diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md
index f6e657d03..a83c162e8 100644
--- a/roles/remoteit/README.md
+++ b/roles/remoteit/README.md
@@ -8,21 +8,36 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag
## Getting Started
-### Create a remote.it account + consider its desktop application
+### Create a remote.it account + install its desktop application
1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account.
-2. Download the [remote.it desktop application](https://remote.it/download/) e.g. for Windows, macOS or Linux to your own laptop/computer — if you prefer this over the https://remote.it Web Portal and its [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages).
+2. Download and install the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional.
COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage
-### Install remote.it onto an IIAB + register it + authorize services/ports
+
+### Generate a remote.it claim code for your IIAB + register it + authorize services/ports
-1. Set `remoteit_install` and `remoteit_enabled` to `True` in your IIAB's [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F)
+Prerequisite: Find an IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml`
- (If possible, do that prior to [installing IIAB](https://download.iiab.io/), then install IIAB using `sudo iiab`, and when that's complete go directly to Step 3. below.)
+1. Run `sudo iiab-remoteit`
-2. Make sure your IIAB is connected to the Internet.
+ Hit `[Enter]` twice if you want to quickly generate a new claim code for your IIAB.
+
+ The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install).
+
+
+
+
- (While rarely needed, both above also install the _optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli), which offers [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.)
+
-
-3. To obtain your IIAB's 8-character remote.it claim code (allowing you to make a remote connection to this IIAB device) run:
+4. To obtain your IIAB's 8-character remote.it claim code (allowing you to make a remote connection to this IIAB device) run:
```
sudo grep claim /etc/remoteit/config.json
@@ -50,7 +64,8 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag
*The claim code must be used within 24 hours, per:* https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install
- _If your claim code has expired, please reinstall the latest remote.it (in Step 2. above!)_
+ _If your claim code has expired, please run_ `sudo iiab-remoteit` _just as in Step 2._
+-->
-4. Submit the claim code at https://remote.it (log into the Web Portal), or within the remote.it desktop application if you installed that on your own laptop/computer.
+2. Submit the claim code within the remote.it [desktop application](https://remote.it/download/) on your own laptop/computer. Or if you prefer, do that by logging into their Web Portal at: https://remote.it
- Either way, click on the '+' icon to enter the remote.it claim code (to register the IIAB device to your account) as shown in this screenshot: https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device
+ Either way, click on the '+' icon to enter the remote.it claim code (to register the IIAB device to your remote.it account) as shown in this [screenshot](https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device).
-5. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these screenshots: https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device
+3. Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device, as shown in these [screenshots](https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device).
- SUMMARY: One or more remote.it "Services" need to be authorized (registered) to allow remote access to your IIAB device: https://support.remote.it/hc/en-us/articles/360060992631-Services
+ SUMMARY: One or more [remote.it "Services"](https://support.remote.it/hc/en-us/articles/360060992631-Services) needs to be authorized (registered) to allow remote access to your IIAB device.
- EXAMPLES: SSH (port 22) and/or HTTP (port 80): https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop
+ EXAMPLES: Add an SSH Service on port 22 and/or add an http Service on port 80 ([screenshot guide](https://support.remote.it/hc/en-us/articles/360058603991-Configuring-remoteit-Services-on-devices-with-remote-it-Desktop)).
+
+### How to I disable remote.it on my IIAB?
+
+1. Run `sudo iiab-remoteit-off`
+
+2. If want to completely remove all remote.it software and its settings, also run:
+
+ ```
+ sudo apt purge "remoteit*"
+ sudo rm /usr/bin/remoteit
+ ```
## Docs
@@ -89,5 +115,5 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag
## Known Issues
-- 2021-10-27: This needs to be enhanced rather urgently, so remote.it also works when IIAB is installed on Raspberry Pi OS 11 (Bullseye), Ubuntu, Mint and Debian: [#3006](https://github.com/iiab/iiab/issues/3006)
-- 2021-10-29: The above OS issues should be resolved by [PR #3007](https://github.com/iiab/iiab/pull/3007), [PR #3009](https://github.com/iiab/iiab/pull/3009) and [PR #3010](https://github.com/iiab/iiab/pull/3010) — but this needs final testing! (Initial testing occurred on [1] 32-bit Raspberry Pi OS Lite on Raspberry Pi 4 and [2] Ubuntu Server 20.04 on x86_64 VM.)
