Toughen up /usr/bin/iiab-support & similar local_vars.yml extractors

2025-02-15 04:32:11 +00:00 · 2021-08-19 15:27:05 -04:00 · 2021-08-19 15:27:05 -04:00 · 4168ecfa37
commit 4168ecfa37
parent c8a8dd85bc
3 changed files with 73 additions and 29 deletions
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@ -46,8 +46,8 @@ IPTABLES_DATA=/etc/sysconfig/iptables
 # So: sed is used instead, to emulate Ansible's parsing of vars from .yml

 iiab_var_value() {
-    v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | head -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
-    v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
+    v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
+    v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
    [ "$v2" != "" ] && echo $v2 || echo $v1    # [ "$v2" ] ALSO WORKS
 }

--- a/roles/openvpn/templates/announcer
+++ b/roles/openvpn/templates/announcer
@ -4,9 +4,9 @@
 # local_vars.yml code from /usr/bin/iiab-support and /usr/bin/iiab-gen-iptables

 # Empty string, worst case, e.g. whether var is set to "" (or not set at all!)
-HANDLE=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
+HANDLE=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | tail -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")

-# Change all spaces to underscores
+# Change all spaces to underscores - same as "s/ /_/g"
 HANDLE=${HANDLE// /_}

 # Likewise empty string is the worst case, e.g. if file doesn't exist.
--- a/roles/openvpn/templates/iiab-support
+++ b/roles/openvpn/templates/iiab-support
@ -2,6 +2,7 @@

 PLAYBOOK="install-support.yml"
 INVENTORY="ansible_hosts"
+DEBUG=false    # Using /usr/bin/true or /usr/bin/false

 # 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml
 # https://github.com/iiab/iiab-factory/blob/master/iiab#L79-L97
@ -10,38 +11,55 @@ INVENTORY="ansible_hosts"
 # https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34
 # https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN

-# openvpn_handle WAS stored in 2 files on disk, one slightly stripped down (from
-# the other) due to Ansible. Still, we emulate Ansible behavior when reading var
-# (and later writing to disk) removing outer cruft as explained on Lines 31-40:
+# PARSE local_vars.yml JUST AS Ansible & /etc/openvpn/scripts/announcer DO:
+# (1) In case var's defined multiple times, 'tail 1' takes the last assignment.
+# (2) sed: Strip 'varname:\s' on left.
+# (3) sed: Strip '# comment' on right.  Optional on live/keyboard input.
+# (4) sed: Strip any outer spacing, as Ansible would do. Optional on live input.
+# (5) sed: Strip up-to-1 pair of matching outer quotes, as Ansible would do.
+# (6) Convert remaining spaces to underscores, as 'announcer' would do.
+
+# NOTE Ansible vars can have non-string value null.  This is different from
+# undefined -- from Ansible's perspective -- SEE /opt/iiab/iiab/test.yml
+# BUT HERE IN BASH, we focus only on string values e.g. "" empty string if nec:
+# (a) WITH INPUT, we choose to ignore lines like "^var:$" that lack whitespace.
+#     Ansible would have assigned the null value.  We do not.
+# (b) INPUT LINES "^var:\s\+$" (trailing whitespace) we force to empty string.
+#     Ansible would have assigned the null value.  We do not.
+# (c) WITH *OUTPUT* we aggressively overwrite null var lines, including both
+#     "^var:$" (no trailing whitespace) and "^var:\s\+$" (trailing whitespace).
+
+echo

-handle=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
-echo -e "\n/etc/iiab/local_vars.yml shows openvpn_handle: $handle\n"
 if [ -f /etc/iiab/openvpn_handle ]; then
    echo -e "             \e[41mFYI /etc/iiab/openvpn_handle is no longer supported.\e[0m\n"
    echo -e "             \e[41m/etc/iiab/local_vars.yml is now used instead (SSOT).\e[0m\n"
 fi

+# (1), (2), (3) and (4) for now -- then (5) and (6) further below
+handle=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | tail -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//")
+
+if $($DEBUG); then
+    echo -e "/etc/iiab/local_vars.yml shows:\n"
+    grep "^openvpn_" /etc/iiab/local_vars.yml
+    echo
+    echo "Your OpenVPN machine name -- source: $handle"
+fi
+
+echo -ne "\e[1mYour OpenVPN machine name is set to: \e[100m"
+echo -n "$handle" | sed "s/^\(['\"]\)\(.*\)\1$/\2/; s/ /_/g"    # Avoid '-e' interpreting backlash escapes, to show var accurately!  Double quote var to prevent field splitting (eats spaces)
+echo -e "\e[0m\n"    # Separate line also for trailing backslash in var
+
 echo -e "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n"

 echo -e "                     cape-town-school-36-rpi-2019-05-31\n"

 echo -en "Or hit [Enter] to keep the existing name:\e[0m "
-read ans < /dev/tty
+read ans < /dev/tty    # Strips outer whitespace, whether we like it or not!

