From 37a4646e9031b0b9e3bc80731503a77d0853acae Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 15:10:25 -0400 Subject: [PATCH 01/22] OpenVPN warning+TIPS for those who use ./install-support --- install-support | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/install-support b/install-support index 2df198cb1..2c4d98875 100755 --- a/install-support +++ b/install-support @@ -26,8 +26,26 @@ sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.ym echo -e "Now let's (re)install and (re)start OpenVPN...\n" + ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local -echo -en "\nYour OpenVPN handle is....... " + +echo -en "\nYour OpenVPN machine name (openvpn_handle) is: " cat /etc/iiab/openvpn_handle -echo -e "\nYour OpenVPN IP address is... $(ip a | grep tun0$ | awk '{print $2}')\n\n" + +vpnip=$(ip a | grep tun0$ | awk '{print $2}') + +if [ "$vpnip" != "" ]; then + echo -e "\nYour OpenVPN IP address (which can change) is: $vpnip\n\n" +else + echo -e "\nWARNING: OpenVPN IP ADDRESS NOT FOUND!\n\n" +fi + + +echo -e "OpenVPN TIPS:\n" + +echo -e " 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'" +echo -e " 2. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" +echo -e " 3. Check your OpenVPN connection: run 'ping 10.8.0.1'" +echo -e " 4. Sometimes waiting a minute helps -- then retry steps 2 and 3" +echo -e " 5. If necessary, run 'systemctl restart openvpn@xscenet'\n\n" From d7ea019f5f0e6e550ffe27942d61610fcda9f5f6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 15:28:43 -0400 Subject: [PATCH 02/22] Mention alternatives like ngrok, serveo, remot3.it & TeamViewer --- install-support | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/install-support b/install-support index 2c4d98875..a80fc83a0 100755 --- a/install-support +++ b/install-support @@ -48,4 +48,7 @@ echo -e " 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.e echo -e " 2. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" echo -e " 3. Check your OpenVPN connection: run 'ping 10.8.0.1'" echo -e " 4. Sometimes waiting a minute helps -- then retry steps 2 and 3" -echo -e " 5. If necessary, run 'systemctl restart openvpn@xscenet'\n\n" +echo -e " 5. If necessary, run 'systemctl restart openvpn@xscenet'" +echo -e " 6. Read 'How can I remotely manage my Internet-in-a-Box?' at" +echo -e " http://FAQ.IIAB.IO to learn about alternatives like ngrok," +echo -e " serveo, remot3.it and TeamViewer\n\n" From 041bd2205634298affdb2da6421ecd2102c9cf35 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 22:22:00 -0400 Subject: [PATCH 03/22] /usr/bin/iiab-support = friendlier way to set up OpenVPN --- roles/openvpn/templates/iiab-support | 90 ++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 roles/openvpn/templates/iiab-support diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support new file mode 100644 index 000000000..a31691338 --- /dev/null +++ b/roles/openvpn/templates/iiab-support @@ -0,0 +1,90 @@ +#!/bin/bash + +handle1=$(grep "^openvpn_handle:.*" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//" | cut -d'"' -f2 | cut -d"'" -f2) +if [ -f /etc/iiab/openvpn_handle ]; then + handle2=$(cat /etc/iiab/openvpn_handle) +else + handle2= +fi +echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" +echo -e "/etc/iiab/openvpn_handle for openvpn daemon: $handle2\n" + +echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " +read ans < /dev/tty +if [ "$ans" != "" ]; then + if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then + sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml + else + echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml + fi + echo $ans > /etc/iiab/openvpn_handle + echo -e "\n\e[1mYour openvpn_handle was saved into both above files.\e[0m\n" +else + if [ "$handle1" != "$handle2" ]; then + echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" + echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n" + exit 1 + fi + echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n" +fi + +if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then + echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n" +else + echo -e "Please wait a few minutes as IIAB Stage 1 (1-prep) & OpenVPN are installed...\n" + if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then + sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml + else + echo "openvpn_install: True" >> /etc/iiab/local_vars.yml + fi + cd /opt/iiab/iiab + ./runrole 1-prep + echo +fi + +echo -e "Now let's (re)enable OpenVPN...