diff --git a/iiab-base.yml b/iiab-base.yml deleted file mode 100644 index de2238008..000000000 --- a/iiab-base.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- hosts: all - become: yes - - vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - roles: - - { role: 0-init, tags: ['0-init'] } - - { role: 1-prep, tags: ['1-prep','platform','base'] } - - { role: openvpn, tags: ['openvpn'] } diff --git a/iiab-from-console.yml b/iiab-from-console.yml index c6275a641..9756638b9 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -9,11 +9,11 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['0-init'] } - - { role: 4-server-options, tags: ['4-server-options'] } - - { role: 5-xo-services, tags: ['5-xo-services'] } - - { role: 6-generic-apps, tags: ['6-generic-apps'] } - - { role: 7-edu-apps, tags: ['7-edu-apps'] } - - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] } - - { role: 9-local-addons, tags: ['9-local-addons'] } - - { role: network, tags: ['network'] } + - { role: 0-init, tags: ['0-init'] } + - { role: 4-server-options, tags: ['4-server-options'] } + - { role: 5-xo-services, tags: ['5-xo-services'] } + - { role: 6-generic-apps, tags: ['6-generic-apps'] } + - { role: 7-edu-apps, tags: ['7-edu-apps'] } + - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] } + - { role: 9-local-addons, tags: ['9-local-addons'] } + - { role: network, tags: ['network'] } diff --git a/iiab-network.yml b/iiab-network.yml index 721bedac9..01f594449 100644 --- a/iiab-network.yml +++ b/iiab-network.yml @@ -9,5 +9,5 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['network'] } - - { role: network, tags: ['network','base'] } + - { role: 0-init, tags: ['network'] } + - { role: network, tags: ['network','base'] } diff --git a/iiab-support.yml b/iiab-support.yml new file mode 100644 index 000000000..22b48df3c --- /dev/null +++ b/iiab-support.yml @@ -0,0 +1,14 @@ +--- +- hosts: all + become: yes + + vars_files: + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + + roles: + - { role: 0-init, tags: ['0-init'] } + #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] } + - { role: 1-prep, tags: ['1-prep'] } + - { role: openvpn, tags: ['openvpn'] } diff --git a/install-support b/install-support index b5ae9a12e..24785214a 100755 --- a/install-support +++ b/install-support @@ -1,17 +1,15 @@ #!/bin/bash -PLAYBOOK="iiab-base.yml" +PLAYBOOK="iiab-support.yml" INVENTORY="ansible_hosts" CWD=`pwd` export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" -if [ ! -f $PLAYBOOK ] -then - echo "IIAB Playbook not found." - echo "Please run this command from the top level of the git repo." - echo "Exiting." - exit 1 +if [ ! -f $PLAYBOOK ]; then + echo -e "\nEXITING: $PLAYBOOK not found.\n" + echo -e "Please run this command from /opt/iiab/iiab (top of git repo).\n" + exit 1 fi sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml diff --git a/roles/calibre/defaults/main.yml b/roles/calibre/defaults/main.yml index effe32dc4..bdf88373f 100644 --- a/roles/calibre/defaults/main.yml +++ b/roles/calibre/defaults/main.yml @@ -23,7 +23,7 @@ calibre_deb_url: http://download.iiab.io/packages # Must contain both packages for the pinned version, formatted as follows: # calibre_3.30.0+dfsg-1_all (25M, 2018-08-24) # calibre-bin_3.30.0+dfsg-1_armhf (742K, 2018-08-30) -calibre_deb_pin_version: 3.30.0 +calibre_deb_pin_version: 3.30.0+dfsg-1 # USE TO TEST debs.yml (RASPBIAN APPROACH!) ON DEBIAN 9.X: (now handled by calibre_via_debs in /opt/iiab/iiab/vars/*) #calibre_debs_on_debian: True diff --git a/roles/calibre/tasks/debs.yml b/roles/calibre/tasks/debs.yml index 612404a2a..e00b46e0b 100644 --- a/roles/calibre/tasks/debs.yml +++ b/roles/calibre/tasks/debs.yml @@ -42,8 +42,8 @@ #backup: no timeout: "{{ download_timeout }}" with_items: - - calibre_{{ calibre_deb_pin_version }}+dfsg-1_all.deb - - calibre-bin_{{ calibre_deb_pin_version }}+dfsg-1_armhf.deb + - calibre_{{ calibre_deb_pin_version }}_all.deb + - calibre-bin_{{ calibre_deb_pin_version }}_armhf.deb when: is_rpi and internet_available - name: Install/Upgrade both, to PINNED version {{ calibre_deb_pin_version }} while using additional .deb's from testing (rpi) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index b3e9ff51f..9b34f45a3 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -154,20 +154,30 @@ # /etc/iiab/openvpn_handle to xscenet.net -- and # "systemctl restart openvpn@xscenet" was failing completely (no matter how # many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net -- name: Enable & (Re)Start openvpn@xscenet tunnel + +# 2018-09-02: OpenVPN had been starting tunnels by accident after reboot, +# with new IIAB installs. Fix below (https://github.com/iiab/iiab/pull/1079) +# changes most all instances below from PARENT service "openvpn@xscenet" to +# CHILD service "openpvn". See these 2 critical files to understand why: +# +# /etc/default/openvpn +# /etc/openvpn/xscenet.conf + +- name: Enable & (Re)Start PARENT service openvpn, which (re)starts CHILD service openvpn@xscenet (& actual tunnel) systemd: - name: openvpn@xscenet.service + name: openvpn + daemon_reload: yes enabled: yes - state: restarted + state: restarted # 2018-09-02: Should we be concerned that "systemctl status openvpn" often shows "active (exited)" ? If so we might consider "state: started" or "state: reloaded" instead? when: openvpn_enabled -- name: Enable hourly cron job for OpenVPN +- name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?) lineinfile: path: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" when: openvpn_enabled and openvpn_cron_enabled -- name: Remove hourly cron job for OpenVPN +- name: Remove hourly cron job for OpenVPN (typically for CentOS only?) lineinfile: path: /etc/crontab regexp: "openvpn@xscenet" @@ -176,9 +186,9 @@ state: absent when: not openvpn_enabled or not openvpn_cron_enabled -- name: Disable & Stop openvpn@xscenet tunnel +- name: Disable & Stop PARENT service openvpn, which stops CHILD service openvpn@xscenet (& actual tunnel) systemd: - name: openvpn@xscenet.service + name: openvpn enabled: no state: stopped when: not openvpn_enabled @@ -207,7 +217,7 @@ - option: name value: OpenVPN - option: description - value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." + value: "OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" # openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle) diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/openvpn/templates/xscenet.conf.j2 index 1dc3779f1..c99d8e743 100644 --- a/roles/openvpn/templates/xscenet.conf.j2 +++ b/roles/openvpn/templates/xscenet.conf.j2 @@ -1,4 +1,4 @@ -# Sample client-side OpenVPN config file for connecting to multi-client server. +# Sample client-side OpenVPN config file for connecting to multi-client server # # Adapted from http://openvpn.sourceforge.net/20notes.html # diff --git a/run-one-role.yml b/run-one-role.yml index abd41ff1d..5b0ce5038 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -9,5 +9,5 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['0-init'] } - - { role: "{{ role_to_run }}", tags: ['run'] } + - { role: 0-init, tags: ['0-init'] } + - { role: "{{ role_to_run }}", tags: ['run'] }