From e6e3555838bfa5ee4f90992efbccbb6f04f9db87 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Thu, 19 Aug 2021 19:35:05 -0400
Subject: [PATCH] "AUGUST 2018 - AUGUST 2021" recap at top of:
 openvpn/tasks/main.yml

---
 roles/openvpn/tasks/main.yml      | 20 +++++++++++++++++++-
 roles/openvpn/templates/announcer |  2 +-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
index 14378f59e..00640891e 100644
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@@ -2,6 +2,24 @@
 # http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
 
 
+# AUGUST 2018 - AUGUST 2021
+
+# (1) openvpn_handle could no longer be left undefined OR null
+# (two different concepts in Ansible, see /opt/iiab/iiab/test.yml)
+
+# 2021-08-19 UPDATE: the /usr/bin/iiab-support command can now handle almost
+# any /etc/iiab/local_vars.yml (PR #2957) making it all much more resilient!
+
+# (2) openvpn_handle: "" (EMPTY STRING) IS HOWEVER TOLERATED -- in which case
+# the OpenVPN server instead tries to use the 1st 6 chars of /etc/iiab/uuid
+
+# (3) Finally if there's no UUID, the OpenVPN server falls back to labelling
+# that machine as generic: "client1's certificate"
+
+# SEE ALSO /etc/openvpn/scripts/announcer & /usr/bin/iiab-support from:
+# https://github.com/iiab/iiab/tree/master/roles/openvpn/templates
+
+
 # "How do i fail a task in Ansible if the variable contains a boolean value?
 # I want to perform input validation for Ansible playbooks"
 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
@@ -47,7 +65,7 @@
   - option: openvpn_enabled
     value: "{{ openvpn_enabled }}"
   - option: openvpn_handle
-    value: "{{ openvpn_handle }}"    # As of August 2018: (1) openvpn_handle could no longer be left undefined OR null (different concepts in Ansible, see /opt/iiab/iiab/tests.yml) -- (2) though an EMPTY STRING "" IS TOLERATED, in which case OpenVPN server instead tries to use 1st 6 chars of /etc/iiab/uuid -- (3) finally, if nec, OpenVPN server falls back to labelling the connection as generic: "client1's certificate" -- SEE ALSO: roles/openvpn/templates/announcer
+    value: "{{ openvpn_handle }}"
   - option: openvpn_cron_enabled
     value: "{{ openvpn_cron_enabled }}"
   - option: openvpn_server
diff --git a/roles/openvpn/templates/announcer b/roles/openvpn/templates/announcer
index a8e11d2b1..9c027cebe 100755
--- a/roles/openvpn/templates/announcer
+++ b/roles/openvpn/templates/announcer
@@ -13,7 +13,7 @@ HANDLE=${HANDLE// /_}
 # Likewise empty string is the worst case, e.g. if file doesn't exist.
 # If handle is "", OpenVPN server tries to use the 1st 6 chars of UUID
 # e.g. e1a3d4 from e1a3d4e2-2d1a-4f37-9ba0-e836d7c8e3ca
-# SEE ALSO: roles/openvpn/tasks/main.yml Line 50
+# SEE "AUGUST 2018 - AUGUST 2021" RECAP ON TOP OF: roles/openvpn/tasks/main.yml
 UUID=$(cat /etc/iiab/uuid)
 
 /usr/bin/ncat -l -k -p1705 --exec "/bin/echo HANDLE = $HANDLE|UUID = $UUID" &