From 04be152c0d3d81306c2d5bdc3554f379728e6396 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:03:13 -0400 Subject: [PATCH 01/54] refactor for readability; try Ansible's systemd --- roles/openvpn/tasks/main.yml | 158 ++++++++++++++++++++--------------- 1 file changed, 91 insertions(+), 67 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index e195389a6..928470ed5 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -1,105 +1,129 @@ ---- - - name: Install OpenVPN packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - - openvpn - - nmap + - openvpn + - nmap tags: - download - name: Create the directory for keys - file: dest=/etc/openvpn/keys - state=directory - owner=root - group=root - mode=0755 + file: + dest: /etc/openvpn/keys + state: directory + owner: root + group: root + mode: 0755 - name: Create the directory for scripts - file: dest=/etc/openvpn/scripts - state=directory - owner=root - group=root - mode=0755 + file: + dest: /etc/openvpn/scripts + state: directory + owner: root + group: root + mode:0755 - name: Create a folder for iiab executable not on path - file: path=/usr/lib/iiab - state=directory + file: + path: /usr/lib/iiab + state: directory - name: Configure OpenVPN - template: src={{ item.src }} - dest={{ item.dest }} - owner={{ item.owner }} - group=root - mode={{ item.mode }} + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner }}" + group: root + mode: "{{ item.mode }}" with_items: - - { src: 'ca.crt', dest: '/etc/openvpn/keys/ca.crt', owner: "root" , mode: '0644' } - - { src: 'client1.crt', dest: '/etc/openvpn/keys/client1.crt', owner: "root" , mode: '0644' } - - { src: 'client1.key', dest: '/etc/openvpn/keys/client1.key', owner: "root" , mode: '0600' } - - { src: 'announce', dest: '/etc/openvpn/scripts/announce', owner: "root" , mode: '0755' } - - { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', owner: "root" , mode: '0755' } - - { src: 'silence', dest: '/etc/openvpn/scripts/silence', owner: "root" , mode: '0755' } - - { src: 'xscenet.conf', dest: '/etc/openvpn/xscenet.conf', owner: "root" , mode: '0644' } - - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', owner: "root" , mode: '0644' } - - { src: 'iiab-vpn', dest: '/usr/bin/iiab-vpn', owner: "root" , mode: '0755' } - - { src: 'iiab-handle', dest: '/usr/bin/iiab-handle', owner: "root" , mode: '0755' } - - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', owner: "root" , mode: '0755' } - - { src: 'start.j2', dest: '/usr/lib/iiab/start', owner: "root" , mode: '0755' } - - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', owner: "root" , mode: '0755' } - - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', owner: "root" , mode: '0755' } + - { src: 'ca.crt', dest: '/etc/openvpn/keys/ca.crt', owner: "root", mode: '0644' } + - { src: 'client1.crt', dest: '/etc/openvpn/keys/client1.crt', owner: "root", mode: '0644' } + - { src: 'client1.key', dest: '/etc/openvpn/keys/client1.key', owner: "root", mode: '0600' } + - { src: 'announce', dest: '/etc/openvpn/scripts/announce', owner: "root", mode: '0755' } + - { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', owner: "root", mode: '0755' } + - { src: 'silence', dest: '/etc/openvpn/scripts/silence', owner: "root", mode: '0755' } + - { src: 'xscenet.conf', dest: '/etc/openvpn/xscenet.conf', owner: "root", mode: '0644' } + - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', owner: "root", mode: '0644' } + - { src: 'iiab-vpn', dest: '/usr/bin/iiab-vpn', owner: "root", mode: '0755' } + - { src: 'iiab-handle', dest: '/usr/bin/iiab-handle', owner: "root", mode: '0755' } + - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', owner: "root", mode: '0755' } + - { src: 'start.j2', dest: '/usr/lib/iiab/start', owner: "root", mode: '0755' } + - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', owner: "root", mode: '0755' } + - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', owner: "root", mode: '0755' } -- name: Put up_wan in place for Debian - template: src=up_wan dest=/usr/lib/iiab/up_wan +- name: Put up_wan in place (debuntu) + template: + src: up_wan + dest: /usr/lib/iiab/up_wan when: is_debuntu -- name: Put dispatcher up for NM - template: src=15-openvpn dest=/etc/NetworkManager/dispatcher.d/ +- name: Put dispatcher up for NM (not debuntu) + template: + src: 15-openvpn + dest: /etc/NetworkManager/dispatcher.d/ when: not is_debuntu - name: Check for manually configured OpenVPN tunnel - stat: path=/etc/openvpn/iiab-vpn.conf + stat: + path: /etc/openvpn/iiab-vpn.conf register: stat -# note that ansible does not currently handle @ in a service name -- name: Enable the OpenVPN tunnel at boot time - shell: systemctl enable openvpn@xscenet.service - when: openvpn_enabled and not stat.exists is defined and is_debuntu +# note that ansible does not currently handle @ in a service name (FIXED SOMETIME PRIOR TO AUGUST 2018??) +- name: Enable & Start openvpn@xscenet tunnel + systemd: + name: openvpn@xscenet.service + enabled: yes + state: started + when: openvpn_enabled and not stat.exists is defined -- name: Enable the OpenVPN tunnel at boot time for Debian - shell: update-rc.d openvpn enable - when: openvpn_enabled and not stat.exists is defined and is_debuntu +#- name: Enable the OpenVPN tunnel at boot time (debuntu) +# shell: systemctl enable openvpn@xscenet.service +# when: openvpn_enabled and not stat.exists is defined and is_debuntu -- name: Start the OpenVPN tunnel now - shell: systemctl start openvpn@xscenet.service - when: openvpn_enabled and not stat.exists is defined and not installing +#- name: Enable the OpenVPN tunnel at boot time (debuntu) +# shell: update-rc.d openvpn enable +# when: openvpn_enabled and not stat.exists is defined and is_debuntu + +#- name: Start the OpenVPN tunnel now +# shell: systemctl start openvpn@xscenet.service +# when: openvpn_enabled and not stat.exists is defined and not installing - name: Make OpenVPN connection automatic - lineinfile: dest=/etc/crontab - line="25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" + lineinfile: + dest: /etc/crontab + line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" when: openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined - name: Make OpenVPN connection manual - lineinfile: dest=/etc/crontab - regexp=".*/usr/bin/systemctl*" - state=absent + lineinfile: + dest: /etc/crontab + regexp: ".*/usr/bin/systemctl*" + state: absent when: not openvpn_enabled or not openvpn_cron_enabled -- name: Stop starting the OpenVPN tunnel at boot time - shell: systemctl disable openvpn@xscenet.service - when: not openvpn_enabled and not is_debuntu +- name: Disable & Stop openvpn@xscenet tunnel + systemd: + name: openvpn@xscenet.service + enabled: no + state: stopped + when: not openvpn_enabled -- name: Stop starting the OpenVPN tunnel at boot time for Debian - shell: update-rc.d openvpn disable - when: not openvpn_enabled and is_debuntu +#- name: Stop starting the OpenVPN tunnel at boot time (not debuntu) +# shell: systemctl disable openvpn@xscenet.service +# when: not openvpn_enabled and not is_debuntu -- name: Stop OpenVPN tunnel immediately - shell: systemctl stop openvpn@xscenet.service - ignore_errors: True - when: not openvpn_enabled and not installing +#- name: Stop starting the OpenVPN tunnel at boot time (debuntu) +# shell: update-rc.d openvpn disable +# when: not openvpn_enabled and is_debuntu + +#- name: Stop OpenVPN tunnel immediately +# shell: systemctl stop openvpn@xscenet.service +# ignore_errors: True +# when: not openvpn_enabled and not installing - name: Add 'openvpn' to list of services at /etc/iiab/iiab.ini From e37f1803250e952d9c22fee9be4a8f146fd860c5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:05:29 -0400 Subject: [PATCH 02/54] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 928470ed5..6e7df492d 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -22,7 +22,7 @@ state: directory owner: root group: root - mode:0755 + mode: 0755 - name: Create a folder for iiab executable not on path file: From fdd121aa74b89fd1a4064b196fb193db9d20e013 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:16:40 -0400 Subject: [PATCH 03/54] Place OpenVPN handle in /etc/iiab/handle --- roles/openvpn/tasks/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 6e7df492d..3e584241d 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -52,6 +52,15 @@ - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', owner: "root", mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', owner: "root", mode: '0755' } +- name: Place OpenVPN handle in /etc/iiab/handle + lineinfile: + path: /etc/iiab/handle + create: yes + line: "{{ openvpn_handle }}" + owner: root + group: root + mode: 0644 + - name: Put up_wan in place (debuntu) template: src: up_wan From 7880aff4d30d546f25eee32765390e3d694b445a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:20:12 -0400 Subject: [PATCH 04/54] Update main.yml --- roles/openvpn/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 3e584241d..8941af962 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Install OpenVPN packages +- name: Install OpenVPN and Nmap packages package: name: "{{ item }}" state: present @@ -52,7 +52,7 @@ - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', owner: "root", mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', owner: "root", mode: '0755' } -- name: Place OpenVPN handle in /etc/iiab/handle +- name: Save openvpn_handle variable into /etc/iiab/handle lineinfile: path: /etc/iiab/handle create: yes From bcea002c96f53f4bb11da4fb03cc6bf99d28684c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:23:24 -0400 Subject: [PATCH 05/54] Update main.yml --- roles/openvpn/defaults/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index 6ae8dd6bc..9da00cfe2 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -1,5 +1,7 @@ +openvpn_install: True +openvpn_enable: False + vpn_presence: xscenet.net openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_port: 1194 -openvpn_install: True -openvpn_enable: False +openvpn_handle: UNNAMED From afa1a5d49f2409c03ec650cb8801c021aac28103 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:30:02 -0400 Subject: [PATCH 06/54] Update main.yml --- roles/openvpn/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index 9da00cfe2..81563f643 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -1,7 +1,9 @@ openvpn_install: True openvpn_enable: False +openvpn_handle: UNNAMED +openvpn_cron_enabled: True + vpn_presence: xscenet.net openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_port: 1194 -openvpn_handle: UNNAMED From 9d6f8b1f34b29dcc65dc21ce357791d47085312b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:30:25 -0400 Subject: [PATCH 07/54] Update default_vars.yml --- vars/default_vars.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 76df8d252..4e734ab15 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -186,13 +186,16 @@ mysql_root_password: fixmysql sshd_enabled: True # OpenVPN -vpn_presence: xscenet.net -openvpn_server_port: 1194 -openvpn_server_virtual_ip: 10.8.0.1 -openvpn_cron_enabled: False openvpn_install: True openvpn_enabled: False +openvpn_handle: UNNAMED +openvpn_cron_enabled: True + +vpn_presence: xscenet.net +openvpn_server_virtual_ip: 10.8.0.1 +openvpn_server_port: 1194 + # roles/network runs here (MANY SETTINGS ABOVE) # Homepage From 0cb3e848d724241cd56f4b62640531d18c843f2a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:37:42 -0400 Subject: [PATCH 08/54] Update main.yml --- roles/openvpn/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index 81563f643..e378c94dd 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -2,7 +2,8 @@ openvpn_install: True openvpn_enable: False openvpn_handle: UNNAMED -openvpn_cron_enabled: True +# cron seems necessary on CentOS: +openvpn_cron_enabled: False vpn_presence: xscenet.net openvpn_server_virtual_ip: 10.8.0.1 From 481dbdf917ed08b168531a68912e21b83772810f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:38:51 -0400 Subject: [PATCH 09/54] Update default_vars.yml --- vars/default_vars.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4e734ab15..999cf1b24 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -190,7 +190,8 @@ openvpn_install: True openvpn_enabled: False openvpn_handle: UNNAMED -openvpn_cron_enabled: True +# cron seems necessary on CentOS: +openvpn_cron_enabled: False vpn_presence: xscenet.net openvpn_server_virtual_ip: 10.8.0.1 From 5473becd16c4a908e3f992897d17da80ca385419 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:41:48 -0400 Subject: [PATCH 10/54] vpn_presence -> openvpn_server --- roles/openvpn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index e378c94dd..cb72b0a00 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -5,6 +5,6 @@ openvpn_handle: UNNAMED # cron seems necessary on CentOS: openvpn_cron_enabled: False -vpn_presence: xscenet.net +openvpn_server: xscenet.net openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_port: 1194 From fe25f73bf7fa5ae8e1daa451d0079bc49fd366fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:42:07 -0400 Subject: [PATCH 11/54] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 999cf1b24..2f97792db 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -193,7 +193,7 @@ openvpn_handle: UNNAMED # cron seems necessary on CentOS: openvpn_cron_enabled: False -vpn_presence: xscenet.net +openvpn_server: xscenet.net openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_port: 1194 From 06df627eeb6d6b0225540ca6b51abb97ac47b3f3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:48:28 -0400 Subject: [PATCH 12/54] Update main.yml --- roles/openvpn/tasks/main.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 8941af962..8a43d83b2 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -146,11 +146,15 @@ value: OpenVPN - option: description value: '"OpenVPN is a means of connecting to a server anywhere on the internet, via a middleman server."' - - option: middleman_url - value: "{{ vpn_presence }}" - - option: port - value: "{{ openvpn_server_port }}" - option: enabled value: "{{ openvpn_enabled }}" + - option: handle + value: "{{ openvpn_handle }}" - option: cron_enabled value: "{{ openvpn_cron_enabled }}" + - option: server + value: "{{ openvpn_server }}" + - option: server_virtual_ip + value: "{{ openvpn_server_virtual_ip }}" + - option: server_port + value: "{{ openvpn_server_port }}" From d1d549b87c0daad1be36d4afd3f7312c941e703c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:49:18 -0400 Subject: [PATCH 13/54] vpn_presence -> openvpn_server --- roles/openvpn/templates/party-line.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/party-line.conf.j2 b/roles/openvpn/templates/party-line.conf.j2 index 7d95b2ac6..1ff61a019 100644 --- a/roles/openvpn/templates/party-line.conf.j2 +++ b/roles/openvpn/templates/party-line.conf.j2 @@ -14,7 +14,7 @@ port {{ openvpn_server_port }} dev tun -remote {{ vpn_presence }} +remote {{ openvpn_server }} # TLS parms From 3357a385f10e8fddde94b7abbab3d6a5f98da67f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:49:46 -0400 Subject: [PATCH 14/54] vpn_presence -> openvpn_server --- roles/openvpn/templates/xscenet.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/xscenet.conf b/roles/openvpn/templates/xscenet.conf index 1ea80f447..cf83779de 100644 --- a/roles/openvpn/templates/xscenet.conf +++ b/roles/openvpn/templates/xscenet.conf @@ -9,7 +9,7 @@ port {{ openvpn_server_port }} dev tun -remote {{ vpn_presence }} +remote {{ openvpn_server }} # TLS parms From 86f5523d83f4dd67d6f33522f9af7b77491428ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:53:53 -0400 Subject: [PATCH 15/54] Update local_vars_big.yml --- vars/local_vars_big.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 7e693f6c3..84eeae0e9 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -85,9 +85,10 @@ allow_apache_sudo: True # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security openvpn_install: True openvpn_enabled: False + +openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True -# If changing the above, remember to run "cd /opt/iiab/iiab; ./runrole openvpn" # roles/network runs here (MANY SETTINGS ABOVE) From 2a50bea6fa94287fb9419776cc913776044b34a3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:53:58 -0400 Subject: [PATCH 16/54] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index fd109e255..e10698531 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -85,9 +85,10 @@ allow_apache_sudo: True # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security openvpn_install: True openvpn_enabled: False + +openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True -# If changing the above, remember to run "cd /opt/iiab/iiab; ./runrole openvpn" # roles/network runs here (MANY SETTINGS ABOVE) From 15b6ee3c4595b6b217c357eda301503dafbbf5a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:54:04 -0400 Subject: [PATCH 17/54] Update local_vars_min.yml --- vars/local_vars_min.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 8f5ee2ba1..01a0e4c99 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -85,9 +85,10 @@ allow_apache_sudo: True # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security openvpn_install: True openvpn_enabled: False + +openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True -# If changing the above, remember to run "cd /opt/iiab/iiab; ./runrole openvpn" # roles/network runs here (MANY SETTINGS ABOVE) From 0d32914afee4563d5f0e1dedd3dc17436c78914e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:55:54 -0400 Subject: [PATCH 18/54] Update local_vars_min_vpn.yml --- vars/local_vars_min_vpn.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_min_vpn.yml b/vars/local_vars_min_vpn.yml index 015bc0ee0..1105b1a00 100644 --- a/vars/local_vars_min_vpn.yml +++ b/vars/local_vars_min_vpn.yml @@ -85,9 +85,10 @@ allow_apache_sudo: True # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security openvpn_install: True openvpn_enabled: True + +openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True -# If changing the above, remember to run "cd /opt/iiab/iiab; ./runrole openvpn" # roles/network runs here (MANY SETTINGS ABOVE) From 3ef4a5a8e3579ebb1be0d6559b932a8f141defc3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:56:24 -0400 Subject: [PATCH 19/54] Update local_vars_medium_vpn.yml --- vars/local_vars_medium_vpn.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_medium_vpn.yml b/vars/local_vars_medium_vpn.yml index b82c44260..ad7fd07fa 100644 --- a/vars/local_vars_medium_vpn.yml +++ b/vars/local_vars_medium_vpn.yml @@ -85,9 +85,10 @@ allow_apache_sudo: True # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security openvpn_install: True openvpn_enabled: True + +openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True -# If changing the above, remember to run "cd /opt/iiab/iiab; ./runrole openvpn" # roles/network runs here (MANY SETTINGS ABOVE) From 09c3477d0ca45a25dc53004e330e1fc6fc32c7d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 15:58:06 -0400 Subject: [PATCH 20/54] Update local_vars_big_vpn.yml --- vars/local_vars_big_vpn.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_big_vpn.yml b/vars/local_vars_big_vpn.yml index 33e5aa6e8..2bc5253b7 100644 --- a/vars/local_vars_big_vpn.yml +++ b/vars/local_vars_big_vpn.yml @@ -85,9 +85,10 @@ allow_apache_sudo: True # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security openvpn_install: True openvpn_enabled: True + +openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True -# If changing the above, remember to run "cd /opt/iiab/iiab; ./runrole openvpn" # roles/network runs here (MANY SETTINGS ABOVE) From 15180221ab508ce4638b68e55eb8012dae7560c9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:14:35 -0400 Subject: [PATCH 21/54] Update main.yml --- roles/openvpn/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 8a43d83b2..655e7eb6d 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -60,6 +60,7 @@ owner: root group: root mode: 0644 + backup: yes - name: Put up_wan in place (debuntu) template: From 47e22a04e0de0585ffdd073babc40dd0ceb41e03 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:37:58 -0400 Subject: [PATCH 22/54] Update main.yml --- roles/openvpn/tasks/main.yml | 49 +++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 655e7eb6d..b64801d34 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -33,35 +33,44 @@ template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ item.owner }}" + owner: root group: root mode: "{{ item.mode }}" with_items: - - { src: 'ca.crt', dest: '/etc/openvpn/keys/ca.crt', owner: "root", mode: '0644' } - - { src: 'client1.crt', dest: '/etc/openvpn/keys/client1.crt', owner: "root", mode: '0644' } - - { src: 'client1.key', dest: '/etc/openvpn/keys/client1.key', owner: "root", mode: '0600' } - - { src: 'announce', dest: '/etc/openvpn/scripts/announce', owner: "root", mode: '0755' } - - { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', owner: "root", mode: '0755' } - - { src: 'silence', dest: '/etc/openvpn/scripts/silence', owner: "root", mode: '0755' } - - { src: 'xscenet.conf', dest: '/etc/openvpn/xscenet.conf', owner: "root", mode: '0644' } - - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', owner: "root", mode: '0644' } - - { src: 'iiab-vpn', dest: '/usr/bin/iiab-vpn', owner: "root", mode: '0755' } - - { src: 'iiab-handle', dest: '/usr/bin/iiab-handle', owner: "root", mode: '0755' } - - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', owner: "root", mode: '0755' } - - { src: 'start.j2', dest: '/usr/lib/iiab/start', owner: "root", mode: '0755' } - - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', owner: "root", mode: '0755' } - - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', owner: "root", mode: '0755' } + - { src: 'ca.crt', dest: '/etc/openvpn/keys/ca.crt', mode: '0644' } + - { src: 'client1.crt', dest: '/etc/openvpn/keys/client1.crt', mode: '0644' } + - { src: 'client1.key', dest: '/etc/openvpn/keys/client1.key', mode: '0600' } + - { src: 'announce', dest: '/etc/openvpn/scripts/announce', mode: '0755' } + - { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } + - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } + - { src: 'xscenet.conf', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } + - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } + - { src: 'iiab-vpn', dest: '/usr/bin/iiab-vpn', mode: '0755' } + - { src: 'iiab-handle', dest: '/usr/bin/iiab-handle', mode: '0755' } + - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } + - { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } + - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', mode: '0755' } + - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } -- name: Save openvpn_handle variable into /etc/iiab/handle - lineinfile: - path: /etc/iiab/handle - create: yes - line: "{{ openvpn_handle }}" +- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) + template: + src: handle + dest: /etc/iiab/openvpn_handle owner: root group: root mode: 0644 backup: yes +#- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle +# lineinfile: +# path: /etc/iiab/openvpn_handle +# create: yes +# line: "{{ openvpn_handle }}" +# owner: root +# group: root +# mode: 0644 +# backup: yes + - name: Put up_wan in place (debuntu) template: src: up_wan From 0174be0969cf6128fe78e63344886f4f7bfae531 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:40:58 -0400 Subject: [PATCH 23/54] /etc/iiab/handle -> /etc/iiab/openvpn_handle --- roles/openvpn/templates/announcer | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/announcer b/roles/openvpn/templates/announcer index 7842cfcf0..7b9a95a1c 100755 --- a/roles/openvpn/templates/announcer +++ b/roles/openvpn/templates/announcer @@ -9,8 +9,8 @@ if [ -z "$HANDLE" ]; then '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` fi if [ -z "$HANDLE" ]; then - if [ -f /etc/iiab/handle ]; then - HANDLE=`cat /etc/iiab/handle` + if [ -f /etc/iiab/openvpn_handle ]; then + HANDLE=`cat /etc/iiab/openvpn_handle` fi fi if [ -f /etc/iiab/uuid ]; then From 6c0fc28ef8c4df27f3fb7e1575e87a58d0499c35 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:41:59 -0400 Subject: [PATCH 24/54] /etc/iiab/handle -> /etc/iiab/openvpn_handle --- roles/openvpn/templates/iiab-handle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/templates/iiab-handle b/roles/openvpn/templates/iiab-handle index f780fbcb7..41009b0c4 100755 --- a/roles/openvpn/templates/iiab-handle +++ b/roles/openvpn/templates/iiab-handle @@ -4,10 +4,10 @@ echo echo read -p "what identifying handle would you like to use? " ans if [ "$ans" == "" ]; then - if [ -f /etc/iiab/handle ]; then - rm -f /etc/iiab/handle + if [ -f /etc/iiab/openvpn_handle ]; then + rm -f /etc/iiab/openvpn_handle fi else - echo $ans > /etc/iiab/handle + echo $ans > /etc/iiab/openvpn_handle fi {{ systemctl_program }} restart openvpn@xscenet From deb0635e0d450714414aa981a410e687a0980a4a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:43:09 -0400 Subject: [PATCH 25/54] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index b64801d34..3a2db5c84 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -54,7 +54,7 @@ - name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) template: - src: handle + src: openvpn_handle dest: /etc/iiab/openvpn_handle owner: root group: root From d7f393f3af2e9d8331180a765c462591e7f5e421 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:44:40 -0400 Subject: [PATCH 26/54] Create openvpn_handle.j2 --- roles/openvpn/templates/openvpn_handle.j2 | 1 + 1 file changed, 1 insertion(+) create mode 100644 roles/openvpn/templates/openvpn_handle.j2 diff --git a/roles/openvpn/templates/openvpn_handle.j2 b/roles/openvpn/templates/openvpn_handle.j2 new file mode 100644 index 000000000..bd1965bc6 --- /dev/null +++ b/roles/openvpn/templates/openvpn_handle.j2 @@ -0,0 +1 @@ +{{ openvpn_handle }} From 1b0f7916b8ac7b008bcf375224b76d89d41a5a5d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:45:44 -0400 Subject: [PATCH 27/54] Rename iiab-handle to iiab-handle.j2 --- roles/openvpn/templates/{iiab-handle => iiab-handle.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/openvpn/templates/{iiab-handle => iiab-handle.j2} (100%) diff --git a/roles/openvpn/templates/iiab-handle b/roles/openvpn/templates/iiab-handle.j2 similarity index 100% rename from roles/openvpn/templates/iiab-handle rename to roles/openvpn/templates/iiab-handle.j2 From 88e2847b1f742c6f23eb79ffb06af342d7f4cbf2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:45:57 -0400 Subject: [PATCH 28/54] Rename xscenet.conf to xscenet.conf.j2 --- roles/openvpn/templates/{xscenet.conf => xscenet.conf.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/openvpn/templates/{xscenet.conf => xscenet.conf.j2} (100%) diff --git a/roles/openvpn/templates/xscenet.conf b/roles/openvpn/templates/xscenet.conf.j2 similarity index 100% rename from roles/openvpn/templates/xscenet.conf rename to roles/openvpn/templates/xscenet.conf.j2 From a360d020796e8ddbc23a42f97bcc8df62fdf2bf7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:50:47 -0400 Subject: [PATCH 29/54] Add .j2 file extensions if using Ansible var(s) --- roles/openvpn/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 3a2db5c84..ed80084a1 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -43,10 +43,10 @@ - { src: 'announce', dest: '/etc/openvpn/scripts/announce', mode: '0755' } - { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - - { src: 'xscenet.conf', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } + - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } - - { src: 'iiab-vpn', dest: '/usr/bin/iiab-vpn', mode: '0755' } - - { src: 'iiab-handle', dest: '/usr/bin/iiab-handle', mode: '0755' } + - { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } + - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } - { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', mode: '0755' } @@ -54,7 +54,7 @@ - name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) template: - src: openvpn_handle + src: openvpn_handle.j2 dest: /etc/iiab/openvpn_handle owner: root group: root From 486be4608e36d13a50b2bf3d9adfeb1252f3b154 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 16:54:08 -0400 Subject: [PATCH 30/54] Rename iiab-vpn to iiab-vpn.j2 --- roles/openvpn/templates/{iiab-vpn => iiab-vpn.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/openvpn/templates/{iiab-vpn => iiab-vpn.j2} (100%) diff --git a/roles/openvpn/templates/iiab-vpn b/roles/openvpn/templates/iiab-vpn.j2 similarity index 100% rename from roles/openvpn/templates/iiab-vpn rename to roles/openvpn/templates/iiab-vpn.j2 From a7d76c060d5e85509fe32d132b35b5944b37ff88 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 17:10:28 -0400 Subject: [PATCH 31/54] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index ed80084a1..16e8417ba 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -89,14 +89,14 @@ register: stat -# note that ansible does not currently handle @ in a service name (FIXED SOMETIME PRIOR TO AUGUST 2018??) -- name: Enable & Start openvpn@xscenet tunnel +- name: Enable & (Re)Start openvpn@xscenet tunnel systemd: name: openvpn@xscenet.service enabled: yes - state: started + state: restarted when: openvpn_enabled and not stat.exists is defined +# FIXED SOMETIME PRIOR TO AUGUST 2018: ansible [did] not handle @ in a service name #- name: Enable the OpenVPN tunnel at boot time (debuntu) # shell: systemctl enable openvpn@xscenet.service # when: openvpn_enabled and not stat.exists is defined and is_debuntu From 7469784de17e22128781712118277bd8ec8d4118 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 17:43:02 -0400 Subject: [PATCH 32/54] Update main.yml --- roles/openvpn/tasks/main.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 16e8417ba..7877c8703 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -61,16 +61,6 @@ mode: 0644 backup: yes -#- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle -# lineinfile: -# path: /etc/iiab/openvpn_handle -# create: yes -# line: "{{ openvpn_handle }}" -# owner: root -# group: root -# mode: 0644 -# backup: yes - - name: Put up_wan in place (debuntu) template: src: up_wan From 98fd21869fb5b57b4007d5b2b0f7c8a937fae0ab Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 17:44:35 -0400 Subject: [PATCH 33/54] Update main.yml --- roles/openvpn/tasks/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 7877c8703..ae7554f94 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -29,6 +29,15 @@ path: /usr/lib/iiab state: directory +- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) + template: + src: openvpn_handle.j2 + dest: /etc/iiab/openvpn_handle + owner: root + group: root + mode: 0644 + backup: yes + - name: Configure OpenVPN template: src: "{{ item.src }}" @@ -52,15 +61,6 @@ - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } -- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) - template: - src: openvpn_handle.j2 - dest: /etc/iiab/openvpn_handle - owner: root - group: root - mode: 0644 - backup: yes - - name: Put up_wan in place (debuntu) template: src: up_wan From ff76f3e4294205053ea32754cc40b74a5ebc3d2c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 20:29:05 -0400 Subject: [PATCH 34/54] Update announcer --- roles/openvpn/templates/announcer | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/openvpn/templates/announcer b/roles/openvpn/templates/announcer index 7b9a95a1c..26de78019 100755 --- a/roles/openvpn/templates/announcer +++ b/roles/openvpn/templates/announcer @@ -4,21 +4,22 @@ HANDLE= UUID= source /etc/iiab/iiab.env -if [ -z "$HANDLE" ]; then - HANDLE=`cat /etc/iiab/iiab.ini | gawk \ - '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` -fi -if [ -z "$HANDLE" ]; then - if [ -f /etc/iiab/openvpn_handle ]; then - HANDLE=`cat /etc/iiab/openvpn_handle` - fi +if [ -f /etc/iiab/openvpn_handle ]; then + HANDLE=`cat /etc/iiab/openvpn_handle` fi +# DANGEROUS AS OF AUGUST 2018: +#if [ -z "$HANDLE" ]; then +# HANDLE=`cat /etc/iiab/iiab.ini | gawk \ +# '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` +#fi if [ -f /etc/iiab/uuid ]; then UUID=`cat /etc/iiab/uuid` fi # start the daemon which will serve the handle on demand +# NEXT LINE OBSOLETE? August 2018 source /etc/init.d/functions SERVER=/usr/bin/ncat +# NEXT LINE OBSOLETE? August 2018 PID_FILE=/var/run/openvpn/announce.pid HANDLE=${HANDLE// /_} {% if is_debuntu %} From 63009659f8131244f345e43946736e2317a4bfdc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 20:33:54 -0400 Subject: [PATCH 35/54] Update main.yml --- roles/openvpn/tasks/main.yml | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index ae7554f94..160651db0 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -29,15 +29,6 @@ path: /usr/lib/iiab state: directory -- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) - template: - src: openvpn_handle.j2 - dest: /etc/iiab/openvpn_handle - owner: root - group: root - mode: 0644 - backup: yes - - name: Configure OpenVPN template: src: "{{ item.src }}" @@ -61,6 +52,15 @@ - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } +- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) + template: + src: openvpn_handle.j2 + dest: /etc/iiab/openvpn_handle + owner: root + group: root + mode: 0644 + backup: yes + - name: Put up_wan in place (debuntu) template: src: up_wan @@ -100,16 +100,17 @@ # when: openvpn_enabled and not stat.exists is defined and not installing -- name: Make OpenVPN connection automatic +- name: Enable hourly cron job for OpenVPN lineinfile: dest: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" when: openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined -- name: Make OpenVPN connection manual +- name: Remove hourly cron jobs for OpenVPN lineinfile: dest: /etc/crontab - regexp: ".*/usr/bin/systemctl*" + regexp: "openvpn@xscenet" + #regexp: ".*/usr/bin/systemctl*" state: absent when: not openvpn_enabled or not openvpn_cron_enabled From 7a4a9137b0f944157ce268cdb45ec8864c79e0fa Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 20:48:40 -0400 Subject: [PATCH 36/54] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 160651db0..94966fcc6 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -146,7 +146,7 @@ - option: name value: OpenVPN - option: description - value: '"OpenVPN is a means of connecting to a server anywhere on the internet, via a middleman server."' + value: "OpenVPN is a means of connecting to others anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" - option: handle From 547ebad4a69163671b6bdec9dcaeaff417aed008 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 21:11:57 -0400 Subject: [PATCH 37/54] Update main.yml --- roles/openvpn/tasks/main.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 94966fcc6..81f52a3a1 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -79,6 +79,11 @@ register: stat +# AUG 2018: Unexplainably, this stanza had to be placed underneath ANY +# "lineinfile: ... state: absent" stanza to make openvpn_handle propagate +# properly to xscenet.net (monitoring ncat's erroneous handle parameter by +# observing "systemctl status openvpn@xscenet" helped trace the [primary?] +# bug to roles/openvpn/templates/announcer [far better now if not perfect?]) - name: Enable & (Re)Start openvpn@xscenet tunnel systemd: name: openvpn@xscenet.service @@ -99,7 +104,6 @@ # shell: systemctl start openvpn@xscenet.service # when: openvpn_enabled and not stat.exists is defined and not installing - - name: Enable hourly cron job for OpenVPN lineinfile: dest: /etc/crontab @@ -114,7 +118,6 @@ state: absent when: not openvpn_enabled or not openvpn_cron_enabled - - name: Disable & Stop openvpn@xscenet tunnel systemd: name: openvpn@xscenet.service From 3777f3221de85aa523326a349106087745f8a08f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 21:17:51 -0400 Subject: [PATCH 38/54] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 81f52a3a1..72063e6c2 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -79,11 +79,15 @@ register: stat -# AUG 2018: Unexplainably, this stanza had to be placed underneath ANY +# AUGUST 2018: Unexplainably, this stanza had to be placed underneath ANY # "lineinfile: ... state: absent" stanza to make openvpn_handle propagate # properly to xscenet.net (monitoring ncat's erroneous handle parameter by # observing "systemctl status openvpn@xscenet" helped trace the [primary?] # bug to roles/openvpn/templates/announcer [far better now if not perfect?]) +# Earlier "./runrole openvpn" had to be run twice to transmit +# /etc/iiab/openvpn_handle to xscenet.net -- and +# "systemctl restart openvpn@xscenet" was failing completely (no matter how +# many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net - name: Enable & (Re)Start openvpn@xscenet tunnel systemd: name: openvpn@xscenet.service From 3ec384071c80f954c7de6a1cc966fbeb0503200a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 21:34:09 -0400 Subject: [PATCH 39/54] Update main.yml --- roles/openvpn/tasks/main.yml | 37 ++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 72063e6c2..a870d59e6 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -79,7 +79,20 @@ register: stat -# AUGUST 2018: Unexplainably, this stanza had to be placed underneath ANY +# FIXED SOMETIME PRIOR TO AUGUST 2018: ansible [did] not handle @ in a service name +#- name: Enable the OpenVPN tunnel at boot time (debuntu) +# shell: systemctl enable openvpn@xscenet.service +# when: openvpn_enabled and not stat.exists is defined and is_debuntu + +#- name: Enable the OpenVPN tunnel at boot time (debuntu) +# shell: update-rc.d openvpn enable +# when: openvpn_enabled and not stat.exists is defined and is_debuntu + +#- name: Start the OpenVPN tunnel now +# shell: systemctl start openvpn@xscenet.service +# when: openvpn_enabled and not stat.exists is defined and not installing + +# AUGUST 2018: Unexplainably, stanza below had to be placed underneath ANY # "lineinfile: ... state: absent" stanza to make openvpn_handle propagate # properly to xscenet.net (monitoring ncat's erroneous handle parameter by # observing "systemctl status openvpn@xscenet" helped trace the [primary?] @@ -95,29 +108,17 @@ state: restarted when: openvpn_enabled and not stat.exists is defined -# FIXED SOMETIME PRIOR TO AUGUST 2018: ansible [did] not handle @ in a service name -#- name: Enable the OpenVPN tunnel at boot time (debuntu) -# shell: systemctl enable openvpn@xscenet.service -# when: openvpn_enabled and not stat.exists is defined and is_debuntu - -#- name: Enable the OpenVPN tunnel at boot time (debuntu) -# shell: update-rc.d openvpn enable -# when: openvpn_enabled and not stat.exists is defined and is_debuntu - -#- name: Start the OpenVPN tunnel now -# shell: systemctl start openvpn@xscenet.service -# when: openvpn_enabled and not stat.exists is defined and not installing - - name: Enable hourly cron job for OpenVPN lineinfile: - dest: /etc/crontab + path: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" when: openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined -- name: Remove hourly cron jobs for OpenVPN +- name: Remove hourly cron job for OpenVPN lineinfile: - dest: /etc/crontab + path: /etc/crontab regexp: "openvpn@xscenet" + # Potentially DANGEROUS as others use systemctl too: #regexp: ".*/usr/bin/systemctl*" state: absent when: not openvpn_enabled or not openvpn_cron_enabled @@ -153,7 +154,7 @@ - option: name value: OpenVPN - option: description - value: "OpenVPN is a means of connecting to others anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." + value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" - option: handle From aa2744cbc650bed005a009cdfe60a234803c9df3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 21:55:31 -0400 Subject: [PATCH 40/54] Comment/sentence clarified. --- roles/openvpn/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index a870d59e6..9e27f95b5 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -79,7 +79,9 @@ register: stat -# FIXED SOMETIME PRIOR TO AUGUST 2018: ansible [did] not handle @ in a service name +# FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not +# been working with systemd service names that contained the "@" character. + #- name: Enable the OpenVPN tunnel at boot time (debuntu) # shell: systemctl enable openvpn@xscenet.service # when: openvpn_enabled and not stat.exists is defined and is_debuntu From 6673219dfcb40f98264ace5a84c3f6b5076ccce1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 22:08:25 -0400 Subject: [PATCH 41/54] Update default_vars.yml --- vars/default_vars.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 2f97792db..772f23096 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -189,7 +189,9 @@ sshd_enabled: True openvpn_install: True openvpn_enabled: False +# For /etc/iiab/openvpn_handle openvpn_handle: UNNAMED + # cron seems necessary on CentOS: openvpn_cron_enabled: False From 2b0e738db36d10f83fbed1c4aec25279eb7dcdc9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 22:09:03 -0400 Subject: [PATCH 42/54] Update local_vars_min.yml --- vars/local_vars_min.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 01a0e4c99..80d71a43a 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -86,7 +86,9 @@ allow_apache_sudo: True openvpn_install: True openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: openvpn_handle: UNNAMED + # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 3b5906481ae9d2ca2a158a0006d40b7691d5123c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 22:09:25 -0400 Subject: [PATCH 43/54] Update local_vars_min_vpn.yml --- vars/local_vars_min_vpn.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_min_vpn.yml b/vars/local_vars_min_vpn.yml index 1105b1a00..93c19e580 100644 --- a/vars/local_vars_min_vpn.yml +++ b/vars/local_vars_min_vpn.yml @@ -86,7 +86,9 @@ allow_apache_sudo: True openvpn_install: True openvpn_enabled: True +# Set /etc/iiab/openvpn_handle in advance here: openvpn_handle: UNNAMED + # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 142a648e072bb54a1f6a6227d30c892c77676163 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 22:09:46 -0400 Subject: [PATCH 44/54] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index e10698531..cfa727c5d 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -86,7 +86,9 @@ allow_apache_sudo: True openvpn_install: True openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: openvpn_handle: UNNAMED + # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 043a21c075cb705ba994152974a693ba867b608f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 22:10:14 -0400 Subject: [PATCH 45/54] Update local_vars_medium_vpn.yml --- vars/local_vars_medium_vpn.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_medium_vpn.yml b/vars/local_vars_medium_vpn.yml index ad7fd07fa..9a670735d 100644 --- a/vars/local_vars_medium_vpn.yml +++ b/vars/local_vars_medium_vpn.yml @@ -86,7 +86,9 @@ allow_apache_sudo: True openvpn_install: True openvpn_enabled: True +# Set /etc/iiab/openvpn_handle in advance here: openvpn_handle: UNNAMED + # The following seems necessary on CentOS: # openvpn_cron_enabled: True From a1d1e5cfec7dc79d577adf9b54807f78d4937c25 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 22:10:36 -0400 Subject: [PATCH 46/54] Update local_vars_big.yml --- vars/local_vars_big.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 84eeae0e9..dc32d67d0 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -86,7 +86,9 @@ allow_apache_sudo: True openvpn_install: True openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: openvpn_handle: UNNAMED + # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 7fb67644a318d4c277645176d1758d0bf5d12373 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Aug 2018 22:10:55 -0400 Subject: [PATCH 47/54] Update local_vars_big_vpn.yml --- vars/local_vars_big_vpn.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_big_vpn.yml b/vars/local_vars_big_vpn.yml index 2bc5253b7..32c7d1482 100644 --- a/vars/local_vars_big_vpn.yml +++ b/vars/local_vars_big_vpn.yml @@ -86,7 +86,9 @@ allow_apache_sudo: True openvpn_install: True openvpn_enabled: True +# Set /etc/iiab/openvpn_handle in advance here: openvpn_handle: UNNAMED + # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 061bb2cf4f7dc71b83288ce24c783246eddd501d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Aug 2018 00:21:34 -0400 Subject: [PATCH 48/54] Update and rename announcer to announcer.j2 --- .../templates/{announcer => announcer.j2} | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) rename roles/openvpn/templates/{announcer => announcer.j2} (71%) diff --git a/roles/openvpn/templates/announcer b/roles/openvpn/templates/announcer.j2 similarity index 71% rename from roles/openvpn/templates/announcer rename to roles/openvpn/templates/announcer.j2 index 26de78019..8c3f05482 100755 --- a/roles/openvpn/templates/announcer +++ b/roles/openvpn/templates/announcer.j2 @@ -3,23 +3,24 @@ HANDLE= UUID= -source /etc/iiab/iiab.env + if [ -f /etc/iiab/openvpn_handle ]; then HANDLE=`cat /etc/iiab/openvpn_handle` +else + source /etc/iiab/iiab.env + # DANGEROUS AS OF AUGUST 2018: + if [ -z "$HANDLE" ]; then + HANDLE=`cat /etc/iiab/iiab.ini | gawk \ + '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` + fi fi -# DANGEROUS AS OF AUGUST 2018: -#if [ -z "$HANDLE" ]; then -# HANDLE=`cat /etc/iiab/iiab.ini | gawk \ -# '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` -#fi if [ -f /etc/iiab/uuid ]; then - UUID=`cat /etc/iiab/uuid` + UUID=`cat /etc/iiab/uuid` fi # start the daemon which will serve the handle on demand # NEXT LINE OBSOLETE? August 2018 source /etc/init.d/functions SERVER=/usr/bin/ncat -# NEXT LINE OBSOLETE? August 2018 PID_FILE=/var/run/openvpn/announce.pid HANDLE=${HANDLE// /_} {% if is_debuntu %} From e3cb7f88b79dd23f475956beea05dda4ab69e900 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Aug 2018 00:35:48 -0400 Subject: [PATCH 49/54] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 9e27f95b5..0b265238e 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -41,7 +41,7 @@ - { src: 'client1.crt', dest: '/etc/openvpn/keys/client1.crt', mode: '0644' } - { src: 'client1.key', dest: '/etc/openvpn/keys/client1.key', mode: '0600' } - { src: 'announce', dest: '/etc/openvpn/scripts/announce', mode: '0755' } - - { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } + - { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } From 212ad0d625638cc951662ab34ae9f07c828d2580 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Aug 2018 04:55:15 -0400 Subject: [PATCH 50/54] Update announcer.j2 --- roles/openvpn/templates/announcer.j2 | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index 8c3f05482..8e3a01353 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -3,7 +3,6 @@ HANDLE= UUID= - if [ -f /etc/iiab/openvpn_handle ]; then HANDLE=`cat /etc/iiab/openvpn_handle` else @@ -14,18 +13,20 @@ else '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` fi fi +HANDLE=${HANDLE// /_} if [ -f /etc/iiab/uuid ]; then UUID=`cat /etc/iiab/uuid` fi + # start the daemon which will serve the handle on demand -# NEXT LINE OBSOLETE? August 2018 -source /etc/init.d/functions SERVER=/usr/bin/ncat -PID_FILE=/var/run/openvpn/announce.pid -HANDLE=${HANDLE// /_} +ID=`printf "HANDLE = %s|UUID = %s" $HANDLE $UUID` {% if is_debuntu %} -ID=`printf "HANDLE = %s|UUID = %s|" $HANDLE $UUID` +#ID=`printf "HANDLE = %s|UUID = %s|" $HANDLE $UUID` $SERVER -l -k -p1705 --exec "/bin/echo $ID" & {% else %} -daemon --pidfile=${PID_FILE} $SERVER "-l -k -p1705 --exec \"/usr/bin/echo $(printf 'HANDLE = %s|UUID = %s' $HANDLE $UUID)\"" & +source /etc/init.d/functions +PID_FILE=/var/run/openvpn/announce.pid +daemon --pidfile=${PID_FILE} $SERVER "-l -k -p1705 --exec \"/usr/bin/echo $ID\"" & +#daemon --pidfile=${PID_FILE} $SERVER "-l -k -p1705 --exec \"/usr/bin/echo $(printf 'HANDLE = %s|UUID = %s' $HANDLE $UUID)\"" & {% endif %} From c2649d4e92965ab8304dd9bbbb75accc09e8b15b Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Aug 2018 05:05:23 -0400 Subject: [PATCH 51/54] Update announcer.j2 --- roles/openvpn/templates/announcer.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index 8e3a01353..d9020b7e1 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -18,11 +18,12 @@ if [ -f /etc/iiab/uuid ]; then UUID=`cat /etc/iiab/uuid` fi -# start the daemon which will serve the handle on demand SERVER=/usr/bin/ncat ID=`printf "HANDLE = %s|UUID = %s" $HANDLE $UUID` -{% if is_debuntu %} #ID=`printf "HANDLE = %s|UUID = %s|" $HANDLE $UUID` + +# start the daemon which will serve the handle on demand +{% if is_debuntu %} $SERVER -l -k -p1705 --exec "/bin/echo $ID" & {% else %} source /etc/init.d/functions From 33f5fc601cc88891ef8844bcd4932d6689f68bfb Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Aug 2018 05:23:15 -0400 Subject: [PATCH 52/54] Update announcer.j2 --- roles/openvpn/templates/announcer.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index d9020b7e1..d33810b29 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -4,10 +4,13 @@ HANDLE= UUID= if [ -f /etc/iiab/openvpn_handle ]; then + # Option #0: might source directly from /etc/iiab/local_vars.yml in future + # Option #1 HANDLE=`cat /etc/iiab/openvpn_handle` else + # Option #2: dangerous to invoke hypothetical variables :( source /etc/iiab/iiab.env - # DANGEROUS AS OF AUGUST 2018: + # Option #3: WAS BUGGY IN AUGUST 2018, but safer now that relegated to #3 ? if [ -z "$HANDLE" ]; then HANDLE=`cat /etc/iiab/iiab.ini | gawk \ '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` From 59462b59c81fc6e4228e354f3949ea31a56fdbf0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Aug 2018 05:27:12 -0400 Subject: [PATCH 53/54] Update announcer.j2 --- roles/openvpn/templates/announcer.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index d33810b29..c8296562f 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -10,7 +10,7 @@ if [ -f /etc/iiab/openvpn_handle ]; then else # Option #2: dangerous to invoke hypothetical variables :( source /etc/iiab/iiab.env - # Option #3: WAS BUGGY IN AUGUST 2018, but safer now that relegated to #3 ? + # Option #3: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from /etc/iiab/iiab.ini, but safer now that relegated to #3 ? if [ -z "$HANDLE" ]; then HANDLE=`cat /etc/iiab/iiab.ini | gawk \ '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` From b516d475d05fed7179683d174599c7133fffc45d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 14 Aug 2018 05:34:15 -0400 Subject: [PATCH 54/54] Update announcer.j2 --- roles/openvpn/templates/announcer.j2 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index c8296562f..8580112f9 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -1,14 +1,14 @@ #!/bin/bash -x -# small daemon to identify this machine to the openvpn server +# Small daemon to identify this machine to the OpenVPN server HANDLE= UUID= if [ -f /etc/iiab/openvpn_handle ]; then - # Option #0: might source directly from /etc/iiab/local_vars.yml in future + # Option #0: Might source directly from /etc/iiab/local_vars.yml in future # Option #1 HANDLE=`cat /etc/iiab/openvpn_handle` else - # Option #2: dangerous to invoke hypothetical variables :( + # Option #2: Dangerous to invoke hypothetical variables :( source /etc/iiab/iiab.env # Option #3: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from /etc/iiab/iiab.ini, but safer now that relegated to #3 ? if [ -z "$HANDLE" ]; then @@ -23,9 +23,10 @@ fi SERVER=/usr/bin/ncat ID=`printf "HANDLE = %s|UUID = %s" $HANDLE $UUID` +# August 2018: Removal of trailing slash tested on Raspbian, Ubuntu 18.04 & Ubuntu 16.04 #ID=`printf "HANDLE = %s|UUID = %s|" $HANDLE $UUID` -# start the daemon which will serve the handle on demand +# Start the daemon which will serve the handle on demand {% if is_debuntu %} $SERVER -l -k -p1705 --exec "/bin/echo $ID" & {% else %}