external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-15 04:32:11 +00:00
Code Issues Releases Wiki Activity

Merge pull request #242 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2019-05-12 19:20:19 -07:00 committed by GitHub
commit b99cab5655
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 150 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
install-support
View file

@ -1,6 +1,14 @@
#!/bin/bash
PLAYBOOK="iiab-support.yml"
echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n"
read -p "Continue? [y/N] " ans
if [ "$ans" != "y" ]; then
echo
exit
fi
PLAYBOOK="install-support.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
@ -12,22 +20,7 @@ if [ ! -f $PLAYBOOK ]; then
exit 1
fi
echo -en "\n\nWhat OpenVPN machine name (openvpn_handle) do you want? "
read ans < /dev/tty
if [ "$ans" != "" ]; then
sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml
echo -e "\nYour machine's openvpn_handle is now set, in /etc/iiab/local_vars.yml\n"
else
echo -e "\nWARNING: openvpn_handle remains unchanged in /etc/iiab/local_vars.yml\n"
fi
sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml
sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml
echo -e "Now let's (re)install and (re)start OpenVPN...\n"
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local
echo -en "\nYour OpenVPN handle is....... "
cat /etc/iiab/openvpn_handle
echo -e "\nYour OpenVPN IP address is... $(ip a | grep tun0$ | awk '{print $2}')\n\n"

5
iiab-support.yml → install-support.yml
View file

@ -9,5 +9,6 @@
roles:
- { role: 0-init, tags: ['0-init'] }
#- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] }
#- { role: 1-prep, tags: ['1-prep'] }
- { role: openvpn, tags: ['openvpn'] }
- { role: 1-prep, tags: ['1-prep'] }
#- { role: openvpn, tags: ['openvpn'] } # FASTER ALTERNATIVE THAN 1-prep (if 1-prep was already run!)
# BETTER YET, SEE: /usr/bin/iiab-support for a much friendlier UX, that only runs 1-prep when necessary.

2
roles/1-prep/tasks/main.yml
View file

@ -100,7 +100,7 @@
# https://wiki.debian.org/AppArmor/HowToUse
# https://packages.debian.org/buster/apparmor
# Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10
# pre-releases, during @floydianslips' March 2019 testing anyway!
# pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387
- name: Disable AppArmor -- override OS default (ubuntu)
service:
name: apparmor

2
roles/nextcloud/defaults/main.yml
View file

@ -11,7 +11,7 @@ nextcloud_url: /nextcloud
nextcloud_prefix: /opt
nextcloud_data_dir: "{{ content_base }}/nextcloud/data"
nextcloud_dl_url: https://download.nextcloud.com/server/releases
nextcloud_orig_src_file: latest-15.tar.bz2 # 2019-04-25: nextcloud-16.0.0.tar.bz2 requires PHP 7.1+ and so fails on current Raspbian and Debian 9 "Stretch". 2019-09-27 aside: latest-16.tar.bz2 oddly still not yet published at https://download.nextcloud.com/server/releases/
nextcloud_orig_src_file: latest-15.tar.bz2 # 2019-04-24: nextcloud-16.0.0.tar.bz2 requires PHP 7.1+ and so fails on current Raspbian 9 and Debian 9 "Stretch". 2019-05-11: latest-16.tar.bz2 finally published to https://download.nextcloud.com/server/releases/ (nextcloud/server#15502) e.g. for Ubuntu 18.04+
nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }}
# we install on mysql with these setting or those from default_vars, etc.

