From 31b01af49e946a86069d9da3e8c5cef3bf5e5dab Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 9 Oct 2019 00:39:01 -0500 Subject: [PATCH 01/25] Combine iiab-support & install-support --- .../templates/iiab-support => iiab-support | 6 ++++- install-support | 26 ------------------- install-support.yml | 7 +++-- roles/openvpn/tasks/main.yml | 11 +++++--- 4 files changed, 16 insertions(+), 34 deletions(-) rename roles/openvpn/templates/iiab-support => iiab-support (96%) mode change 100644 => 100755 delete mode 100755 install-support diff --git a/roles/openvpn/templates/iiab-support b/iiab-support old mode 100644 new mode 100755 similarity index 96% rename from roles/openvpn/templates/iiab-support rename to iiab-support index 87172339a..f71fca85e --- a/roles/openvpn/templates/iiab-support +++ b/iiab-support @@ -1,4 +1,6 @@ #!/bin/bash +PLAYBOOK="install-support.yml" +INVENTORY="ansible_hosts" # openvpn_handle is stored in 2 files on disk, one slightly stripped down (from # the other) due to Ansible. So we emulate Ansible's behavior, when reading from @@ -53,7 +55,9 @@ else echo "openvpn_install: True" >> /etc/iiab/local_vars.yml fi cd /opt/iiab/iiab - ./runrole 1-prep + CWD=`pwd` + export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" + ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local echo fi diff --git a/install-support b/install-support deleted file mode 100755 index aad78fe93..000000000 --- a/install-support +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n" - -read -p "Continue? [y/N] " ans -if [ "$ans" != "y" ]; then - echo - exit -fi - -PLAYBOOK="install-support.yml" -INVENTORY="ansible_hosts" -CWD=`pwd` - -export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" - -if [ ! -f $PLAYBOOK ]; then - echo -e "\nEXITING: $PLAYBOOK not found.\n" - echo -e "Please run this command from /opt/iiab/iiab (top of git repo).\n" - exit 1 -fi - -sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml -sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml - -ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local diff --git a/install-support.yml b/install-support.yml index b7a9faf75..e47229004 100644 --- a/install-support.yml +++ b/install-support.yml @@ -8,7 +8,6 @@ roles: - { role: 0-init, tags: ['0-init'] } - #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] } - - { role: 1-prep, tags: ['1-prep'] } - #- { role: openvpn, tags: ['openvpn'] } # FASTER ALTERNATIVE THAN 1-prep (if 1-prep was already run!) - # BETTER YET, SEE: /usr/bin/iiab-support for a much friendlier UX, that only runs 1-prep when necessary. + - { role: sshd, tags: ['sshd'] } + - { role: iiab-admin, tags: ['iiab-admin'] } + - { role: openvpn, tags: ['openvpn'] } diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 178676615..5bb18748c 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -82,7 +82,6 @@ - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } - - { src: 'iiab-support', dest: '/usr/bin/iiab-support', mode: '0755' } - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } # Comment out in future? Not recommended as of August 2018: @@ -96,15 +95,21 @@ # Obsolete & unused for ~2 years as of August 2018: #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } +- name: Create iiab-support (symlink to iiab-support in git) + file: + src: "{{ iiab_dir }}/iiab-support" + path: /usr/bin/iiab-support + state: link + - name: Create iiab-support-on (symlink to iiab-support for now) file: - src: /usr/bin/iiab-support + src: "{{ iiab_dir }}/iiab-support" path: /usr/bin/iiab-support-on state: link - name: Create iiab-support-off (symlink to iiab-remote-off for now) file: - src: /usr/bin/iiab-remote-off + src: "{{ iiab_dir }}/iiab-remote-off" path: /usr/bin/iiab-support-off state: link From 5f9441ec0bc76cae87562d5f2b997ac7ea42dc27 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 11:40:51 -0400 Subject: [PATCH 02/25] Rename iiab-handle.j2 to iiab-handle.j2.deprecated --- .../templates/{iiab-handle.j2 => iiab-handle.j2.