From f810b9cde68187f24402e9c42f9f32f477ddd017 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:08:58 -0400 Subject: [PATCH 01/13] Update xscenet.conf.j2 --- roles/openvpn/templates/xscenet.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/openvpn/templates/xscenet.conf.j2 index 1dc3779f1..c99d8e743 100644 --- a/roles/openvpn/templates/xscenet.conf.j2 +++ b/roles/openvpn/templates/xscenet.conf.j2 @@ -1,4 +1,4 @@ -# Sample client-side OpenVPN config file for connecting to multi-client server. +# Sample client-side OpenVPN config file for connecting to multi-client server # # Adapted from http://openvpn.sourceforge.net/20notes.html # From 370267b1d95a0923c8ea7fba513c11b5c09afc9f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:31:11 -0400 Subject: [PATCH 02/13] Update main.yml --- roles/openvpn/tasks/main.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index b3e9ff51f..f2ca8c863 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -154,9 +154,10 @@ # /etc/iiab/openvpn_handle to xscenet.net -- and # "systemctl restart openvpn@xscenet" was failing completely (no matter how # many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net -- name: Enable & (Re)Start openvpn@xscenet tunnel +- name: Enable & (Re)Start PARENT service openvpn (it starts CHILD service openvpn@xscenet & tunnel) systemd: - name: openvpn@xscenet.service + name: openvpn + daemon_reload: yes enabled: yes state: restarted when: openvpn_enabled @@ -176,9 +177,9 @@ state: absent when: not openvpn_enabled or not openvpn_cron_enabled -- name: Disable & Stop openvpn@xscenet tunnel +- name: Disable & Stop PARENT service openvpn (it stops CHILD service openvpn@xscenet & tunnel) systemd: - name: openvpn@xscenet.service + name: openvpn enabled: no state: stopped when: not openvpn_enabled From 061047950e14bd044ec9ecedab8bbeaebb84d681 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:37:00 -0400 Subject: [PATCH 03/13] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index f2ca8c863..da051154c 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -162,13 +162,13 @@ state: restarted when: openvpn_enabled -- name: Enable hourly cron job for OpenVPN +- name: Enable hourly cron job for OpenVPN (typically for CentOS only?) lineinfile: path: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" when: openvpn_enabled and openvpn_cron_enabled -- name: Remove hourly cron job for OpenVPN +- name: Remove hourly cron job for OpenVPN (typically for CentOS only?) lineinfile: path: /etc/crontab regexp: "openvpn@xscenet" @@ -208,7 +208,7 @@ - option: name value: OpenVPN - option: description - value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." + value: "OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" # openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle) From 6f9bd1d14f1a0ec203331238d265bbe187605b34 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:46:30 -0400 Subject: [PATCH 04/13] Update main.yml --- roles/openvpn/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index da051154c..3a692efcc 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -154,7 +154,7 @@ # /etc/iiab/openvpn_handle to xscenet.net -- and # "systemctl restart openvpn@xscenet" was failing completely (no matter how # many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net -- name: Enable & (Re)Start PARENT service openvpn (it starts CHILD service openvpn@xscenet & tunnel) +- name: Enable & (Re)Start PARENT service openvpn, which (re)starts CHILD service openvpn@xscenet (& actual tunnel) systemd: name: openvpn daemon_reload: yes @@ -177,7 +177,7 @@ state: absent when: not openvpn_enabled or not openvpn_cron_enabled -- name: Disable & Stop PARENT service openvpn (it stops CHILD service openvpn@xscenet & tunnel) +- name: Disable & Stop PARENT service openvpn, which stops CHILD service openvpn@xscenet (& actual tunnel) systemd: name: openvpn enabled: no From 7a3c05c2129845f796d1c04c3a59adc03274fa15 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:58:01 -0400 Subject: [PATCH 05/13] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 3a692efcc..e361834db 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -162,7 +162,7 @@ state: restarted when: openvpn_enabled -- name: Enable hourly cron job for OpenVPN (typically for CentOS only?) +- name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?) lineinfile: path: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" From 810b196e20e063e0dcf9ba52ef16f9be793361ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 19:12:08 -0400 Subject: [PATCH 06/13] Update main.yml --- roles/openvpn/tasks/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index e361834db..9b34f45a3 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -154,12 +154,21 @@ # /etc/iiab/openvpn_handle to xscenet.net -- and # "systemctl restart openvpn@xscenet" was failing completely (no matter how # many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net + +# 2018-09-02: OpenVPN had been starting tunnels by accident after reboot, +# with new IIAB installs. Fix below (https://github.com/iiab/iiab/pull/1079) +# changes most all instances below from PARENT service "openvpn@xscenet" to +# CHILD service "openpvn". See these 2 critical files to understand why: +# +# /etc/default/openvpn +# /etc/openvpn/xscenet.conf + - name: Enable & (Re)Start PARENT service openvpn, which (re)starts CHILD service openvpn@xscenet (& actual tunnel) systemd: name: openvpn daemon_reload: yes enabled: yes - state: restarted + state: restarted # 2018-09-02: Should we be concerned that "systemctl status openvpn" often shows "active (exited)" ? If so we might consider "state: started" or "state: reloaded" instead? when: openvpn_enabled - name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?) From c9915b7f3f08cd590636f84f81436fd574ff14f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 23:51:28 -0400 Subject: [PATCH 07/13] Update install-support --- install-support | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/install-support b/install-support index b5ae9a12e..24785214a 100755 --- a/install-support +++ b/install-support @@ -1,17 +1,15 @@ #!