external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

"AUGUST 2018 - AUGUST 2021" recap at top of: openvpn/tasks/main.yml

Browse source
This commit is contained in:
root 2021-08-19 19:35:05 -04:00
parent d58b0a7c17
commit e6e3555838
2 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

20
roles/openvpn/tasks/main.yml
View file

@ -2,6 +2,24 @@
# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?" # http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
# AUGUST 2018 - AUGUST 2021
# (1) openvpn_handle could no longer be left undefined OR null
# (two different concepts in Ansible, see /opt/iiab/iiab/test.yml)
# 2021-08-19 UPDATE: the /usr/bin/iiab-support command can now handle almost
# any /etc/iiab/local_vars.yml (PR #2957) making it all much more resilient!
# (2) openvpn_handle: "" (EMPTY STRING) IS HOWEVER TOLERATED -- in which case
# the OpenVPN server instead tries to use the 1st 6 chars of /etc/iiab/uuid
# (3) Finally if there's no UUID, the OpenVPN server falls back to labelling
# that machine as generic: "client1's certificate"
# SEE ALSO /etc/openvpn/scripts/announcer & /usr/bin/iiab-support from:
# https://github.com/iiab/iiab/tree/master/roles/openvpn/templates
# "How do i fail a task in Ansible if the variable contains a boolean value? # "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks" # I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
@ -47,7 +65,7 @@
- option: openvpn_enabled - option: openvpn_enabled
value: "{{ openvpn_enabled }}" value: "{{ openvpn_enabled }}"
- option: openvpn_handle - option: openvpn_handle
value: "{{ openvpn_handle }}" # As of August 2018: (1) openvpn_handle could no longer be left undefined OR null (different concepts in Ansible, see /opt/iiab/iiab/tests.yml) -- (2) though an EMPTY STRING "" IS TOLERATED, in which case OpenVPN server instead tries to use 1st 6 chars of /etc/iiab/uuid -- (3) finally, if nec, OpenVPN server falls back to labelling the connection as generic: "client1's certificate" -- SEE ALSO: roles/openvpn/templates/announcer value: "{{ openvpn_handle }}"
- option: openvpn_cron_enabled - option: openvpn_cron_enabled
value: "{{ openvpn_cron_enabled }}" value: "{{ openvpn_cron_enabled }}"
- option: openvpn_server - option: openvpn_server

2
roles/openvpn/templates/announcer
View file

@ -13,7 +13,7 @@ HANDLE=${HANDLE// /_}
# Likewise empty string is the worst case, e.g. if file doesn't exist. # Likewise empty string is the worst case, e.g. if file doesn't exist.
# If handle is "", OpenVPN server tries to use the 1st 6 chars of UUID # If handle is "", OpenVPN server tries to use the 1st 6 chars of UUID
# e.g. e1a3d4 from e1a3d4e2-2d1a-4f37-9ba0-e836d7c8e3ca # e.g. e1a3d4 from e1a3d4e2-2d1a-4f37-9ba0-e836d7c8e3ca
# SEE ALSO: roles/openvpn/tasks/main.yml Line 50 # SEE "AUGUST 2018 - AUGUST 2021" RECAP ON TOP OF: roles/openvpn/tasks/main.yml
UUID=$(cat /etc/iiab/uuid) UUID=$(cat /etc/iiab/uuid)
/usr/bin/ncat -l -k -p1705 --exec "/bin/echo HANDLE = $HANDLE|UUID = $UUID" & /usr/bin/ncat -l -k -p1705 --exec "/bin/echo HANDLE = $HANDLE|UUID = $UUID" &