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/openvpn/templates/{iiab-handle.j2 => iiab-handle.j2.deprecated} (100%) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2.deprecated similarity index 100% rename from roles/openvpn/templates/iiab-handle.j2 rename to roles/openvpn/templates/iiab-handle.j2.deprecated From 3817b020571cef34e6a076c832333dbd4f489538 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 11:41:24 -0400 Subject: [PATCH 03/25] Delete iiab-vpn.conf.in.deprecated --- roles/openvpn/templates/iiab-vpn.conf.in.deprecated | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 roles/openvpn/templates/iiab-vpn.conf.in.deprecated diff --git a/roles/openvpn/templates/iiab-vpn.conf.in.deprecated b/roles/openvpn/templates/iiab-vpn.conf.in.deprecated deleted file mode 100644 index c831a79cd..000000000 --- a/roles/openvpn/templates/iiab-vpn.conf.in.deprecated +++ /dev/null @@ -1,6 +0,0 @@ -# this file allows changing the world accessable vpn server and its ip address -# -# copy this template file to /etc/openvpn/iiab-vpn.conf, and set properly - -# VPNCONFIG=< put the name of the config file in /etc/openvpn you want to use> -# VPNIP= From 85d4cf5d7b9b10f32b6d906f62dec9cd23c6ac5b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 11:41:31 -0400 Subject: [PATCH 04/25] Delete iiab-vpn.j2.deprecated --- .../openvpn/templates/iiab-vpn.j2.deprecated | 92 ------------------- 1 file changed, 92 deletions(-) delete mode 100755 roles/openvpn/templates/iiab-vpn.j2.deprecated diff --git a/roles/openvpn/templates/iiab-vpn.j2.deprecated b/roles/openvpn/templates/iiab-vpn.j2.deprecated deleted file mode 100755 index d463f85ed..000000000 --- a/roles/openvpn/templates/iiab-vpn.j2.deprecated +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash -# script to manage openvpn - -if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then - VPNCONFIG='xscenet.conf' # WAS BUGGY (set to non-existent "party-line.conf", but thankfully unused) as of August 2018 - VPNIP={{ openvpn_server_virtual_ip }} -else - # expect the sourced file to set the above variables - source /etc/openvpn/iiab-vpn.conf -fi - -# we'd like the user of this script to have root privilege -if [ "$(id -u)" != "0" ]; then - echo "This script must be run as root" 1>&2 - exit 1 -fi - -case $1 in - "stop" | "no" | "off") - killall openvpn - exit 0 - ;; - "status") - pid=`ps -e|grep openvpn` - if [ -z "$pid" ]; then - echo "The OpenVPN process is not running" - else - echo "OpenVPN is running with id $pid" - ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'` - echo "Local vpn tunnel address is $ip" - fi - exit 0 - ;; -esac - -# we'd like for password authentication to be turned off -grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config -PASSWORDS_ENABLED=$? - -if [ $PASSWORDS_ENABLED -eq 0 ];then - case $1 in - "test" | "unsafe") ;; - *) - echo "OpenVPN is only safe when public/private keys are used" - echo " And when passwords are turned off in /etc/ssh/sshd_conf" - exit 1 - esac -fi - -# openvpn config file directory -dir=/etc/openvpn - -if [ $# -eq 0 ]; then - cmd="test" -else - cmd=$1 -fi - -case $cmd in - "test" | "unsafe" ) - # load TUN/TAP kernel module - modprobe tun - - # make sure the wan is functioning - # 8.8.8.8 is one of google's dns servers - ping -c 3 -i 3 8.8.8.8 - if [ $? -ne 0 ]; then - echo "internet is not available, tunnel not possible" - exit 1 - fi - - # check the vpn tunnel - ping -c 5 -i 5 "$VPNIP" - # a zero return means the tunnel is up - if [ $? -ne "0" ]; then - echo "Stopping any openvpn instance" - killall openvpn - sleep 10 - echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready" - openvpn --cd $dir --daemon --config $VPNCONFIG - fi - sleep 10 - echo "Testing VPN connection" - ping -c 4 -i 4 "$VPNIP" - if [ $? -eq 0 ]; then - echo "vpn tunnel established" - else - echo "vpn connection failed" - fi - - ;; -esac From 1a150926b6c14fe9f279a2779d68a2e316423989 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 11:41:38 -0400 Subject: [PATCH 05/25] Delete party-line.conf.j2.deprecated --- .../templates/party-line.conf.j2.deprecated | 41 ------------------- 1 file changed, 41 deletions(-) delete mode 100644 roles/openvpn/templates/party-line.conf.j2.deprecated diff --git a/roles/openvpn/templates/party-line.conf.j2.deprecated b/roles/openvpn/templates/party-line.conf.j2.deprecated deleted file mode 100644 index 1ed627baa..000000000 --- a/roles/openvpn/templates/party-line.conf.j2.deprecated +++ /dev/null @@ -1,41 +0,0 @@ -# REPLACED BY xscenet.conf.j2 -> /etc/openvpn/xscenet.conf - -######################################### -# Sample client-side OpenVPN config file -# for connecting to multi-client server. -# -# Adapted