\n" +if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then + sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml +else + echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml +fi +systemctl enable openvpn + +echo -e "\nNow let's restart OpenVPN..." +#systemctl start openvpn +systemctl restart openvpn + +echo -en "\n " +for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done +echo -en " OpenVPN TIPS " +for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done + +echo -e "\n\n 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'" +echo -e " 2. Check your OpenVPN connection: run 'ping 10.8.0.1'" +echo -e " 3. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" +echo -e " 4. If necessary, run 'systemctl restart openvpn' which will" +echo -e " effectively run 'systemctl restart openvpn@xscenet' for you." +echo -e " 5. Sometimes waiting a minute helps -- retry steps 2 and 3 to monitor." +echo -e " 6. Read 'How can I remotely manage my Internet-in-a-Box?' at" +echo -e " http://FAQ.IIAB.IO to learn about DIY remote support alternatives" +echo -e " like ngrok, serveo, remot3.it and TeamViewer.\n" + +echo -en " " +for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done +echo -en " OpenVPN TIPS " +for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done + +echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs that (or more!)" + +sleep 15 + +echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m" +cat /etc/iiab/openvpn_handle +echo -en "\e[0m" + +vpnip=$(ip a | grep tun0$ | awk '{print $2}') +if [ "$vpnip" != "" ]; then + echo -e "\nYour OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n" +else + echo -e "\n \e[41m ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS \e[0m\n" +fi From 3dad45fd5a907c197bd3415eeddaa03add90d5fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 23:25:51 -0400 Subject: [PATCH 04/22] Update iiab-handle.j2 --- roles/openvpn/templates/iiab-handle.j2 | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index d3a29e91b..157d653e5 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -1,17 +1,9 @@ #!/bin/bash +echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n" -echo -e '\n\nDEPRECATED:\n' - -echo -e 'This interactive script TEMPORARILY (over)writes /etc/iiab/openvpn_handle' -echo -e 'to identify IIAB to the upstream OpenVPN server, until Ansible next runs.\n\n' - - -echo -e 'PLEASE USE THIS NEW METHOD INSTEAD:\n' - -echo -e 'cd /opt/iiab/iiab' -echo -e 'sudo ./install-support\n\n' - +echo -e 'This older script TEMPORARILY (over)writes /etc/iiab/openvpn_handle to' +echo -e 'identify IIAB to the upstream OpenVPN server, until Ansible next runs.\n' #echo -e 'CORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' #echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' @@ -20,7 +12,6 @@ echo -e 'PLEASE NOW TYPE CTRL-C TO QUIT. Or, if you really want it temporary un read -p 'next time Ansible is run, what OpenVPN handle do you want? ' ans echo - if [ "$ans" != "" ]; then echo $ans > /etc/iiab/openvpn_handle echo -e "\nYour machine's openvpn_handle is TEMPORARILY now set... \n" @@ -28,7 +19,7 @@ else echo -e "\nWARNING: your machine's openvpn_handle remains unchanged...\n" fi -echo -e "Restarting OpenVPN daemon...\n\n" +echo -e "Restarting OpenVPN daemon...\n" # 2019-05-09: removing /etc/iiab/openvpn_handle (or setting it to "") are both very bad practices #if [ "$ans" == "" ]; then @@ -39,7 +30,6 @@ echo -e "Restarting OpenVPN daemon...\n\n" # echo $ans > /etc/iiab/openvpn_handle #fi - {{ systemctl_program }} restart openvpn@xscenet # This would also work: (but would bounce all VPN connections, if others exist, causing unnec disruption if so) #{{ systemctl_program }} restart openvpn From a2125b78435cbdafcc66e0ceaea6b9cd04ba9fdb Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 23:58:13 -0400 Subject: [PATCH 05/22] Encourage use of /usr/bin/iiab-support instead of ./install-support --- install-support | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/install-support b/install-support index a80fc83a0..7c45fa219 100755 --- a/install-support +++ b/install-support @@ -1,5 +1,13 @@ #!/bin/bash +echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n" + +read -p "Continue? [y/N] " ans +if [ "$ans" != "y" ]; then + echo + exit +fi + PLAYBOOK="iiab-support.yml" INVENTORY="ansible_hosts" CWD=`pwd` @@ -12,43 +20,7 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -echo -en "\n\nWhat OpenVPN machine name (openvpn_handle) do you want? " -read ans < /dev/tty -if [ "$ans" != "" ]; then - sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml - echo -e "\nYour machine's openvpn_handle is now set, in /etc/iiab/local_vars.yml\n" -else - echo -e "\nWARNING: openvpn_handle remains unchanged in /etc/iiab/local_vars.yml\n" -fi - sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml -echo -e "Now let's (re)install and (re)start OpenVPN...\n" - - ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local - - -echo -en "\nYour OpenVPN machine name (openvpn_handle) is: " -cat /etc/iiab/openvpn_handle - -vpnip=$(ip a | grep tun0$ | awk '{print $2}') - -if [ "$vpnip" != "" ]; then - echo -e "\nYour OpenVPN IP address (which can change) is: $vpnip\n\n" -else - echo -e "\nWARNING: OpenVPN IP ADDRESS NOT FOUND!\n\n" -fi - - -echo -e "OpenVPN TIPS:\n" - -echo -e " 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'" -echo -e " 2. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" -echo -e " 3. Check your OpenVPN connection: run 'ping 10.8.0.1'" -echo -e " 4. Sometimes waiting a minute helps -- then retry steps 2 and 3" -echo -e " 5. If necessary, run 'systemctl restart openvpn@xscenet'" -echo -e " 6. Read 'How can I remotely manage my Internet-in-a-Box?' at" -echo -e " http://FAQ.IIAB.IO to learn about alternatives like ngrok," -echo -e " serveo, remot3.it and TeamViewer\n\n" From c58eef04b34ec0ed7d781f2830176d659fd7d572 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:01:16 -0400 Subject: [PATCH 06/22] openvpn_handle: "" -> openvpn_handle: --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a9edac146..1a1d150ca 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -165,7 +165,7 @@ sshd_enabled: True openvpn_install: True openvpn_enabled: False # For /etc/iiab/openvpn_handle -openvpn_handle: "" +openvpn_handle: # cron seems necessary on CentOS: openvpn_cron_enabled: False # General OpenVPN settings From c4791c37b7d89418d9ac5fb2d1174da3c45bea80 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:02:18 -0400 Subject: [PATCH 07/22] openvpn_handle: "" -> openvpn_handle: --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 66384a974..05f0b0ce6 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -88,7 +88,7 @@ js_menu_install: True openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +openvpn_handle: # The following seems necessary on CentOS: # openvpn_cron_enabled: True From b5c0ca470c9dc624e20e86bd63f6edb48a581d96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:02:38 -0400 Subject: [PATCH 08/22] openvpn_handle: "" -> openvpn_handle: --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 42ce9030d..ee49de897 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -88,7 +88,7 @@ js_menu_install: True openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +openvpn_handle: # The following seems necessary on CentOS: # openvpn_cron_enabled: True From d49da390ee04d6b6c1da810759b647b2aa1ae946 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:02:56 -0400 Subject: [PATCH 09/22] openvpn_handle: "" -> openvpn_handle: --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 016feb675..844dfb909 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -88,7 +88,7 @@ js_menu_install: True openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +openvpn_handle: # The following seems necessary on CentOS: # openvpn_cron_enabled: True From e29fe7828f0ce11ef4b04d2dab4a6ff416f10769 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:13:15 -0400 Subject: [PATCH 10/22] Restore legacy mode (all of 1-prep) for deprecated command ./install-support --- iiab-support.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/iiab-support.yml b/iiab-support.yml index 15f2500bb..b7a9faf75 100644 --- a/iiab-support.yml +++ b/iiab-support.yml @@ -9,5 +9,6 @@ roles: - { role: 0-init, tags: ['0-init'] } #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] } - #- { role: 1-prep, tags: ['1-prep'] } - - { role: openvpn, tags: ['openvpn'] } + - { role: 1-prep, tags: ['1-prep'] } + #- { role: openvpn, tags: ['openvpn'] } # FASTER ALTERNATIVE THAN 1-prep (if 1-prep was already run!) + # BETTER YET, SEE: /usr/bin/iiab-support for a much friendlier UX, that only runs 1-prep when necessary. From dda10ca31201f11099659b3b7da182d6bdc6c6ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:29:15 -0400 Subject: [PATCH 11/22] Encourage use of /usr/bin/iiab-support --- roles/openvpn/templates/iiab-remote-on.j2 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/openvpn/templates/iiab-remote-on.j2 index 8771cb94f..d9702ef8e 100644 --- a/roles/openvpn/templates/iiab-remote-on.j2 +++ b/roles/openvpn/templates/iiab-remote-on.j2 @@ -3,11 +3,14 @@ # /usr/bin/iiab-remote-on should turn on multiple remote support services like # OpenVPN and others, for remote support, so they work even after reboot. -echo -e '\nWARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n' +echo -e "\n\n\e[44m CONSIDER RUNNING 'iiab-support' INSTEAD \e[0m\n\n" + +echo -e 'WARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n' echo -e '1) Set these variables in /etc/local/local_vars.yml' echo -e ' openvpn_install: True' -echo -e ' openvpn_enabled: True\n' +echo -e ' openvpn_enabled: True' +echo -e ' openvpn_handle: \n' echo -e '2) Run:' echo -e ' cd /opt/iiab/iiab' From 34539a64f7e23165a4ce8f9697c5c28b24614d07 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:37:43 -0400 Subject: [PATCH 12/22] Put /usr/bin/iiab-support & symlinks into place --- roles/openvpn/tasks/main.yml | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 6d6b51e6e..70e943bbe 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -72,9 +72,10 @@ - { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } + - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } + - { src: 'iiab-support', dest: '/usr/bin/iiab-support', mode: '0755' } - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } - - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } # Comment out in future? Not recommended as of August 2018: - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } # Obsolete & unused for ~2 years as of August 2018: @@ -86,6 +87,18 @@ # Obsolete & unused for ~2 years as of August 2018: #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } +- name: Create iiab-support-on (symlink to iiab-support for now) + file: + src: /usr/bin/iiab-support + path: /usr/bin/iiab-support-on + state: link + +- name: Create iiab-support-off (symlink to iiab-remote-off for now) + file: + src: /usr/bin/iiab-remote-off + path: /usr/bin/iiab-support-off + state: link + - name: Create iiab-vpn-on (symlink to iiab-remote-on for now) file: src: /usr/bin/iiab-remote-on @@ -106,15 +119,14 @@ # dest: /usr/lib/iiab/up_wan # when: is_debuntu -# Comment out in future? Contained serious bug (15-openvpn called -# up-wan instead of up_wan in /usr/lib/iiab/ as of August 2018) so -# evidently unused for ~2 years: -- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet) - template: - src: 15-openvpn - dest: /etc/NetworkManager/dispatcher.d/ - #when: not is_debuntu # CONDITION APPEARS TOO BROAD - when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?) +# Contained serious bug (15-openvpn called up-wan instead of up_wan in +# /usr/lib/iiab/ as of August 2018) so evidently unused for ~2 years: +#- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet) +# template: +# src: 15-openvpn +# dest: /etc/NetworkManager/dispatcher.d/ +# #when: not is_debuntu # CONDITION APPEARS TOO BROAD +# when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?) # Was obsolete/unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf) #- name: Check for manually configured OpenVPN tunnel From 59a4df170f5455594fb0fc7c133f156d4377fbab Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 01:06:53 -0400 Subject: [PATCH 13/22] 1-prep: tidying for Debian 10 Buster release (soon) --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index e518689c4..635112ac0 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -100,7 +100,7 @@ # https://wiki.debian.org/AppArmor/HowToUse # https://packages.debian.org/buster/apparmor # Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10 -# pre-releases, during @floydianslips' March 2019 testing anyway! +# pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387 - name: Disable AppArmor -- override OS default (ubuntu) service: name: apparmor From e36635322d1f36e2e44a94de11949fd44d707c21 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 01:11:47 -0400 Subject: [PATCH 14/22] iiab-support.yml -> install-support.yml --- install-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-support b/install-support index 7c45fa219..aad78fe93 100755 --- a/install-support +++ b/install-support @@ -8,7 +8,7 @@ if [ "$ans" != "y" ]; then exit fi -PLAYBOOK="iiab-support.yml" +PLAYBOOK="install-support.yml" INVENTORY="ansible_hosts" CWD=`pwd` From fdda1958238246ca873c4e19181b09ad776d6670 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 01:12:15 -0400 Subject: [PATCH 15/22] Rename iiab-support.yml to install-support.yml --- iiab-support.yml => install-support.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename iiab-support.yml => install-support.yml (100%) diff --git a/iiab-support.yml b/install-support.yml similarity index 100% rename from iiab-support.yml rename to install-support.yml From 320136cc69e467533bbc0e15f1cf4264d2ca9ff0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 02:55:44 -0400 Subject: [PATCH 16/22] /usr/bin/iiab-support: handle missing file /etc/iiab/openvpn_handle --- roles/openvpn/templates/iiab-support | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index a31691338..68763083f 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -1,24 +1,24 @@ #!/bin/bash -handle1=$(grep "^openvpn_handle:.*" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//" | cut -d'"' -f2 | cut -d"'" -f2) +handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//" | cut -d'"' -f2 | cut -d"'" -f2) +echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then handle2=$(cat /etc/iiab/openvpn_handle) + echo -e "/etc/iiab/openvpn_handle for openvpn daemon: $handle2\n" else - handle2= + echo -e "/etc/iiab/openvpn_handle for openvpn daemon: [FILE DOESN'T YET EXIST]\n" fi -echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" -echo -e "/etc/iiab/openvpn_handle for openvpn daemon: $handle2\n" echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty -if [ "$ans" != "" ]; then +if [ "$ans" != "" ] || [ ! -v handle2 ]; then if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml else echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml fi echo $ans > /etc/iiab/openvpn_handle - echo -e "\n\e[1mYour openvpn_handle was saved into both above files.\e[0m\n" + echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" else if [ "$handle1" != "$handle2" ]; then echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" From 52900ba3308f398af0f497582d1a2badbe71e683 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 04:05:57 -0400 Subject: [PATCH 17/22] Mandate existence of /etc/iiab/openvpn_handle --- roles/openvpn/templates/iiab-support | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 68763083f..61c7f1593 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -11,16 +11,18 @@ fi echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty -if [ "$ans" != "" ] || [ ! -v handle2 ]; then + +#if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then +if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # equivalent to above if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then - sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml + sed -i "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml else echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml fi echo $ans > /etc/iiab/openvpn_handle echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" else - if [ "$handle1" != "$handle2" ]; then + if [ "$handle1" != "$handle2" ]; then # sloppily (but conveniently here) bash treats "$handle2" as "" when var's not defined! echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n" exit 1 @@ -33,7 +35,7 @@ if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then else echo -e "Please wait a few minutes as IIAB Stage 1 (1-prep) & OpenVPN are installed...\n" if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then - sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml + sed -i "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml else echo "openvpn_install: True" >> /etc/iiab/local_vars.yml fi @@ -44,7 +46,7 @@ fi echo -e "Now let's (re)enable OpenVPN...\n" if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then - sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml + sed -i "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml else echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml fi From 3afc93b5ae94a29df28ee4905d16346f74247852 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 06:00:46 -0400 Subject: [PATCH 18/22] bash speed matching the regex behavior of Ansible --- roles/openvpn/templates/iiab-support | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 61c7f1593..868f30ac6 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -1,6 +1,6 @@ #!/bin/bash -handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//" | cut -d'"' -f2 | cut -d"'" -f2) +handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed "s/^openvpn_handle:\s*\(['\"]\)\(.*\)\1\s*$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then handle2=$(cat /etc/iiab/openvpn_handle) @@ -11,6 +11,7 @@ fi echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty +ans=$(echo $ans | sed "s/^\s*\(['\"]\)\(.*\)\1\s*$/\2/") #if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # equivalent to above From b39ecacde29cbccb1df416d2a39d7bb961b622e8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 06:55:50 -0400 Subject: [PATCH 19/22] Properly emulate ./runrole openvpn + comment code --- roles/openvpn/templates/iiab-support | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 868f30ac6..037d08afb 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -1,5 +1,8 @@ #!/bin/bash +# openvpn_handle is stored in 2 files on disk, one slightly stripped down (from +# the other) due to Ansible. So we emulate Ansible's behavior, when reading from +# (and later writing to) disk, removing outer cruft as explained on Lines 28-30 handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed "s/^openvpn_handle:\s*\(['\"]\)\(.*\)\1\s*$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then @@ -11,23 +14,28 @@ fi echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty -ans=$(echo $ans | sed "s/^\s*\(['\"]\)\(.*\)\1\s*$/\2/") #if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then -if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # equivalent to above +# -v (below) checks if var's defined: equivalent to file existence test above +if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then sed -i "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml else echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml fi + + # BEHAVIOR JUST LIKE ANSIBLE'S: create /etc/iiab/openvpn_handle from the + # "^openvpn_handle:" line in /etc/iiab/local_vars.yml by (1) removing outer + # spacing IF NEC, then (2) removing 1 pair of matching outer quotes IF NEC. + ans=$(echo $ans | sed "s/^\s*\(['\"]\)\(.*\)\1\s*$/\2/") echo $ans > /etc/iiab/openvpn_handle echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" +elif [ "$handle1" != "$handle2" ]; then # Sloppily, but conveniently here, + # bash treats "$handle2" as "" when var undefined, catching all conflicts! + echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" + echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n" + exit 1 else - if [ "$handle1" != "$handle2" ]; then # sloppily (but conveniently here) bash treats "$handle2" as "" when var's not defined! - echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" - echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n" - exit 1 - fi echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n" fi From 53c3c0e3d110290cd4a88485e2a9937bacf63dd4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 07:29:58 -0400 Subject: [PATCH 20/22] Revert regex over-optimization --- roles/openvpn/templates/iiab-support | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 037d08afb..91715e599 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -3,7 +3,7 @@ # openvpn_handle is stored in 2 files on disk, one slightly stripped down (from # the other) due to Ansible. So we emulate Ansible's behavior, when reading from # (and later writing to) disk, removing outer cruft as explained on Lines 28-30 -handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed "s/^openvpn_handle:\s*\(['\"]\)\(.*\)\1\s*$/\2/") +handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then handle2=$(cat /etc/iiab/openvpn_handle) @@ -27,7 +27,7 @@ if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # BEHAVIOR JUST LIKE ANSIBLE'S: create /etc/iiab/openvpn_handle from the # "^openvpn_handle:" line in /etc/iiab/local_vars.yml by (1) removing outer # spacing IF NEC, then (2) removing 1 pair of matching outer quotes IF NEC. - ans=$(echo $ans | sed "s/^\s*\(['\"]\)\(.*\)\1\s*$/\2/") + ans=$(echo $ans | sed -e "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") echo $ans > /etc/iiab/openvpn_handle echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" elif [ "$handle1" != "$handle2" ]; then # Sloppily, but conveniently here, From 4d0a49f5d4a9241ef9f8a0210a84dc66cbe8df41 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 07:50:10 -0400 Subject: [PATCH 21/22] Comment cleanup --- roles/openvpn/templates/iiab-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 91715e599..35a5ae4f9 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -2,7 +2,7 @@ # openvpn_handle is stored in 2 files on disk, one slightly stripped down (from # the other) due to Ansible. So we emulate Ansible's behavior, when reading from -# (and later writing to) disk, removing outer cruft as explained on Lines 28-30 +# (and later writing to) disk, removing outer cruft as explained on Lines 27-29 handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then From 91f0ba8ab03541e5e2a35c8a12bbff565c952645 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 21:43:51 -0400 Subject: [PATCH 22/22] Update main.yml --- roles/nextcloud/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index c3b2ed683..d2ff224ec 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -11,7 +11,7 @@ nextcloud_url: /nextcloud nextcloud_prefix: /opt nextcloud_data_dir: "{{ content_base }}/nextcloud/data" nextcloud_dl_url: https://download.nextcloud.com/server/releases -nextcloud_orig_src_file: latest-15.tar.bz2 # 2019-04-25: nextcloud-16.0.0.tar.bz2 requires PHP 7.1+ and so fails on current Raspbian and Debian 9 "Stretch". 2019-09-27 aside: latest-16.tar.bz2 oddly still not yet published at https://download.nextcloud.com/server/releases/ +nextcloud_orig_src_file: latest-15.tar.bz2 # 2019-04-24: nextcloud-16.0.0.tar.bz2 requires PHP 7.1+ and so fails on current Raspbian 9 and Debian 9 "Stretch". 2019-05-11: latest-16.tar.bz2 finally published to https://download.nextcloud.com/server/releases/ (nextcloud/server#15502) e.g. for Ubuntu 18.04+ nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} # we install on mysql with these setting or those from default_vars, etc.