+- 2021-10-27: This needs to be enhanced rather urgently, so remote.it also works when IIAB is installed on Raspberry Pi OS 11 (Bullseye), Ubuntu, Mint and Debian: [#3006](https://github.com/iiab/iiab/issues/3006)
+- 2021-10-29: The above OS issues should be resolved by [PR #3007](https://github.com/iiab/iiab/pull/3007), [PR #3009](https://github.com/iiab/iiab/pull/3009) and [PR #3010](https://github.com/iiab/iiab/pull/3010) — but this needs final testing! (Initial testing occurred on [1] 32-bit Raspberry Pi OS Lite on Raspberry Pi 4 and [2] Ubuntu Server 20.04 on x86_64 VM.)
diff --git a/roles/remoteit/defaults/main.yml b/roles/remoteit/defaults/main.yml
index d57b64887..e4ea3fc46 100644
--- a/roles/remoteit/defaults/main.yml
+++ b/roles/remoteit/defaults/main.yml
@@ -7,29 +7,29 @@
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
-# 2022-03-31: https://remote.it/download/ offers 4 relevant "Device Packages"
-# 1) Raspberry Pi (ARM) = armhf.rpi
-# 2) Raspberry Pi (ARM64) = arm64.rpi
-# 3) Debian Linux (ARM64) = arm64
-# 4) Debian Linux (x86_64) = amd64
+# # 2022-03-31: https://remote.it/download/ offers 4 relevant "Device Packages"
+# # 1) Raspberry Pi (ARM) = armhf.rpi
+# # 2) Raspberry Pi (ARM64) = arm64.rpi
+# # 3) Debian Linux (ARM64) = arm64
+# # 4) Debian Linux (x86_64) = amd64
-# See https://docs.remote.it/software/device-package/installation to refine URL below:
-device_suffixes:
- armv6: armhf.rpi
- armv6l: armhf.rpi
- armv7: armhf.rpi
- armv7l: armhf.rpi
- armv8: arm64.rpi
- aarch64: arm64
- x86_64: amd64
-remoteit_device_suffix: "{{ device_suffixes[ansible_architecture] | default('unknown') }}"
-remoteit_device_url: https://downloads.remote.it/remoteit/latest/remoteit.{{ remoteit_device_suffix }}.deb
+# # See https://docs.remote.it/software/device-package/installation to refine URL below:
+# device_suffixes:
+# armv6: armhf.rpi
+# armv6l: armhf.rpi
+# armv7: armhf.rpi
+# armv7l: armhf.rpi
+# armv8: arm64.rpi
+# aarch64: arm64
+# x86_64: amd64
+# remoteit_device_suffix: "{{ device_suffixes[ansible_architecture] | default('unknown') }}"
+# remoteit_device_url: https://downloads.remote.it/remoteit/latest/remoteit.{{ remoteit_device_suffix }}.deb
-# 2022-03-31: Use "latest" above, instead of ever-changing version below
-# remoteit_version: 4.14.1
-# remoteit_deb: remoteit-{{ remoteit_version }}.{{ remoteit_device_suffix }}.deb
-# remoteit_device_url: https://downloads.remote.it/remoteit/v{{ remoteit_version }}/{{ remoteit_deb }}
-# # Example... https://downloads.remote.it/remoteit/v4.14.1/remoteit-4.14.1.armhf.rpi.deb
+# # 2022-03-31: Use "latest" above, instead of ever-changing version below
+# # remoteit_version: 4.14.1
+# # remoteit_deb: remoteit-{{ remoteit_version }}.{{ remoteit_device_suffix }}.deb
+# # remoteit_device_url: https://downloads.remote.it/remoteit/v{{ remoteit_version }}/{{ remoteit_deb }}
+# # # Example... https://downloads.remote.it/remoteit/v4.14.1/remoteit-4.14.1.armhf.rpi.deb
# 2022-03-31: https://remote.it/download/ offers 4 relevant "CLI" installs:
diff --git a/roles/remoteit/tasks/enable-or-disable.yml b/roles/remoteit/tasks/enable-or-disable.yml