from http://openvpn.sourceforge.net/20notes.html -# -# The server can be pinged at 10.8.0.1. -# -# This configuration can be used by multiple -# clients, however each client should have -# its own cert and key files. -# -# tun-style tunnel - -port {{ openvpn_server_port }} -dev tun -remote {{ openvpn_server }} - -# TLS parms - -tls-client -ca keys/ca.crt -cert keys/client1.crt -key keys/client1.key - -# This parm is required for connecting -# to a multi-client server. It tells -# the client to accept options which -# the server pushes to us. -pull - -# Scripts can be used to do various -# things (change nameservers, for -# example. -#up scripts/ifup-post -#down scripts/ifdown-post - -verb 4 -comp-lzo yes From 65ab8ec2c46041928c160e5834897163f98154cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 11:41:45 -0400 Subject: [PATCH 06/25] Delete xsce-vpn.conf.in.deprecated --- roles/openvpn/templates/xsce-vpn.conf.in.deprecated | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 roles/openvpn/templates/xsce-vpn.conf.in.deprecated diff --git a/roles/openvpn/templates/xsce-vpn.conf.in.deprecated b/roles/openvpn/templates/xsce-vpn.conf.in.deprecated deleted file mode 100644 index 90fd11d32..000000000 --- a/roles/openvpn/templates/xsce-vpn.conf.in.deprecated +++ /dev/null @@ -1,6 +0,0 @@ -# this file allows changing the world accessable vpn server and its ip address -# -# copy this template file to /etc/openvpn/xsce-vpn.conf, and set properly - -# VPNCONFIG=< put the name of the config file in /etc/openvpn you want to use> -# VPNIP= From 26b37659c9f428899f94444a1e9ea2858707b496 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 11:55:03 -0400 Subject: [PATCH 07/25] Clean+improve openvpn/tasks/main.yml --- roles/openvpn/tasks/main.yml | 47 ++++++------------------------------ 1 file changed, 7 insertions(+), 40 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 5bb18748c..4c77d035d 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -62,8 +62,6 @@ with_items: - /etc/openvpn/keys - /etc/openvpn/scripts - # Obsolete & unused for ~2 years as of August 2018: - #- /usr/lib/iiab - name: Configure OpenVPN (BACKS UP FILES IF CHANGED) template: @@ -84,32 +82,24 @@ - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } - # Comment out in future? Not recommended as of August 2018: - - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } - # Obsolete & unused for ~2 years as of August 2018: - # - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } - # Obsolete & unused for ~2 years as of August 2018: - #- { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } - # Obsolete & unused for ~2 years as of August 2018: - #- { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } - # Obsolete & unused for ~2 years as of August 2018: - #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } + # 2019-10-09: Not recommended for over a year & no longer in use + # - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } -- name: Create iiab-support (symlink to iiab-support in git) +- name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted (smaller IIAB installs do this) file: src: "{{ iiab_dir }}/iiab-support" - path: /usr/bin/iiab-support - state: link + path: /usr/bin + mode: 0755 - name: Create iiab-support-on (symlink to iiab-support for now) file: - src: "{{ iiab_dir }}/iiab-support" + src: /usr/bin/iiab-support path: /usr/bin/iiab-support-on state: link - name: Create iiab-support-off (symlink to iiab-remote-off for now) file: - src: "{{ iiab_dir }}/iiab-remote-off" + src: /usr/bin/iiab-remote-off path: /usr/bin/iiab-support-off state: link @@ -125,29 +115,6 @@ path: /usr/bin/iiab-vpn-off state: link -# up_wan was being installed twice (also above) and was unused for ~2 years -# as of August 2018: (see 15-openvpn below) -#- name: Put up_wan in place (debuntu) -# template: -# src: up_wan -# dest: /usr/lib/iiab/up_wan -# when: is_debuntu | bool - -# Contained serious bug (15-openvpn called up-wan instead of up_wan in -# /usr/lib/iiab/ as of August 2018) so evidently unused for ~2 years: -#- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet) -# template: -# src: 15-openvpn -# dest: /etc/NetworkManager/dispatcher.d/ -# #when: not is_debuntu # CONDITION APPEARS TOO BROAD -# when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?) - -# Was obsolete/unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf) -#- name: Check for manually configured OpenVPN tunnel -# stat: -# path: /etc/openvpn/iiab-vpn.conf -# register: stat - # FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not # been working with systemd service names that contained the "@" character. From 9f392cb5d9afb62993ea5be4876e22b92b72e23e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 12:08:01 -0400 Subject: [PATCH 08/25] Update iiab-support --- iiab-support | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/iiab-support b/iiab-support index f71fca85e..5f033303b 100755 --- a/iiab-support +++ b/iiab-support @@ -1,4 +1,5 @@ #!/bin/bash + PLAYBOOK="install-support.yml" INVENTORY="ansible_hosts" @@ -55,8 +56,9 @@ else echo "openvpn_install: True" >> /etc/iiab/local_vars.yml fi cd /opt/iiab/iiab - CWD=`pwd` - export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" + export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" + #CWD=`pwd` + #export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local echo fi From 57b8b61400f539eaca55cbcc1bb211634fcf7f30 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 12:20:41 -0400 Subject: [PATCH 09/25] Clarify we run just 3 roles (not all of 1-prep) --- iiab-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-support b/iiab-support index 5f033303b..c7d18dcf6 100755 --- a/iiab-support +++ b/iiab-support @@ -49,7 +49,7 @@ fi if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n" else - echo -e "Please wait a few minutes as IIAB Stage 1 (1-prep) & OpenVPN are installed...\n" + echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n" if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then sed -i "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml else From 74465fc9d8faeb22cbc27214b5f06ccb13150737 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 12:27:18 -0400 Subject: [PATCH 10/25] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 4c77d035d..ae0262d66 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -88,7 +88,7 @@ - name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted (smaller IIAB installs do this) file: src: "{{ iiab_dir }}/iiab-support" - path: /usr/bin + path: /usr/bin/iiab-support mode: 0755 - name: Create iiab-support-on (symlink to iiab-support for now) From 801080bfb55f541769c5a945adc4872ac0711d70 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 12:34:08 -0400 Subject: [PATCH 11/25] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index ae0262d66..9382e4c38 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -85,10 +85,10 @@ # 2019-10-09: Not recommended for over a year & no longer in use # - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } -- name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted (smaller IIAB installs do this) - file: +- name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted e.g. on a smaller IIAB install + copy: src: "{{ iiab_dir }}/iiab-support" - path: /usr/bin/iiab-support + path: /usr/bin/ mode: 0755 - name: Create iiab-support-on (symlink to iiab-support for now) From 07905cdc3d4823b50a9d33b0ab2b5ebf60d70ac3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 12:37:12 -0400 Subject: [PATCH 12/25] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 9382e4c38..d5d507399 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -88,7 +88,7 @@ - name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted e.g. on a smaller IIAB install copy: src: "{{ iiab_dir }}/iiab-support" - path: /usr/bin/ + dest: /usr/bin/ mode: 0755 - name: Create iiab-support-on (symlink to iiab-support for now) From 8e77d1e405942a30ce3c70dc8cac905a1b2512b5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 12:41:05 -0400 Subject: [PATCH 13/25] Update iiab-support --- iiab-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-support b/iiab-support index c7d18dcf6..33c46337f 100755 --- a/iiab-support +++ b/iiab-support @@ -85,7 +85,7 @@ echo -e " 2. Check your OpenVPN connection: run 'ping 10.8.0.1'" echo -e " 3. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" echo -e " 4. If necessary, run 'systemctl restart openvpn' which should" echo -e " run 'systemctl restart openvpn@xscenet' for you." -echo -e " 5. Sometimes waiting a minute helps -- retry steps 2 and 3 to monitor." +echo -e " 5. SOMETIMES WAITING A MINUTE HELPS -- retry steps 2 and 3 to monitor." echo -e " 6. If in future you want to disable OpenVPN connections to-and-from your" echo -e " Internet-in-a-Box (IIAB) please run 'iiab-support-off' at that time." echo -e " 7. Read 'How can I remotely manage my Internet-in-a-Box?' at" From 6bbf8e18d49139b6b9a0517d578ae797151238cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 15:46:00 -0400 Subject: [PATCH 14/25] "cd /opt/iiab/iiab" not needed by Ansible --- iiab-support | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/iiab-support b/iiab-support index 33c46337f..9ac44083c 100755 --- a/iiab-support +++ b/iiab-support @@ -55,7 +55,8 @@ else else echo "openvpn_install: True" >> /etc/iiab/local_vars.yml fi - cd /opt/iiab/iiab + #cd /opt/iiab/iiab + #./runrole 1-prep export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" #CWD=`pwd` #export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" From 584e35e243a131157932fd492e377ef366f8031a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 18:18:08 -0400 Subject: [PATCH 15/25] openvpn/tasks/main.yml more readable --- roles/openvpn/tasks/main.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index d5d507399..f164934c9 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -4,17 +4,16 @@ - openvpn - nmap state: present - tags: - - download + #tags: + # - download -- name: Install Ncat package +- name: Install Ncat package (if need_ncat) package: - name: - - ncat + name: ncat state: present - when: need_ncat | bool - tags: - - download + when: need_ncat | bool + #tags: + # - download - name: Install ssh public keys for remote support (if openvpn_install) lineinfile: From b3cbd80679e91d89bfa4e27cc3a39452036ba725 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 18:24:51 -0400 Subject: [PATCH 16/25] mkdir -p /opt/iiab/iiab --- iiab-support | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/iiab-support b/iiab-support index 9ac44083c..7f047a156 100755 --- a/iiab-support +++ b/iiab-support @@ -57,9 +57,13 @@ else fi #cd /opt/iiab/iiab #./runrole 1-prep - export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" + #CWD=`pwd` #export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" + + # For log file, in case git tree deleted, on IIABs with very small disks: + mkdir -p /opt/iiab/iiab + export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local echo fi From c4f81366bf3e866e82b3baa75f68791c1a5ae87b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 18:35:15 -0400 Subject: [PATCH 17/25] Directly implement need_ncat in openvpn/tasks/main.yml --- roles/openvpn/tasks/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index f164934c9..b41d355a4 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -7,11 +7,12 @@ #tags: # - download -- name: Install Ncat package (if need_ncat) +- name: Install Ncat package (if Debian > 9 or Ubuntu > 18) package: name: ncat state: present - when: need_ncat | bool + when: is_debuntu and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18) + #when: need_ncat | bool #tags: # - download From 3abe4a101b863ee9cf8930b467f7790a24a1cece Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 18:37:40 -0400 Subject: [PATCH 18/25] Remove need_ncat from raspbian-10.yml --- vars/raspbian-10.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml index 9aef84329..7813a7200 100644 --- a/vars/raspbian-10.yml +++ b/vars/raspbian-10.yml @@ -40,4 +40,3 @@ minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game minetest_rpi_src_url: http://www.nathansalapat.com/downloads/0.4.17.1.tar.gz minetest_rpi_src: minetest-0.4.17.1.tar.gz -need_ncat: True From 67fe8b445f758616a8a0ba8335436df5b09a5ce6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 18:38:06 -0400 Subject: [PATCH 19/25] Remove need_ncat from ubuntu-19.yml --- vars/ubuntu-19.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/ubuntu-19.yml b/vars/ubuntu-19.yml index 245ac7576..5b89d04fc 100644 --- a/vars/ubuntu-19.yml +++ b/vars/ubuntu-19.yml @@ -29,4 +29,3 @@ systemd_location: /lib/systemd/system # Upgrade Ubuntu 19.x's Calibre 3.39.1+ to very latest calibre_via_debs: False calibre_via_python: True -need_ncat: True From 94a1682d42b6e0f99f053ab40b7e8b4254d6b012 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 18:38:59 -0400 Subject: [PATCH 20/25] Remove need_ncat from debian-10.yml --- vars/debian-10.