32
roles/openvpn/tasks/main.yml
View file

@ -72,9 +72,10 @@
- { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' }
- { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' }
- { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' }
- { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' }
- { src: 'iiab-support', dest: '/usr/bin/iiab-support', mode: '0755' }
- { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' }
- { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' }
- { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' }
# Comment out in future? Not recommended as of August 2018:
- { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' }
# Obsolete & unused for ~2 years as of August 2018:
@ -86,6 +87,18 @@
# Obsolete & unused for ~2 years as of August 2018:
#- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' }
- name: Create iiab-support-on (symlink to iiab-support for now)
file:
src: /usr/bin/iiab-support
path: /usr/bin/iiab-support-on
state: link
- name: Create iiab-support-off (symlink to iiab-remote-off for now)
file:
src: /usr/bin/iiab-remote-off
path: /usr/bin/iiab-support-off
state: link
- name: Create iiab-vpn-on (symlink to iiab-remote-on for now)
file:
src: /usr/bin/iiab-remote-on
@ -106,15 +119,14 @@
# dest: /usr/lib/iiab/up_wan
# when: is_debuntu
# Comment out in future? Contained serious bug (15-openvpn called
# up-wan instead of up_wan in /usr/lib/iiab/ as of August 2018) so
# evidently unused for ~2 years:
- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet)
template:
src: 15-openvpn
dest: /etc/NetworkManager/dispatcher.d/
#when: not is_debuntu # CONDITION APPEARS TOO BROAD
when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?)
# Contained serious bug (15-openvpn called up-wan instead of up_wan in
# /usr/lib/iiab/ as of August 2018) so evidently unused for ~2 years:
#- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet)
# template:
# src: 15-openvpn
# dest: /etc/NetworkManager/dispatcher.d/
# #when: not is_debuntu # CONDITION APPEARS TOO BROAD
# when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?)
# Was obsolete/unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf)
#- name: Check for manually configured OpenVPN tunnel

18
roles/openvpn/templates/iiab-handle.j2
View file

@ -1,17 +1,9 @@
#!/bin/bash
echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n"
echo -e '\n\nDEPRECATED:\n'
echo -e 'This interactive script TEMPORARILY (over)writes /etc/iiab/openvpn_handle'
echo -e 'to identify IIAB to the upstream OpenVPN server, until Ansible next runs.\n\n'
echo -e 'PLEASE USE THIS NEW METHOD INSTEAD:\n'
echo -e 'cd /opt/iiab/iiab'
echo -e 'sudo ./install-support\n\n'
echo -e 'This older script TEMPORARILY (over)writes /etc/iiab/openvpn_handle to'
echo -e 'identify IIAB to the upstream OpenVPN server, until Ansible next runs.\n'
#echo -e 'CORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml'
#echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n'
@ -20,7 +12,6 @@ echo -e 'PLEASE NOW TYPE CTRL-C TO QUIT. Or, if you really want it temporary un
read -p 'next time Ansible is run, what OpenVPN handle do you want? ' ans
echo
if [ "$ans" != "" ]; then
echo $ans > /etc/iiab/openvpn_handle
echo -e "\nYour machine's openvpn_handle is TEMPORARILY now set... \n"
@ -28,7 +19,7 @@ else
echo -e "\nWARNING: your machine's openvpn_handle remains unchanged...\n"
fi
echo -e "Restarting OpenVPN daemon...\n\n"
echo -e "Restarting OpenVPN daemon...\n"
# 2019-05-09: removing /etc/iiab/openvpn_handle (or setting it to "") are both very bad practices
#if [ "$ans" == "" ]; then
@ -39,7 +30,6 @@ echo -e "Restarting OpenVPN daemon...\n\n"
# echo $ans > /etc/iiab/openvpn_handle
#fi
{{ systemctl_program }} restart openvpn@xscenet
# This would also work: (but would bounce all VPN connections, if others exist, causing unnec disruption if so)
#{{ systemctl_program }} restart openvpn

7
roles/openvpn/templates/iiab-remote-on.j2
View file

@ -3,11 +3,14 @@
# /usr/bin/iiab-remote-on should turn on multiple remote support services like
# OpenVPN and others, for remote support, so they work even after reboot.
echo -e '\nWARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n'
echo -e "\n\n\e[44m CONSIDER RUNNING 'iiab-support' INSTEAD \e[0m\n\n"
echo -e 'WARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n'
echo -e '1) Set these variables in /etc/local/local_vars.yml'
echo -e ' openvpn_install: True'
echo -e ' openvpn_enabled: True\n'
echo -e ' openvpn_enabled: True'
echo -e ' openvpn_handle: <descriptive-name-for-your-machine>\n'
echo -e '2) Run:'
echo -e ' cd /opt/iiab/iiab'

