDLE=$(cat /etc/iiab/openvpn_handle) # Sets to "" if file doesn't exist (error is ok!)
# Sourcing a variable from ~4 different places is a recipe for total confusion
# (or worse!) Far better to make variable openvpn_handle and file
# /etc/iiab/openvpn_handle "obligatory" (EMPTY STRING "" IS TOLERATED, IN WHICH
# CASE OPENVPN SERVER TRIES TO USE /etc/iiab/uuid BELOW, IN LIEU OF HANDLE...)
# CLARIF: "systemctl restart openvpn" still works tolerably even if the above
# is defied, auto-starting child service openvpn@xscenet per usual
# (e.g. if /etc/iiab/openvpn_handle is deleted by accident!)
#else
# # Option #3: Dangerous to invoke hypothetical variables :(
# source {{ iiab_env_file }}
# # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from {{ iiab_ini_file }}, but safer now that relegated to #4 ?
# if [ -z "$HANDLE" ]; then
# HANDLE=`cat {{ iiab_ini_file }} | gawk \
# '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'`
# fi
#fi
HANDLE=${HANDLE// /_} # Change all spaces to underscores
#if [ -f /etc/iiab/uuid ]; then
UUID=$(cat /etc/iiab/uuid) # Sets to "" if file doesn't exist (error is ok!)
#fi
SERVER=/usr/bin/ncat
#ID=$(printf "HANDLE = %s|UUID = %s" $HANDLE $UUID)
#ID=$(echo "HANDLE = ${HANDLE}|UUID = ${UUID}")
ID=$(echo "HANDLE = $HANDLE|UUID = $UUID")
# August 2018: Removal of trailing '|' tested on Raspbian, Ubuntu 18.04 & Ubuntu 16.04
#ID=`printf "HANDLE = %s|UUID = %s|" $HANDLE $UUID`
# Start the daemon which will serve the handle on demand
{% if is_debuntu %}
$SERVER -l -k -p1705 --exec "/bin/echo $ID" &
# 2020-11-23: USE 1 LINE INSTEAD OF 9 LINES, IF WE MANDATE debuntu:
#/usr/bin/ncat -l -k -p1705 --exec "/bin/echo HANDLE = $HANDLE|UUID = $UUID" &
{% else %}
source /etc/init.d/functions
PID_FILE=/var/run/openvpn/announce.pid
daemon --pidfile=${PID_FILE} $SERVER "-l -k -p1705 --exec \"/usr/bin/echo $ID\"" &
#daemon --pidfile=${PID_FILE} $SERVER "-l -k -p1705 --exec \"/usr/bin/echo $(printf 'HANDLE = %s|UUID = %s' $HANDLE $UUID)\"" &
{% endif %}

0
roles/openvpn/templates/iiab-remote-off Normal file → Executable file
View file

