Tighter OpenVPN: iiab-support + iiab-diagnostics

roles/openvpn/templates/iiab-support

@@ -12,10 +12,10 @@ INVENTORY="ansible_hosts"
 
 # openvpn_handle WAS stored in 2 files on disk, one slightly stripped down (from
 # the other) due to Ansible. Still, we emulate Ansible behavior when reading var
-# (and later writing to disk) removing outer cruft as explained on Lines 31-38:
+# (and later writing to disk) removing outer cruft as explained on Lines 31-40:
 
-handle1=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
-echo -e "\n/etc/iiab/local_vars.yml shows openvpn_handle: $handle1\n"
+handle=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
+echo -e "\n/etc/iiab/local_vars.yml shows openvpn_handle: $handle\n"
 if [ -f /etc/iiab/openvpn_handle ]; then
     echo -e "             \e[41mFYI /etc/iiab/openvpn_handle is no longer supported.\e[0m\n"
     echo -e "             \e[41m/etc/iiab/local_vars.yml is now used instead (SSOT).\e[0m\n"
@@ -29,43 +29,36 @@ echo -en "Or hit [Enter] to keep the existing name:\e[0m "
 read ans < /dev/tty
 
 # BEHAVIOR LIKE ANSIBLE'S parsing of vars from .yml:
-# (0) No need to remove comment as above (user prompt here)
-# (1) Remove outer spacing IF NEC, then...
-# (2) Remove 1 pair of matching outer quotes (IF NEC)
-# (3) Ansible vars can have non-string value null.
-#     Here in bash, we force those to "" (empty string).
+# (0) No need to remove hash/comments b/c it's live input here, unlike above.
+# (1) sed: Remove outer spacing IF NEC, then...
+# (2) sed: Remove 1 pair of matching outer quotes (IF NEC)
+# (3) Ansible vars can have non-string value null.  SEE /opt/iiab/iiab/test.yml
+#     Here in bash, we focus only on string values, e.g. "" empty string if nec.
+# (4) When writing to disk, we aggressively overwrite such null var lines, e.g.
+#     including sloppy unassigned var lines like "^var:$" that lacks whitespace.
 
 ans=$(echo $ans | sed "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
 
-if [ "$ans" = "" ]; then
-    handle2=$handle1    # Beware old handle could also be "" (handled below!)
-else
-    handle2=$ans;       # Also for display at bottom
-fi
-
-echo "ans: '$ans'"
-echo "handle1: '$handle1'"
-echo "handle2: '$handle2'"
-#echo "uuid: '$uuid'"
-
-if [ "$handle1" = "$handle2" ] && [ "$handle2" != "" ]; then    # [ "$ans" ] ALSO WORKS
+# if ( [ "$ans" = "$handle" ] || [ "$ans" = "" ] ) && [ "$handle" != "" ]; then    # Overkill
+if [ "$ans" = "" ] || [ "$ans" = "$handle" ]; then
     echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in /etc/iiab/local_vars.yml\e[0m\n"
 else
-    if grep -q '^openvpn_handle:\s' /etc/iiab/local_vars.yml; then
-        sed -i "s/^openvpn_handle:\s.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml
+    if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then
+        sed -i "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml
     else
         echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml
     fi
 
-    echo -e "\n\e[1mSAVED your openvpn_handle to /etc/iiab/local_vars.yml\e[0m\n"
+    echo -e "\n\e[1mSAVED YOUR NEW openvpn_handle to /etc/iiab/local_vars.yml\e[0m\n"
+    handle=$ans;    # For display at bottom
 fi
 
 if grep -q '^openvpn_installed:\s\+[tT]rue\b' /etc/iiab/iiab_state.yml; then
     echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
 else
     echo -e "Plz wait a few minutes as sshd & OpenVPN are confirmed/installed...\n"
-    if grep -q '^openvpn_install:\s' /etc/iiab/local_vars.yml; then
-        sed -i "s/^openvpn_install:\s.*/openvpn_install: True/" /etc/iiab/local_vars.yml
+    if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then
+        sed -i "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml
     else
         echo "openvpn_install: True" >> /etc/iiab/local_vars.yml
     fi
@@ -75,7 +68,7 @@ else
         export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log"
         ansible -m setup -i $INVENTORY localhost --connection=local | grep python
         ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local
-        # Above is tighter/better than running all of "./runrole 1-prep"
+        # 2 roles (sshd & openvpn) faster than running all of "./runrole 1-prep"
         echo
     else
         echo -e " \e[41m       Directory /opt/iiab/iiab does not exist: CANNOT INSTALL OPENVPN!       \e[0m\n"
@@ -84,8 +77,8 @@ else
 fi
 
 echo -e "Now let's (re)enable OpenVPN...\n"
-if grep -q '^openvpn_enabled:\s' /etc/iiab/local_vars.yml; then
-    sed -i "s/^openvpn_enabled:\s.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml
+if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then
+    sed -i "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml
 else
     echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml
 fi
@@ -121,7 +114,7 @@ echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs tha
 sleep 15
 
 echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m"
-echo -en $handle2
+echo -en $handle
 echo -en "\e[0m"
 
 vpnip=$(ip a | grep tun0$ | awk '{print $2}')

scripts/iiab-diagnostics

@@ -137,6 +137,7 @@ cat_file /etc/issue.net
 cat_file /etc/debian_version
 cat_cmd 'dpkg --print-architecture' 'RaspiOS-on-PC shows: i386'
 cat_cmd 'dpkg --print-foreign-architectures' 'RaspiOS-on-PC shows: amd64'
+cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml'
 
 echo -e '\n\n  1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n'
 echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile
@@ -155,7 +156,6 @@ echo -e "\n\n\n\n2. REGULAR FILES\n" >> $outfile
 #cat_file /opt/iiab/iiab              # Directory test
 #cat_file /tmp/empty-file             # Empty file test
 #cat_file /usr/bin/iiab-support-on    # Symlink test
-cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml'
 cat_file /.iiab-image
 cat_file /etc/iiab/iiab.env
 cat_file /etc/iiab/iiab.ini

scripts/iiab-diagnostics.README.md

@@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things:
 
 ## Source Code
 
-Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-224 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.
+Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 110-228 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.