-# BEHAVIOR LIKE ANSIBLE'S parsing of vars from .yml:
-# (0) No need to remove hash/comments b/c it's live input here, unlike above.
-# (1) sed: Trim outer spacing IF NEC, then...
-# (2) sed: Trim 1 pair of matching outer quotes (IF NEC)
-# (3) Ansible vars can have non-string value null.  SEE /opt/iiab/iiab/test.yml
-#     Here in bash, we focus only on string values e.g. "" empty string if nec.
-# (4) When writing to disk, we aggressively overwrite such null var lines, e.g.
-#     including sloppy unassigned var lines like "^var:$" that lack whitespace.
-
-ans=$(echo $ans | sed "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
-
-if [ "$ans" = "" ]; then    # (A) Simple!  Writes to local_vars.yml a bit more than nec.
-# if [ "$ans" = "" ] || [ "$ans" = "$handle" ]; then    # (B) Only write to disk when nec?
-# if ( [ "$ans" = "" ] || [ "$ans" = "$handle" ] ) && [ "$handle" != "" ]; then    # (C) Overkill
+if [ "$ans" = "" ]; then    # (A) Simple!  Writes to local_vars.yml a bit more often than nec.
+# if [ "$ans" = "" ] || [ "$ans" = "$handle" ]; then    # (B) Only write when nec?  Also works.
+# if ( [ "$ans" = "" ] || [ "$ans" = "$handle" ] ) && [ "$handle" != "" ]; then    # (C) Overkill.
    echo -e "\n        \e[100mopenvpn_handle REMAINS UNCHANGED IN /etc/iiab/local_vars.yml\e[0m\n"
 else
    if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then
@ -51,9 +69,33 @@ else
    fi

    echo -e "\n                     \e[7mSAVED TO: /etc/iiab/local_vars.yml\e[0m\n"
+
+    if $($DEBUG); then
+	echo -e "/etc/iiab/local_vars.yml shows:\n"
+	grep "^openvpn_" /etc/iiab/local_vars.yml
+	echo
+    fi
+
+    # NEXT 4 LINES AREN'T ESSENTIAL: but they allow user to type in a '# comment' for the right side of /etc/iiab/local_vars.yml
+
+    # (3) sed: Strip '# comment' on right.
+    ans=$(echo "$ans" | sed "s/#.*//")    # Double quote var to prevent field splitting (eats spaces)
+    # (4) sed: Strip any outer spacing, as Ansible would do.
+    ans=$(echo "$ans" | sed "s/^\s*//; s/\s*$//")
+
    handle=$ans;    # For display at bottom
 fi

+if $($DEBUG); then
+    echo '$handle after (1)-(4), prior to (5)-(6):' "$handle"
+    echo
+fi
+
+# (5) sed: Strip up-to-1 pair of matching outer quotes, as Ansible would do.
+handle=$(echo "$handle" | sed "s/^\(['\"]\)\(.*\)\1$/\2/")
+# (6) Convert remaining spaces to underscores, as 'announcer' would do - same as "s/ /_/g"
+handle=${handle// /_}
+
 if grep -q '^openvpn_installed:\s\+[tT]rue\b' /etc/iiab/iiab_state.yml; then
    echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
 else
@ -114,14 +156,16 @@ for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
 echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs that (or more!)"
 sleep 15

-echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m"
-echo -en $handle
-echo -en "\e[0m"
+# echo -ne "\nYour OpenVPN machine name, per openpvn_handle: \e[32m"
+# echo -ne "\nYour OpenVPN machine name is set to..........: \e[32m"
+echo -ne "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m"    # Actually step (6) above took it just beyond Ansible's (1)-(5) interpretation of openvpn_handle -- i.e. this line just provides a hint to users -- as to how /etc/openvpn/scripts/announcer converts their spaces to underscores when starting OpenVPN.
+echo -n "$handle"    # Avoid '-e' interpreting backlash escapes, to show var accurately!  Double quote var to prevent field splitting (eats spaces)
+echo -e "\e[0m"

 vpnip=$(ip a | grep tun0$ | awk '{print $2}')
 if [ "$vpnip" != "" ]; then
-    echo -e "\nYour OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n"
+    echo -e "Your OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n"
 else
-    echo -e "\n\n \e[41m       ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS        \e[0m\n"
+    echo -e "\n \e[41m       ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS        \e[0m\n"
    exit 1
 fi