133
roles/openvpn/templates/iiab-support Executable file
View file

@ -0,0 +1,133 @@
#!/bin/bash
PLAYBOOK="install-support.yml"
INVENTORY="ansible_hosts"
# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml
# https://github.com/iiab/iiab-factory/blob/master/iiab#L79-L97
# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L13
# https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52
# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34
# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN
# openvpn_handle WAS stored in 2 files on disk, one slightly stripped down (from
# the other) due to Ansible. Still, we emulate Ansible behavior when reading var
# (and later writing to disk) removing outer cruft as explained on Lines 31-38:
handle1=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
echo -e "\n/etc/iiab/local_vars.yml shows openvpn_handle: $handle1\n"
if [ -f /etc/iiab/openvpn_handle ]; then
echo -e " \e[41mFYI /etc/iiab/openvpn_handle is no longer supported.\e[0m\n"
echo -e " \e[41m/etc/iiab/local_vars.yml is now used instead (SSOT).\e[0m\n"
fi
echo -e "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n"
echo -e " cape-town-school-36-rpi-2019-05-31\n"
echo -en "Or hit [Enter] to keep the existing name:\e[0m "
read ans < /dev/tty
# BEHAVIOR LIKE ANSIBLE'S parsing of vars from .yml:
# (0) No need to remove comment as above (user prompt here)
# (1) Remove outer spacing IF NEC, then...
# (2) Remove 1 pair of matching outer quotes (IF NEC)
# (3) Ansible vars can have non-string value null.
# Here in bash, we force those to "" (empty string).
ans=$(echo $ans | sed "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
if [ "$ans" = "" ]; then
handle2=$handle1 # Beware old handle could also be "" (handled below!)
else
handle2=$ans; # Also for display at bottom
fi
echo "ans: '$ans'"
echo "handle1: '$handle1'"
echo "handle2: '$handle2'"
#echo "uuid: '$uuid'"
if [ "$handle1" = "$handle2" ] && [ "$handle2" != "" ]; then # [ "$ans" ] ALSO WORKS
echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in /etc/iiab/local_vars.yml\e[0m\n"
else
if grep -q '^openvpn_handle:\s' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_handle:\s.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml
else
echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml
fi
echo -e "\n\e[1mSAVED your openvpn_handle to /etc/iiab/local_vars.yml\e[0m\n"
fi
if grep -q '^openvpn_installed:\s\+[tT]rue\b' /etc/iiab/iiab_state.yml; then
echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
else
echo -e "Plz wait a few minutes as sshd & OpenVPN are confirmed/installed...\n"
if grep -q '^openvpn_install:\s' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_install:\s.*/openvpn_install: True/" /etc/iiab/local_vars.yml
else
echo "openvpn_install: True" >> /etc/iiab/local_vars.yml
fi
if [ -d /opt/iiab/iiab ]; then
cd /opt/iiab/iiab
export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log"
ansible -m setup -i $INVENTORY localhost --connection=local | grep python
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local
# Above is tighter/better than running all of "./runrole 1-prep"
echo
else
echo -e " \e[41m Directory /opt/iiab/iiab does not exist: CANNOT INSTALL OPENVPN! \e[0m\n"
exit 1
fi
fi
echo -e "Now let's (re)enable OpenVPN...\n"
if grep -q '^openvpn_enabled:\s' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_enabled:\s.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml
else
echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml
fi
systemctl enable openvpn
echo -e "\nNow let's restart OpenVPN..."
#systemctl start openvpn
systemctl restart openvpn
echo -en "\n "
for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -en " OpenVPN TIPS "
for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -e "\n\n 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'"
echo -e " 2. Check your OpenVPN connection: run 'ping 10.8.0.1'"
echo -e " 3. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x"
echo -e " 4. If necessary, run 'systemctl restart openvpn' which should"
echo -e " run 'systemctl restart openvpn@xscenet' for you."
echo -e " 5. SOMETIMES WAITING A MINUTE HELPS -- retry steps 2 and 3 to monitor."
echo -e " 6. If in future you want to disable OpenVPN connections to-and-from your"
echo -e " Internet-in-a-Box (IIAB) please run 'iiab-support-off' at that time."
echo -e " 7. Read 'How can I remotely manage my Internet-in-a-Box?' at"
echo -e " http://FAQ.IIAB.IO to learn about DIY remote support alternatives"
echo -e " like ngrok, serveo, remot3.it and TeamViewer.\n"
echo -en " "
for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -en " OpenVPN TIPS "
for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs that (or more!)"
sleep 15
echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m"
echo -en $handle2
echo -en "\e[0m"
vpnip=$(ip a | grep tun0$ | awk '{print $2}')
if [ "$vpnip" != "" ]; then
echo -e "\nYour OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n"
else
echo -e "\n \e[41m ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS \e[0m\n"
exit 1
fi

0
iiab-support → roles/openvpn/templates/iiab-support.older
View file

0
roles/openvpn/templates/openvpn_handle.j2 → roles/openvpn/templates/openvpn_handle.j2.unused
View file