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/debian-10.yml b/vars/debian-10.yml index ffbb699af..f823408e9 100644 --- a/vars/debian-10.yml +++ b/vars/debian-10.yml @@ -27,4 +27,3 @@ systemd_location: /lib/systemd/system # Upgrade OS's own Calibre to very latest: calibre_via_debs: True calibre_via_python: False -need_ncat: True From 1dcb61213ff78d0d244459619bfe42f0ade28ad6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 18:45:02 -0400 Subject: [PATCH 21/25] NCat-missing-from-NMap if Debian > 9 or Ubuntu > 18 (for openvpn_handle) --- roles/openvpn/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index b41d355a4..507209d6a 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -7,6 +7,7 @@ #tags: # - download +# Newer versions of NMap do not include NCat, needed to announce /etc/iiab/openvpn_handle - name: Install Ncat package (if Debian > 9 or Ubuntu > 18) package: name: ncat From 210c5883bdbd57f05c5b027a4a3af1d1cda3df12 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 18:46:30 -0400 Subject: [PATCH 22/25] Remove need_ncat from vars/default_vars.yml --- vars/default_vars.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 6f82ca01c..cb62c15a1 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -199,9 +199,6 @@ openvpn_server: xscenet.net openvpn_server_real_ip: 3.89.148.185 openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_port: 1194 -# Newer versions of NMap do not include NCat which is used to announce handle -# need_ncat is turned true by os-#.yml files that don't have ncat in nmap -need_ncat: False # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ From c92dd3ddbf73a50d027ca5732e665d65f2e133ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 19:03:32 -0400 Subject: [PATCH 23/25] Exit w/ explanation if /opt/iiab/iiab was deleted --- iiab-support | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/iiab-support b/iiab-support index 7f047a156..9822853b9 100755 --- a/iiab-support +++ b/iiab-support @@ -55,17 +55,19 @@ else else echo "openvpn_install: True" >> /etc/iiab/local_vars.yml fi - #cd /opt/iiab/iiab - #./runrole 1-prep - - #CWD=`pwd` - #export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" - - # For log file, in case git tree deleted, on IIABs with very small disks: - mkdir -p /opt/iiab/iiab - export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" - ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local - echo + + if [ -d /opt/iiab/iiab ]; then + cd /opt/iiab/iiab + #CWD=`pwd` + #export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" + export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" + ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local + # Above is tighter/better than running all of "./runrole 1-prep" + echo + else + echo -e 'Directory /opt/iiab/iiab does not exist: CANNOT INSTALL OPENVPN!\n' + exit 1 + fi fi echo -e "Now let's (re)enable OpenVPN...\n" From 24af85e966a5f11de9a9b0de979a987402be392b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 19:13:51 -0400 Subject: [PATCH 24/25] Highlight error in red, if /opt/iiab/iiab missing (and needed) --- iiab-support | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/iiab-support b/iiab-support index 9822853b9..5c689f6fe 100755 --- a/iiab-support +++ b/iiab-support @@ -65,7 +65,7 @@ else # Above is tighter/better than running all of "./runrole 1-prep" echo else - echo -e 'Directory /opt/iiab/iiab does not exist: CANNOT INSTALL OPENVPN!\n' + echo -e '\e[41m Directory /opt/iiab/iiab does not exist: CANNOT INSTALL OPENVPN! \e[0m\n' exit 1 fi fi @@ -116,4 +116,5 @@ if [ "$vpnip" != "" ]; then echo -e "\nYour OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n" else echo -e "\n \e[41m ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS \e[0m\n" + exit 1 fi From 0ef15b98663e682d24b67647b19589af6b054cc1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 9 Oct 2019 19:21:39 -0400 Subject: [PATCH 25/25] Cleaner error msg if /opt/iiab/iiab needed+missing --- iiab-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-support b/iiab-support index 5c689f6fe..7cb48c0c2 100755 --- a/iiab-support +++ b/iiab-support @@ -65,7 +65,7 @@ else # Above is tighter/better than running all of "./runrole 1-prep" echo else - echo -e '\e[41m Directory /opt/iiab/iiab does not exist: CANNOT INSTALL OPENVPN! \e[0m\n' + echo -e " \e[41m Directory /opt/iiab/iiab does not exist: CANNOT INSTALL OPENVPN! \e[0m\n" exit 1 fi fi