101
roles/openvpn/templates/iiab-support Normal file
View file

@ -0,0 +1,101 @@
#!/bin/bash
# openvpn_handle is stored in 2 files on disk, one slightly stripped down (from
# the other) due to Ansible. So we emulate Ansible's behavior, when reading from
# (and later writing to) disk, removing outer cruft as explained on Lines 27-29
handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1"
if [ -f /etc/iiab/openvpn_handle ]; then
handle2=$(cat /etc/iiab/openvpn_handle)
echo -e "/etc/iiab/openvpn_handle for openvpn daemon: $handle2\n"
else
echo -e "/etc/iiab/openvpn_handle for openvpn daemon: [FILE DOESN'T YET EXIST]\n"
fi
echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m "
read ans < /dev/tty
#if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then
# -v (below) checks if var's defined: equivalent to file existence test above
if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then
if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml
else
echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml
fi
# BEHAVIOR JUST LIKE ANSIBLE'S: create /etc/iiab/openvpn_handle from the
# "^openvpn_handle:" line in /etc/iiab/local_vars.yml by (1) removing outer
# spacing IF NEC, then (2) removing 1 pair of matching outer quotes IF NEC.
ans=$(echo $ans | sed -e "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
echo $ans > /etc/iiab/openvpn_handle
echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n"
elif [ "$handle1" != "$handle2" ]; then # Sloppily, but conveniently here,
# bash treats "$handle2" as "" when var undefined, catching all conflicts!
echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m"
echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n"
exit 1
else
echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n"
fi
if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then
echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
else
echo -e "Please wait a few minutes as IIAB Stage 1 (1-prep) & OpenVPN are installed...\n"
if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml
else
echo "openvpn_install: True" >> /etc/iiab/local_vars.yml
fi
cd /opt/iiab/iiab
./runrole 1-prep
echo
fi
echo -e "Now let's (re)enable OpenVPN...\n"
if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml
else
echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml
fi
systemctl enable openvpn
echo -e "\nNow let's restart OpenVPN..."
#systemctl start openvpn
systemctl restart openvpn
echo -en "\n "
for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -en " OpenVPN TIPS "
for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -e "\n\n 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'"
echo -e " 2. Check your OpenVPN connection: run 'ping 10.8.0.1'"
echo -e " 3. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x"
echo -e " 4. If necessary, run 'systemctl restart openvpn' which will"
echo -e " effectively run 'systemctl restart openvpn@xscenet' for you."
echo -e " 5. Sometimes waiting a minute helps -- retry steps 2 and 3 to monitor."
echo -e " 6. Read 'How can I remotely manage my Internet-in-a-Box?' at"
echo -e " http://FAQ.IIAB.IO to learn about DIY remote support alternatives"
echo -e " like ngrok, serveo, remot3.it and TeamViewer.\n"
echo -en " "
for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -en " OpenVPN TIPS "
for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs that (or more!)"
sleep 15
echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m"
cat /etc/iiab/openvpn_handle
echo -en "\e[0m"
vpnip=$(ip a | grep tun0$ | awk '{print $2}')
if [ "$vpnip" != "" ]; then
echo -e "\nYour OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n"
else
echo -e "\n \e[41m ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS \e[0m\n"
fi

2
vars/default_vars.yml
View file

@ -165,7 +165,7 @@ sshd_enabled: True
openvpn_install: True
openvpn_enabled: False
# For /etc/iiab/openvpn_handle
openvpn_handle: ""
openvpn_handle:
# cron seems necessary on CentOS:
openvpn_cron_enabled: False
# General OpenVPN settings

2
vars/local_vars_big.yml
View file

@ -88,7 +88,7 @@ js_menu_install: True
openvpn_install: True
openvpn_enabled: False
# Set /etc/iiab/openvpn_handle in advance here:
openvpn_handle: ""
openvpn_handle:
# The following seems necessary on CentOS:
# openvpn_cron_enabled: True

2
vars/local_vars_medium.yml
View file

@ -88,7 +88,7 @@ js_menu_install: True
openvpn_install: True
openvpn_enabled: False
# Set /etc/iiab/openvpn_handle in advance here:
openvpn_handle: ""
openvpn_handle:
# The following seems necessary on CentOS:
# openvpn_cron_enabled: True

2
vars/local_vars_min.yml
View file

@ -88,7 +88,7 @@ js_menu_install: True
openvpn_install: True
openvpn_enabled: False
# Set /etc/iiab/openvpn_handle in advance here:
openvpn_handle: ""
openvpn_handle:
# The following seems necessary on CentOS:
# openvpn_cron_enabled: True