Merge branch 'master' of https://github.com/iiab/iiab

iiab-base.yml

@@ -1,13 +0,0 @@
----
-- hosts: all
-  become: yes
-
-  vars_files:
-  - vars/default_vars.yml
-  - vars/{{ ansible_local.local_facts.os_ver }}.yml
-  - /etc/iiab/local_vars.yml
-
-  roles:
-      - { role: 0-init, tags: ['0-init'] }
-      - { role: 1-prep, tags: ['1-prep','platform','base'] }
-      - { role: openvpn, tags: ['openvpn'] }

iiab-from-console.yml

@@ -9,11 +9,11 @@
   - /etc/iiab/config_vars.yml
 
   roles:
-      - { role: 0-init, tags: ['0-init'] }
-      - { role: 4-server-options, tags: ['4-server-options'] }
-      - { role: 5-xo-services, tags: ['5-xo-services'] }
-      - { role: 6-generic-apps, tags: ['6-generic-apps'] }
-      - { role: 7-edu-apps, tags: ['7-edu-apps'] }
-      - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] }
-      - { role: 9-local-addons, tags: ['9-local-addons'] }
-      - { role: network, tags: ['network'] }
+    - { role: 0-init, tags: ['0-init'] }
+    - { role: 4-server-options, tags: ['4-server-options'] }
+    - { role: 5-xo-services, tags: ['5-xo-services'] }
+    - { role: 6-generic-apps, tags: ['6-generic-apps'] }
+    - { role: 7-edu-apps, tags: ['7-edu-apps'] }
+    - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] }
+    - { role: 9-local-addons, tags: ['9-local-addons'] }
+    - { role: network, tags: ['network'] }

iiab-network.yml

@@ -9,5 +9,5 @@
   - /etc/iiab/config_vars.yml
 
   roles:
-      - { role: 0-init, tags: ['network'] }
-      - { role: network, tags: ['network','base'] }
+    - { role: 0-init, tags: ['network'] }
+    - { role: network, tags: ['network','base'] }

iiab-support.yml

@@ -0,0 +1,14 @@
+---
+- hosts: all
+  become: yes
+
+  vars_files:
+  - vars/default_vars.yml
+  - vars/{{ ansible_local.local_facts.os_ver }}.yml
+  - /etc/iiab/local_vars.yml
+
+  roles:
+    - { role: 0-init, tags: ['0-init'] }
+    #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] }
+    - { role: 1-prep, tags: ['1-prep'] }
+    - { role: openvpn, tags: ['openvpn'] }

install-support

@@ -1,17 +1,15 @@
 #!/bin/bash
 
-PLAYBOOK="iiab-base.yml"
+PLAYBOOK="iiab-support.yml"
 INVENTORY="ansible_hosts"
 CWD=`pwd`
 
 export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
 
-if [ ! -f $PLAYBOOK ]
-then
- echo "IIAB Playbook not found."
- echo "Please run this command from the top level of the git repo."
- echo "Exiting."
- exit 1
+if [ ! -f $PLAYBOOK ]; then
+    echo -e "\nEXITING: $PLAYBOOK not found.\n"
+    echo -e "Please run this command from /opt/iiab/iiab (top of git repo).\n"
+    exit 1
 fi
 
 sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml

roles/calibre/defaults/main.yml

@@ -23,7 +23,7 @@ calibre_deb_url: http://download.iiab.io/packages
 # Must contain both packages for the pinned version, formatted as follows:
 # calibre_3.30.0+dfsg-1_all (25M, 2018-08-24)
 # calibre-bin_3.30.0+dfsg-1_armhf (742K, 2018-08-30)
-calibre_deb_pin_version: 3.30.0
+calibre_deb_pin_version: 3.30.0+dfsg-1
 
 # USE TO TEST debs.yml (RASPBIAN APPROACH!) ON DEBIAN 9.X: (now handled by calibre_via_debs in /opt/iiab/iiab/vars/*)
 #calibre_debs_on_debian: True

roles/calibre/tasks/debs.yml

@@ -42,8 +42,8 @@
     #backup: no
     timeout: "{{ download_timeout }}"
   with_items:
-    - calibre_{{ calibre_deb_pin_version }}+dfsg-1_all.deb
-    - calibre-bin_{{ calibre_deb_pin_version }}+dfsg-1_armhf.deb
+    - calibre_{{ calibre_deb_pin_version }}_all.deb
+    - calibre-bin_{{ calibre_deb_pin_version }}_armhf.deb
   when: is_rpi and internet_available
 
 - name: Install/Upgrade both, to PINNED version {{ calibre_deb_pin_version }} while using additional .deb's from testing (rpi)

roles/openvpn/tasks/main.yml

@@ -154,20 +154,30 @@
 # /etc/iiab/openvpn_handle to xscenet.net -- and
 # "systemctl restart openvpn@xscenet" was failing completely (no matter how
 # many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net
-- name: Enable & (Re)Start openvpn@xscenet tunnel
+
+# 2018-09-02: OpenVPN had been starting tunnels by accident after reboot,
+# with new IIAB installs.  Fix below (https://github.com/iiab/iiab/pull/1079)
+# changes most all instances below from PARENT service "openvpn@xscenet" to
+# CHILD service "openpvn".  See these 2 critical files to understand why:
+#
+#    /etc/default/openvpn
+#    /etc/openvpn/xscenet.conf
+
+- name: Enable & (Re)Start PARENT service openvpn, which (re)starts CHILD service openvpn@xscenet (& actual tunnel)
   systemd:
-    name: openvpn@xscenet.service
+    name: openvpn
+    daemon_reload: yes
     enabled: yes
-    state: restarted
+    state: restarted    # 2018-09-02: Should we be concerned that "systemctl status openvpn" often shows "active (exited)" ?  If so we might consider "state: started" or "state: reloaded" instead?
   when: openvpn_enabled
 
-- name: Enable hourly cron job for OpenVPN
+- name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?)
   lineinfile:
     path: /etc/crontab
     line: "25 *  *  *  * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null"
   when: openvpn_enabled and openvpn_cron_enabled
 
-- name: Remove hourly cron job for OpenVPN
+- name: Remove hourly cron job for OpenVPN (typically for CentOS only?)
   lineinfile:
     path: /etc/crontab
     regexp: "openvpn@xscenet"
@@ -176,9 +186,9 @@
     state: absent
   when: not openvpn_enabled or not openvpn_cron_enabled
 
-- name: Disable & Stop openvpn@xscenet tunnel
+- name: Disable & Stop PARENT service openvpn, which stops CHILD service openvpn@xscenet (& actual tunnel)
   systemd:
-    name: openvpn@xscenet.service
+    name: openvpn
     enabled: no
     state: stopped
   when: not openvpn_enabled
@@ -207,7 +217,7 @@
   - option: name
     value: OpenVPN
   - option: description
-    value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections."
+    value: "OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."
   - option: enabled
     value: "{{ openvpn_enabled }}"
 # openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle)

roles/openvpn/templates/xscenet.conf.j2

@@ -1,4 +1,4 @@
-# Sample client-side OpenVPN config file for connecting to multi-client server.
+# Sample client-side OpenVPN config file for connecting to multi-client server
 #
 # Adapted from http://openvpn.sourceforge.net/20notes.html
 #

run-one-role.yml

@@ -9,5 +9,5 @@
   - /etc/iiab/config_vars.yml
 
   roles:
-      - { role: 0-init, tags: ['0-init'] }
-      - { role: "{{ role_to_run }}", tags: ['run'] }
+    - { role: 0-init, tags: ['0-init'] }
+    - { role: "{{ role_to_run }}", tags: ['run'] }