Fancier & dancier roles/remoteit

roles/remoteit/README.md

@@ -23,7 +23,7 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s
 
 1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB.
 
-   Hit `[Enter]` twice if you want to quickly generate a new claim code for your IIAB.
+   Hit `[Enter]` (repeatedly if necessary, to accept all defaults) if you want to quickly generate a new claim code for your IIAB.
 
    (The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install).)
 

roles/remoteit/tasks/install.yml

@@ -17,6 +17,8 @@
 
 # 2022-04-03: Unfort still necessary, as their install_agent.sh below uses apt
 # with 'install -y' instead of '-y reinstall' or '-y --reinstall install'
+# FWIW: Some remoteit.*.deb installers also work with '-y --allow-downgrades install'
+# (e.g. *.amd64.deb) but others (e.g. both *.rpi.deb) do not.
 - name: Purge previously installed 'remoteit*' Device Package(s)
   apt:
     name: remoteit*
@@ -28,17 +30,27 @@
 # Speeds things up a bit, deferring online claim code generation if not nec:
 # https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account
 
-- name: "'mkdir /etc/remoteit' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml"
+# - name: "'mkdir /etc/remoteit' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml"
+#   file:
+#     state: directory
+#     path: /etc/remoteit
+#   when: remoteit_license_key is defined
+
+# - name: "'touch /etc/remoteit/registration' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml"
+#   file:
+#     state: touch
+#     path: /etc/remoteit/registration
+#   when: remoteit_license_key is defined
+
+- name: "'mkdir /etc/remoteit'"
   file:
     state: directory
     path: /etc/remoteit
-  when: remoteit_license_key is defined
 
-- name: "'touch /etc/remoteit/registration' e.g. if your 'remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6' exists in /etc/iiab/local_vars.yml"
+- name: "'touch /etc/remoteit/registration' to block generation of claim code below, also speeding things up a bit"
   file:
     state: touch
     path: /etc/remoteit/registration
-  when: remoteit_license_key is defined
 
 
 # - name: "Install Device Package: {{ downloads_dir }}/{{ remoteit_deb }}"
@@ -49,10 +61,18 @@
 #   apt:
 #     deb: "{{ remoteit_device_url }}"
 
-- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h
+# - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh -- this puts a claim code in /etc/remoteit/config.json which is valid for 24h
+- name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh
   shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh
 
 
+- name: "'rm /etc/remoteit/registration' (empty file used just above)"
+  file:
+    state: absent
+    path: /etc/remoteit/registration
+  ignore_errors: yes    # In case a future version of install_agent.sh deletes it for us
+
+
 - name: Install /usr/bin/iiab-remoteit from template -- so IIAB operators can quickly enable remote.it AND generate a new remote.it claim code (in /etc/remoteit/config.json) -- optionally downloading + installing the very latest Device Package (like the 2 steps above)
   template:
     src: iiab-remoteit

roles/remoteit/templates/iiab-remoteit

@@ -9,14 +9,26 @@
 
 # 2022-04-03: SEE ALSO roles/remoteit/templates/iiab-remote.old
 
-echo -e "\nhttps://remote.it can help you remotely manage this IIAB.  Summary:\n"
+echo -e "\nhttps://remote.it can help you remotely manage this IIAB.\n"
+
+echo -e "Let's generate a claim code and enable it.  Documentation:\n"
 
 echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n"
 
-echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m "
-read ans < /dev/tty    # Strips outer whitespace, whether we like it or not!
-echo
-[[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1
+if [ -f /etc/remoteit/config.json ]; then
+    echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m "
+    read ans < /dev/tty    # Strips outer whitespace, whether we like it or not!
+    echo
+    [[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1
+fi
+
+# Explanation below, on lines 65-72
+if [ -f /etc/remoteit/registration ]; then
+    echo -en "\e[1mTo proceed we will delete /etc/remoteit/registration, Ok? [Y/n]\e[0m "
+    read ans < /dev/tty    # Strips outer whitespace, whether we like it or not!
+    echo
+    [[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1
+fi
 
 echo -e "\nThis IIAB must be online to begin!\n"
 
@@ -41,8 +53,23 @@ else
 
     systemctl stop connectd      # "Safer" (though it's generally exited already!)
 
-    # '|| true' overrides 'bash -e' so script continues if config.json missing
-    mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z) || true
+    # If someone manually deleted the dir, this blocks generation of claim code
+    [ ! -d /etc/remoteit ] &&
+        mkdir /etc/remoteit
+
+    [ -f /etc/remoteit/config.json ] &&
+        mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z)
+    [ -f /etc/remoteit/registration ] &&
+        mv /etc/remoteit/registration /etc/remoteit/registration.$(date +%F_%T_%Z)
+
+    # /etc/remoteit/registration is deleted above, but just FYI if it existed:
+    #
+    # 1) If /etc/remoteit/registration exists and is empty, connectd (below)
+    #    will not create /etc/remoteit/config.json
+    # 2) If /etc/remoteit/registration contains an invalid license key, connectd
+    #    (below) will create /etc/remoteit/config.json WITH a claim code.
+    # 3) If /etc/remoteit/registration contains a valid license key, connectd
+    #    (below) will create /etc/remoteit/config.json WITHOUT a claim code.
 
     systemctl start connectd     # Claim Code logic + kickstarts 2 svcs below
     # /usr/share/remoteit/refresh.sh does the same thing (or close) as per:

roles/remoteit/templates/registration.j2

@@ -0,0 +1 @@
+{{ remoteit_license_key }}

vars/default_vars.yml

@@ -213,6 +213,8 @@ sshd_port: 22    # Not fully functional.  SEE: roles/sshd/tasks/install.yml
 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit
 remoteit_install: True
 remoteit_enabled: False
+# OPTION #1: Run 'sudo iiab-remoteit' later.  OPTION #2: Set this now:
+# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
 openvpn_install: True

vars/local_vars_large.yml

@@ -128,6 +128,8 @@ sshd_enabled: True
 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit
 remoteit_install: True
 remoteit_enabled: False
+# OPTION #1: Run 'sudo iiab-remoteit' later.  OPTION #2: Set this now:
+# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
 openvpn_install: True

vars/local_vars_medium.yml

@@ -128,6 +128,8 @@ sshd_enabled: True
 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit
 remoteit_install: True
 remoteit_enabled: False
+# OPTION #1: Run 'sudo iiab-remoteit' later.  OPTION #2: Set this now:
+# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
 openvpn_install: True

vars/local_vars_small.yml

@@ -128,6 +128,8 @@ sshd_enabled: True
 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit
 remoteit_install: True
 remoteit_enabled: False
+# OPTION #1: Run 'sudo iiab-remoteit' later.  OPTION #2: Set this now:
+# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
 openvpn_install: True

vars/local_vars_unittest.yml

@@ -128,6 +128,8 @@ sshd_enabled: True
 # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit
 remoteit_install: True
 remoteit_enabled: False
+# OPTION #1: Run 'sudo iiab-remoteit' later.  OPTION #2: Set this now:
+# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
 openvpn_install: True