index 2e1ddb36f..b8c719ac7 100644
--- a/roles/remoteit/tasks/enable-or-disable.yml
+++ b/roles/remoteit/tasks/enable-or-disable.yml
@@ -1,25 +1,35 @@
-- name: Enable & (Re)Start remote.it's connectd daemon which calls home
+- name: Enable & Restart remote.it "parent" service connectd, which exits after spawning 2 "child" services/daemons below
systemd:
name: connectd
daemon_reload: yes
enabled: yes
- state: restarted
+ state: restarted
+ when: remoteit_enabled
+
+- name: Enable remote.it daemon schannel ("Remote tcp command service") -- try to avoid contention with connectd which auto-spawns it as nec (just above)
+ systemd:
+ name: schannel
+ enabled: yes
+ state: started
when: remoteit_enabled
-- name: Disable & Stop remote.it's connectd daemon
+- name: Disable & Stop remote.it services {connectd, schannel}
systemd:
- name: connectd
+ name: "{{ item }}"
enabled: no
state: stopped
+ with_items:
+ - connectd
+ - schannel
when: not remoteit_enabled
-- name: Identify remoteit service (connector) unit file name, including uuid
- shell: ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit # e.g. remoteit@80:00:01:7F:7E:00:56:36.service
+- name: Identify remoteit "Remote tcp connection service" unit file name, including uuid, e.g. remoteit@80:00:01:7F:7E:00:56:36.service
+ shell: ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit
register: remoteit_service
ignore_errors: yes
-- name: "Disable & Stop remoteit service: {{ remoteit_service.stdout }}"
+- name: "Disable & Stop the actual service: {{ remoteit_service.stdout }}"
systemd:
name: "{{ remoteit_service.stdout }}"
enabled: no
diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml
index 7e1190a18..0747b558e 100644
--- a/roles/remoteit/tasks/install.yml
+++ b/roles/remoteit/tasks/install.yml
@@ -1,7 +1,7 @@
-- name: Fail if architecture remoteit_device_suffix == "unknown"
- fail:
- msg: "Could not find a remote.it Device Package (.deb) for CPU architecture \"{{ ansible_architecture }}\""
- when: remoteit_device_suffix == "unknown"
+# - name: Fail if architecture remoteit_device_suffix == "unknown"
+# fail:
+# msg: "Could not find a remote.it Device Package (.deb) for CPU architecture \"{{ ansible_architecture }}\""
+# when: remoteit_device_suffix == "unknown"
# - name: mkdir {{ downloads_dir }} # As roles/2-common/tasks/fl.yml has not run yet
# file:
@@ -15,19 +15,38 @@
# force: yes
# timeout: "{{ download_timeout }}"
-- name: Uninstall previously installed 'remoteit*' Device Package(s)
+# 2022-04-03: Unfort still necessary, as their install_agent.sh below uses apt
+# with 'install -y' instead of '-y reinstall' or '-y --reinstall install'
+- name: Purge previously installed 'remoteit*' Device Package(s)
apt:
name: remoteit*
state: absent
+ purge: yes
ignore_errors: yes
# - name: "Install Device Package: {{ downloads_dir }}/{{ remoteit_deb }}"
# apt:
# deb: "{{ downloads_dir }}/{{ remoteit_deb }}"
-- name: "Install Device Package: {{ remoteit_device_url }}"
- apt:
- deb: "{{ remoteit_device_url }}"
+# - name: "Install Device Package: {{ remoteit_device_url }}"
+# apt:
+# deb: "{{ remoteit_device_url }}"
+
+- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh
+ shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh
+
+
+- name: "Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above)"
+ template:
+ src: iiab-remoteit
+ dest: /usr/bin
+ mode: 0755
+
+- name: "Install /usr/bin/iiab-remoteit-off from template -- so IIAB operators can quickly turn off AND disable remote.it services on this IIAB"
+ template:
+ src: iiab-remoteit-off
+ dest: /usr/bin
+ mode: 0755
- name: Fail if architecture remoteit_cli_suffix == "unknown"
diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit
new file mode 100755
index 000000000..1a23d4e46
--- /dev/null
+++ b/roles/remoteit/templates/iiab-remoteit
@@ -0,0 +1,68 @@
+#!/bin/bash -e
+
+# Run 'sudo iiab-remoteit' to enable remote.it AND get a new claim code. Also
+# lets you download + install the latest Device Package to IIAB. GENERAL TIPS:
+# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
+
+# 'remoteit' Device Package AND /usr/bin/remoteit CLI already installed by:
+# https://github.com/iiab/iiab/blob/master/roles/remoteit/tasks/install.yml
+
+# 2022-04-03: SEE ALSO roles/remoteit/templates/iiab-remote.old
+
+echo -e "\nhttps://remote.it can help you remotely manage this IIAB. Summary:\n"
+
+echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n"
+
+echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m "
+read ans < /dev/tty # Strips outer whitespace, whether we like it or not!
+echo
+[[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1
+
+echo -e "\nThis IIAB must be online to begin!\n"
+
+echo -en "\e[1mOptionally download + install latest remote.it Device Package? [y/N]\e[0m "
+read ans < /dev/tty # Strips outer whitespace, whether we like it or not!
+echo
+
+if [[ $ans = "y" ]] || [[ $ans = "Y" ]]; then
+ # 2022-04-02: Full Path Avoids problematic /usr/local/bin/apt on Linux Mint
+ /usr/bin/apt -y purge "remoteit*" || true
+
+ # Why the brutal purge? Even 'apt -y reinstall remoteit.*.deb' is stronger
+ # than 'install -y' in install_agent.sh, but still sometimes insufficient!
+
+ # apt install & enable "latest" remote.it Device Package for your CPU/OS
+ curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh
+else
+ # '|| true' overrides 'bash -e' so script continues if config.json missing
+ mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) || true
+
+ echo -e "In just a few seconds, all 3 services should be enabled/started.\n"
+
+ systemctl restart connectd # Claim Code logic + kickstarts 2 svcs below
+ systemctl enable connectd # 2 enable lines, like enable-or-disable.yml
+
+ # schannel = "Remote tcp command service" started by connectd above if nec
+ systemctl enable schannel # 2 enable lines, like enable-or-disable.yml
+
+ # "Remote tcp connection service" appears a few seconds after connectd is
+ # started above. Auto-enabled when spawned by connectd, SO NOT NEC HERE:
+ # systemctl enable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@)
+ # Its systemd service name (e.g. remoteit@80:00:01:7F:7E:00:56:36.service)
+ # changes when a new claim code is generated!
+fi
+
+if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then
+ sed -i "s/^remoteit_enabled:.*/remoteit_enabled: True/" /etc/iiab/local_vars.yml
+else
+ echo "remoteit_enabled: True" >> /etc/iiab/local_vars.yml
+fi
+
+claim_code=$(grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev)
+echo -e "\nYour new claim code is \e[44;1m${claim_code}\e[0m -- YOUR NEXT STEPS ARE...\n"
+
+echo -e "\e[1m1) Install the remote.it Desktop Application on your own laptop/computer:\e[0m"
+echo -e " https://remote.it/download/\n"
+
+echo -e "\e[1m2) Use the above 8-character claim code WITHIN 24H as shown here:\e[0m"
+echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\n"
diff --git a/roles/remoteit/templates/iiab-remoteit-off b/roles/remoteit/templates/iiab-remoteit-off
new file mode 100755
index 000000000..44834300a
--- /dev/null
+++ b/roles/remoteit/templates/iiab-remoteit-off
@@ -0,0 +1,32 @@
+#!/bin/bash -xe
+
+# Run 'sudo iiab-remoteit-off' to disable remote.it on this IIAB. GENERAL TIPS:
+# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
+
+# GUIDE: https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md
+
+# FYI 'remoteit' Device Package AND /usr/bin/remoteit CLI are installed by:
+# https://github.com/iiab/iiab/blob/master/roles/remoteit/tasks/install.yml
+
+if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then
+ sed -i "s/^remoteit_enabled:.*/remoteit_enabled: False/" /etc/iiab/local_vars.yml
+else
+ echo "remoteit_enabled: False" >> /etc/iiab/local_vars.yml
+fi
+
+# 3 sections below should be equivalent to -- and much faster than:
+# https://github.com/iiab/iiab/tree/master/roles/remoteit/tasks/enable-or-disable.yml
+
+# remote.it "parent" service
+systemctl stop connectd
+systemctl disable connectd
+
+# "Remote tcp command service"
+systemctl stop schannel
+systemctl disable schannel
+
+# "Remote tcp connection service"
+systemctl stop $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@) || true
+systemctl disable $(ls /etc/systemd/system/multi-user.target.wants/ | grep remoteit@) || true
+# Its systemd service name (e.g. remoteit@80:00:01:7F:7E:00:56:36.service)
+# changes when a new claim code is generated!
diff --git a/roles/remoteit/templates/iiab-remoteit.old b/roles/remoteit/templates/iiab-remoteit.old
new file mode 100755
index 000000000..79163e81a
--- /dev/null
+++ b/roles/remoteit/templates/iiab-remoteit.old
@@ -0,0 +1,51 @@
+#!/bin/bash -e
+
+# Run 'sudo iiab-remoteit' to (re)install & enable remote.it -- GENERAL TIPS:
+# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
+
+# /usr/bin/remoteit CLI is already be installed by:
+# https://github.com/iiab/iiab/blob/master/roles/remoteit/tasks/install.yml
+
+echo -e "\nhttps://remote.it can help you remotely manage this IIAB:"
+echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n"
+
+echo -en "\e[1mInstall remote.it Device Package after purging all prior versions? [Y/n]\e[0m "
+read ans < /dev/tty # Strips outer whitespace, whether we like it or not!
+echo
+[ "$ans" = "n" ] || [ "$ans" = "N" ] && exit 1
+
+if grep -q '^remoteit_install:' /etc/iiab/local_vars.yml; then
+ sed -i "s/^remoteit_install:.*/remoteit_install: True/" /etc/iiab/local_vars.yml
+else
+ echo "remoteit_install: True" >> /etc/iiab/local_vars.yml
+fi
+
+if grep -q '^remoteit_enabled:' /etc/iiab/local_vars.yml; then
+ sed -i "s/^remoteit_enabled:.*/remoteit_enabled: True/" /etc/iiab/local_vars.yml
+else
+ echo "remoteit_enabled: True" >> /etc/iiab/local_vars.yml
+fi
+
+# 2022-04-02: Full Path Avoids problematic /usr/local/bin/apt on Linux Mint
+/usr/bin/apt -y purge remoteit*
+
+# Why the brutal purge? Even 'apt -y reinstall remoteit.*.deb' is much stronger
+# than 'install -y' in install_agent.sh below, but still insufficient. Maybe in
+# future years their /usr/bin/remoteit CLI might seed a new claim code when nec?
+
+# apt install & enable "latest" remote.it Device Package for your CPU/OS
+curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh
+
+if grep -q '^remoteit_installed:' /etc/iiab/iiab_state.yml; then
+ sed -i "s/^remoteit_installed:.*/remoteit_installed: True/" /etc/iiab/iiab_state.yml
+else
+ echo "remoteit_installed: True" >> /etc/iiab/iiab_state.yml
+fi
+
+echo -e "\e[44;1mNEXT STEPS...\e[0m\n"
+
+echo -e "\e[1m1) Install the remote.it Desktop Application on your own laptop/computer:"
+echo -e " https://remote.it/download/\n"
+
+echo -e "2) Use the above 8-character claim code within 24h as shown here:"
+echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\e[0m\n"