From 9e0ffcf5a7b06c3b407d3e740e46910f37f30dea Mon Sep 17 00:00:00 2001 From: root Date: Thu, 7 Apr 2022 10:17:35 -0400 Subject: [PATCH] Fancier & dancier roles/remoteit --- roles/remoteit/README.md | 2 +- roles/remoteit/tasks/install.yml | 30 ++++++++++++++--- roles/remoteit/templates/iiab-remoteit | 41 ++++++++++++++++++++---- roles/remoteit/templates/registration.j2 | 1 + vars/default_vars.yml | 2 ++ vars/local_vars_large.yml | 2 ++ vars/local_vars_medium.yml | 2 ++ vars/local_vars_small.yml | 2 ++ vars/local_vars_unittest.yml | 2 ++ 9 files changed, 71 insertions(+), 13 deletions(-) create mode 100644 roles/remoteit/templates/registration.j2 diff --git a/roles/remoteit/README.md b/roles/remoteit/README.md index ee1b2c8e7..8bba5ee40 100644 --- a/roles/remoteit/README.md +++ b/roles/remoteit/README.md @@ -23,7 +23,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB. - Hit `[Enter]` twice if you want to quickly generate a new claim code for your IIAB. + Hit `[Enter]` (repeatedly if necessary, to accept all defaults) if you want to quickly generate a new claim code for your IIAB. (The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install).) diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index 3b9df9556..da9c1a594 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -17,6 +17,8 @@ # 2022-04-03: Unfort still necessary, as their install_agent.sh below uses apt # with 'install -y' instead of '-y reinstall' or '-y --reinstall install' +# FWIW: Some remoteit.*.deb installers also work with '-y --allow-downgrades install' +# (e.g. *.amd64.deb) but others (e.g. both *.rpi.deb) do not. - name: Purge previously installed 'remoteit*' Device Package(s) apt: name: remoteit* @@ -28,17 +30,27 @@ # Speeds things up a bit, deferring online claim code generation if not nec: # https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account -- name: "'mkdir /etc/remoteit' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" +# - name: "'mkdir /etc/remoteit' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" +# file: +# state: directory +# path: /etc/remoteit +# when: remoteit_license_key is defined + +# - name: "'touch /etc/remoteit/registration' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" +# file: +# state: touch +# path: /etc/remoteit/registration +# when: remoteit_license_key is defined + +- name: "'mkdir /etc/remoteit'" file: state: directory path: /etc/remoteit - when: remoteit_license_key is defined -- name: "'touch /etc/remoteit/registration' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml" +- name: "'touch /etc/remoteit/registration' to block generation of claim code below, also speeding things up a bit" file: state: touch path: /etc/remoteit/registration - when: remoteit_license_key is defined # - name: "Install Device Package: {{ downloads_dir }}/{{ remoteit_deb }}" @@ -49,10 +61,18 @@ # apt: # deb: "{{ remoteit_device_url }}" -- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h +# - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h +- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh +- name: "'rm /etc/remoteit/registration' (empty file used just above)" + file: + state: absent + path: /etc/remoteit/registration + ignore_errors: yes # In case a future version of install_agent.sh deletes it for us + + - name: Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above) template: src: iiab-remoteit diff --git a/roles/remoteit/templates/iiab-remoteit b/roles/remoteit/templates/iiab-remoteit index d529be39b..816d43f6c 100755 --- a/roles/remoteit/templates/iiab-remoteit +++ b/roles/remoteit/templates/iiab-remoteit @@ -9,14 +9,26 @@ # 2022-04-03: SEE ALSO roles/remoteit/templates/iiab-remote.old -echo -e "\nhttps://remote.it can help you remotely manage this IIAB. Summary:\n" +echo -e "\nhttps://remote.it can help you remotely manage this IIAB.\n" + +echo -e "Let's generate a claim code and enable it. Documentation:\n" echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n" -echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m " -read ans < /dev/tty # Strips outer whitespace, whether we like it or not! -echo -[[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1 +if [ -f /etc/remoteit/config.json ]; then + echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m " + read ans < /dev/tty # Strips outer whitespace, whether we like it or not! + echo + [[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1 +fi + +# Explanation below, on lines 65-72 +if [ -f /etc/remoteit/registration ]; then + echo -en "\e[1mTo proceed we will delete /etc/remoteit/registration, Ok? [Y/n]\e[0m " + read ans < /dev/tty # Strips outer whitespace, whether we like it or not! + echo + [[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1 +fi echo -e "\nThis IIAB must be online to begin!\n" @@ -41,8 +53,23 @@ else systemctl stop connectd # "Safer" (though it's generally exited already!) - # '|| true' overrides 'bash -e' so script continues if config.json missing - mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) || true + # If someone manually deleted the dir, this blocks generation of claim code + [ ! -d /etc/remoteit ] && + mkdir /etc/remoteit + + [ -f /etc/remoteit/config.json ] && + mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) + [ -f /etc/remoteit/registration ] && + mv /etc/remoteit/registration /etc/remoteit/registration.$(date +%F_%T_%Z) + + # /etc/remoteit/registration is deleted above, but just FYI if it existed: + # + # 1) If /etc/remoteit/registration exists and is empty, connectd (below) + # will not create /etc/remoteit/config.json + # 2) If /etc/remoteit/registration contains an invalid license key, connectd + # (below) will create /etc/remoteit/config.json WITH a claim code. + # 3) If /etc/remoteit/registration contains a valid license key, connectd + # (below) will create /etc/remoteit/config.json WITHOUT a claim code. systemctl start connectd # Claim Code logic + kickstarts 2 svcs below # /usr/share/remoteit/refresh.sh does the same thing (or close) as per: diff --git a/roles/remoteit/templates/registration.j2 b/roles/remoteit/templates/registration.j2 new file mode 100644 index 000000000..774abae03 --- /dev/null +++ b/roles/remoteit/templates/registration.j2 @@ -0,0 +1 @@ +{{ remoteit_license_key }} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 80808c308..a617b4ae5 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -213,6 +213,8 @@ sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 1135c715b..6478638c3 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -128,6 +128,8 @@ sshd_enabled: True # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index fde1c39a5..6c56bf89e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -128,6 +128,8 @@ sshd_enabled: True # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 50d8b0d79..a3c7ed0bc 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -128,6 +128,8 @@ sshd_enabled: True # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 7808c109a..48226893a 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -128,6 +128,8 @@ sshd_enabled: True # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False +# OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: +# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True