/bin/bash -PLAYBOOK="iiab-base.yml" +PLAYBOOK="iiab-support.yml" INVENTORY="ansible_hosts" CWD=`pwd` export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" -if [ ! -f $PLAYBOOK ] -then - echo "IIAB Playbook not found." - echo "Please run this command from the top level of the git repo." - echo "Exiting." - exit 1 +if [ ! -f $PLAYBOOK ]; then + echo -e "\nEXITING: $PLAYBOOK not found.\n" + echo -e "Please run this command from /opt/iiab/iiab (top of git repo).\n" + exit 1 fi sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml From 7e37b0d380d246efab747814f993e1424ef61efe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 23:59:19 -0400 Subject: [PATCH 08/13] Update and rename iiab-base.yml to iiab-support.yml --- iiab-base.yml | 13 ------------- iiab-support.yml | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 13 deletions(-) delete mode 100644 iiab-base.yml create mode 100644 iiab-support.yml diff --git a/iiab-base.yml b/iiab-base.yml deleted file mode 100644 index de2238008..000000000 --- a/iiab-base.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- hosts: all - become: yes - - vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - roles: - - { role: 0-init, tags: ['0-init'] } - - { role: 1-prep, tags: ['1-prep','platform','base'] } - - { role: openvpn, tags: ['openvpn'] } diff --git a/iiab-support.yml b/iiab-support.yml new file mode 100644 index 000000000..22b48df3c --- /dev/null +++ b/iiab-support.yml @@ -0,0 +1,14 @@ +--- +- hosts: all + become: yes + + vars_files: + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + + roles: + - { role: 0-init, tags: ['0-init'] } + #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] } + - { role: 1-prep, tags: ['1-prep'] } + - { role: openvpn, tags: ['openvpn'] } From e8b7c31b14889fa691b6d88d805efbcb04473255 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 00:00:33 -0400 Subject: [PATCH 09/13] Update iiab-from-console.yml --- iiab-from-console.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/iiab-from-console.yml b/iiab-from-console.yml index c6275a641..9756638b9 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -9,11 +9,11 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['0-init'] } - - { role: 4-server-options, tags: ['4-server-options'] } - - { role: 5-xo-services, tags: ['5-xo-services'] } - - { role: 6-generic-apps, tags: ['6-generic-apps'] } - - { role: 7-edu-apps, tags: ['7-edu-apps'] } - - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] } - - { role: 9-local-addons, tags: ['9-local-addons'] } - - { role: network, tags: ['network'] } + - { role: 0-init, tags: ['0-init'] } + - { role: 4-server-options, tags: ['4-server-options'] } + - { role: 5-xo-services, tags: ['5-xo-services'] } + - { role: 6-generic-apps, tags: ['6-generic-apps'] } + - { role: 7-edu-apps, tags: ['7-edu-apps'] } + - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] } + - { role: 9-local-addons, tags: ['9-local-addons'] } + - { role: network, tags: ['network'] } From b35416889932b6a0749a38ed625064f28461688e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 00:00:53 -0400 Subject: [PATCH 10/13] Update iiab-network.yml --- iiab-network.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-network.yml b/iiab-network.yml index 721bedac9..01f594449 100644 --- a/iiab-network.yml +++ b/iiab-network.yml @@ -9,5 +9,5 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['network'] } - - { role: network, tags: ['network','base'] } + - { role: 0-init, tags: ['network'] } + - { role: network, tags: ['network','base'] } From 2fee404ad45f9957089df25a7e88c7d58e41ea8f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 00:01:24 -0400 Subject: [PATCH 11/13] Update run-one-role.yml --- run-one-role.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run-one-role.yml b/run-one-role.yml index abd41ff1d..5b0ce5038 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -9,5 +9,5 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['0-init'] } - - { role: "{{ role_to_run }}", tags: ['run'] } + - { role: 0-init, tags: ['0-init'] } + - { role: "{{ role_to_run }}", tags: ['run'] } From 56155622f19f770da975fac1508762028dc3ce1e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 01:31:23 -0400 Subject: [PATCH 12/13] Update main.yml --- roles/calibre/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre/defaults/main.yml b/roles/calibre/defaults/main.yml index effe32dc4..bdf88373f 100644 --- a/roles/calibre/defaults/main.yml +++ b/roles/calibre/defaults/main.yml @@ -23,7 +23,7 @@ calibre_deb_url: http://download.iiab.io/packages # Must contain both packages for the pinned version, formatted as follows: # calibre_3.30.0+dfsg-1_all (25M, 2018-08-24) # calibre-bin_3.30.0+dfsg-1_armhf (742K, 2018-08-30) -calibre_deb_pin_version: 3.30.0 +calibre_deb_pin_version: 3.30.0+dfsg-1 # USE TO TEST debs.yml (RASPBIAN APPROACH!) ON DEBIAN 9.X: (now handled by calibre_via_debs in /opt/iiab/iiab/vars/*) #calibre_debs_on_debian: True From 4a291b1d628b45e599c4c11769d5de2ca3e88f00 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 01:31:30 -0400 Subject: [PATCH 13/13] Update debs.yml --- roles/calibre/tasks/debs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre/tasks/debs.yml b/roles/calibre/tasks/debs.yml index 612404a2a..e00b46e0b 100644 --- a/roles/calibre/tasks/debs.yml +++ b/roles/calibre/tasks/debs.yml @@ -42,8 +42,8 @@ #backup: no timeout: "{{ download_timeout }}" with_items: - - calibre_{{ calibre_deb_pin_version }}+dfsg-1_all.deb - - calibre-bin_{{ calibre_deb_pin_version }}+dfsg-1_armhf.deb + - calibre_{{ calibre_deb_pin_version }}_all.deb + - calibre-bin_{{ calibre_deb_pin_version }}_armhf.deb when: is_rpi and internet_available - name: Install/Upgrade both, to PINNED version {{ calibre_deb_pin_version }} while using additional .deb's from testing (rpi)