12
scripts/iiab-diagnostics
View file

@ -19,7 +19,7 @@ echo -e " sudo iiab-diagnostics PATH/FILE1 PATH/FILE2 ... # COMPLETE RESU
echo echo
echo -ne "Can you provide a \e[1mshort public nickname:\e[0m (no spaces!) " echo -ne "Can you provide a \e[1mshort public nickname:\e[0m (no spaces!) "
read nickname < /dev/tty read nickname < /dev/tty
if [ -z "$nickname" ]; then if [ "$nickname" = "" ]; then
nickname="NONAME" nickname="NONAME"
fi fi
@ -87,9 +87,13 @@ function cat_cmd() { # $1 = command + params, $2 = explan
echo "=IIAB==========================================================================" >> $outfile echo "=IIAB==========================================================================" >> $outfile
cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right
pth=$(which $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command on right pth=$(which $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command on right
echo "COMMAND: $pth$1 # $2" >> $outfile if [ "$2" = "" ]; then
echo "COMMAND: $pth$1" >> $outfile
else
echo "COMMAND: $pth$1 # $2" >> $outfile
fi
echo >> $outfile echo >> $outfile
if [ -z "$pth" ]; then if [ "$pth" = "" ]; then
echo "COMMAND NOT FOUND: $1" >> $outfile echo "COMMAND NOT FOUND: $1" >> $outfile
else else
$(echo "eval $1") >> $outfile # eval is nec within backticks, so | (pipes) work: https://stackoverflow.com/a/7184782 $(echo "eval $1") >> $outfile # eval is nec within backticks, so | (pipes) work: https://stackoverflow.com/a/7184782
@ -151,7 +155,7 @@ echo -e "\n\n\n\n2. REGULAR FILES\n" >> $outfile
#cat_file /opt/iiab/iiab # Directory test #cat_file /opt/iiab/iiab # Directory test
#cat_file /tmp/empty-file # Empty file test #cat_file /tmp/empty-file # Empty file test
#cat_file /usr/bin/iiab-support-on # Symlink test #cat_file /usr/bin/iiab-support-on # Symlink test
cat_file /etc/iiab/openvpn_handle cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml'
cat_file /.iiab-image cat_file /.iiab-image
cat_file /etc/iiab/iiab.env cat_file /etc/iiab/iiab.env
cat_file /etc/iiab/iiab.ini cat_file /etc/iiab/iiab.ini

23
test.yml
View file

@ -21,6 +21,7 @@
- debug: - debug:
msg: "{{ 'changeme' | password_hash('sha512') }}" msg: "{{ 'changeme' | password_hash('sha512') }}"
# msg: "{{ 'changeme' | password_hash('yescrypt') }}" # crypt.crypt STILL doesn't support 'yescrypt' algorithm ?
#- pause: #- pause:
@ -32,4 +33,26 @@
debug: debug:
msg: "'\"'" # FAILS: "'""'" msg: "'\"'" # FAILS: "'""'"
- name: a shows "VARIABLE IS NOT DEFINED!" -- whereas b (w/o whitespace) AND c (with space) AND d (with tab) show null (without quotes!) -- whereas d (singlequotes) and e (doublequotes) show "" empty string
set_fact:
#a:
b:
c: # Space
d: # Tab
e: ''
f: ""
- debug:
var: a
- debug:
var: b
- debug:
var: c
- debug:
var: d
- debug:
var: e
- debug:
var: f
# TEST ANSIBLE COMMANDS/MODULES HERE! # TEST ANSIBLE COMMANDS/MODULES HERE!

2
vars/local_vars_big.yml
View file

@ -111,7 +111,7 @@ sshd_enabled: True
# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True openvpn_install: True
openvpn_enabled: False openvpn_enabled: False
# Set /etc/iiab/openvpn_handle in advance here: # 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle
openvpn_handle: BIG-sized - Put Your Name Here openvpn_handle: BIG-sized - Put Your Name Here
# IIAB-ADMIN runs here - see its vars near top of this file: # IIAB-ADMIN runs here - see its vars near top of this file:

2
vars/local_vars_medium.yml
View file

@ -111,7 +111,7 @@ sshd_enabled: True
# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True openvpn_install: True
openvpn_enabled: False openvpn_enabled: False
# Set /etc/iiab/openvpn_handle in advance here: # 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle
openvpn_handle: MEDIUM-sized - Put Your Name Here openvpn_handle: MEDIUM-sized - Put Your Name Here
# IIAB-ADMIN runs here - see its vars near top of this file: # IIAB-ADMIN runs here - see its vars near top of this file:

2
vars/local_vars_min.yml
View file

@ -111,7 +111,7 @@ sshd_enabled: True
# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True openvpn_install: True
openvpn_enabled: False openvpn_enabled: False
# Set /etc/iiab/openvpn_handle in advance here: # 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle
openvpn_handle: MIN-sized - Put Your Name Here openvpn_handle: MIN-sized - Put Your Name Here
# IIAB-ADMIN runs here - see its vars near top of this file: # IIAB-ADMIN runs here - see its vars near top of this file:

2
vars/local_vars_unittest.yml
View file

@ -111,7 +111,7 @@ sshd_enabled: True
# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True openvpn_install: True
openvpn_enabled: True openvpn_enabled: True
# Set /etc/iiab/openvpn_handle in advance here: # 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle
openvpn_handle: unittest - Put Your Name Here openvpn_handle: unittest - Put Your Name Here
# IIAB-ADMIN runs here - see its vars near top of this file: # IIAB-ADMIN runs here - see its vars near top of this file: