From 9912711ec11019e62005d40a14d1a39fd8585792 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 17:57:44 -0400 Subject: [PATCH 1/4] ./install-support now prompts for openvpn_handle --- install-support | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/install-support b/install-support index 24785214a..dea25ddfb 100755 --- a/install-support +++ b/install-support @@ -12,7 +12,16 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml -sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" /etc/iiab/local_vars.yml +echo -en "\nWhat OpenVPN machine name do you want? " +read ans < /dev/tty +if [ "$ans" != "" ]; then + sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml + echo -e "\nYour machine's openvpn_handle will now be set... \n" +else + echo -e "\nWARNING: your machine's openvpn_handle will remain unchanged...\n" +fi + +sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml +sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local From 8635dbee7b1a268aa2e328023250d9320ac91b96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 17:59:04 -0400 Subject: [PATCH 2/4] speed up ./install-support to install OpenVPN alone --- iiab-support.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/iiab-support.yml b/iiab-support.yml index 170d0cf24..15f2500bb 100644 --- a/iiab-support.yml +++ b/iiab-support.yml @@ -1,4 +1,3 @@ ---- - hosts: all become: yes @@ -10,5 +9,5 @@ roles: - { role: 0-init, tags: ['0-init'] } #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] } - - { role: 1-prep, tags: ['1-prep'] } - #- { role: openvpn, tags: ['openvpn'] } # no longer nec, as 1-prep calls role openvpn (2018-09-19) + #- { role: 1-prep, tags: ['1-prep'] } + - { role: openvpn, tags: ['openvpn'] } From 397c71c698225801b6a48e264bd5bf07a022201e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 18:43:39 -0400 Subject: [PATCH 3/4] /usr/bin/iiab-handle is deprecated, but tightened up just in case --- roles/openvpn/templates/iiab-handle.j2 | 45 ++++++++++++++++++++------ 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index 7eb842b45..43543f08f 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -1,20 +1,45 @@ #!/bin/bash -# DEPRECATED interactive script (over)writes /etc/iiab/openvpn_handle file, identifying client to server -echo -e '\nCORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' -echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' -echo -e "Or, for a temporary solution until the next time Ansible is run," -read -p "what OpenVPN handle do you want to use? " ans +echo -e '\n\nDEPRECATED:\n' + +echo -e 'This interactive script TEMPORARILY (over)writes /etc/iiab/openvpn_handle' +echo -e 'to identifying client to server, until the next time Ansible runs.\n\n' + + +echo -e 'PLEASE USE THIS NEW METHOD INSTEAD:\n' + +echo -e 'cd /opt/iiab/iiab' +echo -e 'sudo ./install-support\n\n' + + +#echo -e 'CORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' +#echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' + +echo -e 'PLEASE NOW TYPE CTRL-C TO QUIT. Or, if you really want it temporary until the' +read -p 'next time Ansible is run, what OpenVPN handle do you want? ' ans echo -if [ "$ans" == "" ]; then - if [ -f /etc/iiab/openvpn_handle ]; then - rm -f /etc/iiab/openvpn_handle - fi -else + +if [ "$ans" != "" ]; then echo $ans > /etc/iiab/openvpn_handle + echo -e "\nYour machine's openvpn_handle is TEMPORARILY now set... \n" +else + echo -e "\nWARNING: your machine's openvpn_handle remains unchanged...\n" fi + +echo -e "Restarting OpenVPN daemon...\n\n" + +# 2019-05-09: removing /etc/iiab/openvpn_handle (or setting it to "") are both very bad practices +#if [ "$ans" == "" ]; then +# if [ -f /etc/iiab/openvpn_handle ]; then +# rm -f /etc/iiab/openvpn_handle +# fi +#else +# echo $ans > /etc/iiab/openvpn_handle +#fi + + {{ systemctl_program }} restart openvpn@xscenet # This would also work: (but would bounce all VPN connections, if others exist, causing unnec disruption if so) #{{ systemctl_program }} restart openvpn From 93b19d677a17980f1a02bf284d16d9895629e853 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 19:12:30 -0400 Subject: [PATCH 4/4] Friendlier UX, now also output your openvpn_handle & tun0 IP address --- install-support | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/install-support b/install-support index dea25ddfb..1320c25ad 100755 --- a/install-support +++ b/install-support @@ -12,16 +12,22 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -echo -en "\nWhat OpenVPN machine name do you want? " +echo -en "\n\nWhat OpenVPN machine name (openvpn_handle) do you want? " read ans < /dev/tty if [ "$ans" != "" ]; then sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml - echo -e "\nYour machine's openvpn_handle will now be set... \n" + echo -e "\nYour machine's openvpn_handle is now set, in /etc/iiab/local_vars.yml\n" else - echo -e "\nWARNING: your machine's openvpn_handle will remain unchanged...\n" + echo -e "\nWARNING: openvpn_handle remains unchanged in /etc/iiab/local_vars.yml\n" fi sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml +echo -e "Now let's (re)install and activate OpenVPN...\n" + ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local + +echo -en "\nYour OpenVPN handle is....... " +cat /etc/iiab/openvpn_handle +echo -e "\nYour OpenVPN IP address is... $(ip a | grep tun0$ | awk '{print $2}')\n\n"