From 24d074aeff5475da879afa54ff2ff5080c6a11ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 13:55:56 -0400 Subject: [PATCH 01/47] Update main.yml --- roles/openvpn/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index cb72b0a00..635469873 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -1,7 +1,9 @@ openvpn_install: True openvpn_enable: False -openvpn_handle: UNNAMED +# For /etc/iiab/openvpn_handle +#openvpn_handle: UNNAMED + # cron seems necessary on CentOS: openvpn_cron_enabled: False From 61fb51eba0756fe697d9f27258328ed6939f327a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:03:34 -0400 Subject: [PATCH 02/47] Update main.yml --- roles/openvpn/tasks/main.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 0b265238e..cbc1d5d58 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -24,7 +24,7 @@ group: root mode: 0755 -- name: Create a folder for iiab executable not on path +- name: Create folder /usr/lib/iiab (not on path) for iiab executables start & up_wan file: path: /usr/lib/iiab state: directory @@ -60,6 +60,7 @@ group: root mode: 0644 backup: yes + when: openvpn_handle is defined - name: Put up_wan in place (debuntu) template: @@ -159,8 +160,9 @@ value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" - - option: handle - value: "{{ openvpn_handle }}" +# Uncomment *if* openvpn_handle variable later becomes mandatory +# - option: handle +# value: "{{ openvpn_handle }}" - option: cron_enabled value: "{{ openvpn_cron_enabled }}" - option: server From 581282dcf65ddbc75532843d20ffdce4cb847cea Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:12:37 -0400 Subject: [PATCH 03/47] Update main.yml --- roles/openvpn/tasks/main.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index cbc1d5d58..760143704 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -48,7 +48,8 @@ - { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } - - { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } + # Appears no longer used (August 2018) + #- { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } @@ -62,11 +63,12 @@ backup: yes when: openvpn_handle is defined -- name: Put up_wan in place (debuntu) - template: - src: up_wan - dest: /usr/lib/iiab/up_wan - when: is_debuntu +# Was being installed twice (also above) +#- name: Put up_wan in place (debuntu) +# template: +# src: up_wan +# dest: /usr/lib/iiab/up_wan +# when: is_debuntu - name: Put dispatcher up for NM (not debuntu) template: From 01c82fdfceec18aeaab59c2b66c1f4f80f82e33b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:14:11 -0400 Subject: [PATCH 04/47] Update and rename start.j2 to start.j2.deprecated --- roles/openvpn/templates/start.j2 | 27 --------------------- roles/openvpn/templates/start.j2.deprecated | 27 +++++++++++++++++++++ 2 files changed, 27 insertions(+), 27 deletions(-) delete mode 100644 roles/openvpn/templates/start.j2 create mode 100644 roles/openvpn/templates/start.j2.deprecated diff --git a/roles/openvpn/templates/start.j2 b/roles/openvpn/templates/start.j2 deleted file mode 100644 index 373927f51..000000000 --- a/roles/openvpn/templates/start.j2 +++ /dev/null @@ -1,27 +0,0 @@ -$!/bin/bash -$ start the openvpn tunnel if the service is enabled - -enabled={{ openvpn_enabled }} -VPNIP-{{ openvpn_server_port }} - -if [ "$enabled" = 'True' ]; then - # make sure the wan is functioning - # 8.8.8.8 is one of google's dns servers - ping -c 3 -i 3 8.8.8.8 - if [ $? -ne 0 ]; then - #echo "internet is not available, tunnel not possible" - exit 1 - fi - - # check the vpn tunnel - ping -c 5 -i 5 "$VPNIP" - # a zero return means the tunnel is up - if [ $? -eq 0 ]; then - exit 0 - else - killall openvpn - sleep 10 - #echo "Starting openvpn and waiting 10 seconds for daemon to become ready" - systemctl start openvpn@xscenet - fi -fi diff --git a/roles/openvpn/templates/start.j2.deprecated b/roles/openvpn/templates/start.j2.deprecated new file mode 100644 index 000000000..400c1feb5 --- /dev/null +++ b/roles/openvpn/templates/start.j2.deprecated @@ -0,0 +1,27 @@ +$!/bin/bash +$ start the openvpn tunnel if the service is enabled + +enabled={{ openvpn_enabled }} +VPNIP={{ openvpn_server_port }} + +if [ "$enabled" = 'True' ]; then + # make sure the wan is functioning + # 8.8.8.8 is one of google's dns servers + ping -c 3 -i 3 8.8.8.8 + if [ $? -ne 0 ]; then + #echo "internet is not available, tunnel not possible" + exit 1 + fi + + # check the vpn tunnel + ping -c 5 -i 5 "$VPNIP" + # a zero return means the tunnel is up + if [ $? -eq 0 ]; then + exit 0 + else + killall openvpn + sleep 10 + #echo "Starting openvpn and waiting 10 seconds for daemon to become ready" + systemctl start openvpn@xscenet + fi +fi From 6b67d9e35fccc271492e116f96d28ac44f5e47b0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:15:19 -0400 Subject: [PATCH 05/47] Update up_wan --- roles/openvpn/templates/up_wan | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/templates/up_wan b/roles/openvpn/templates/up_wan index 4a392b2d6..bf344146e 100755 --- a/roles/openvpn/templates/up_wan +++ b/roles/openvpn/templates/up_wan @@ -2,8 +2,8 @@ # if the wan has recently come up, see if we need to start openvpn systemctl is-enabled openvpn if [ $? -eq 0 ]; then - pgrep openvpn - if [ $? -ne 0 ]; then - systemctl start openvpn@xscenet - fi + pgrep openvpn + if [ $? -ne 0 ]; then + systemctl start openvpn@xscenet + fi fi From 609ed5b109141d9102ccf33029a571ed9725ee75 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:20:11 -0400 Subject: [PATCH 06/47] Update announcer.j2 --- roles/openvpn/templates/announcer.j2 | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index 8580112f9..8b4abaf96 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -4,17 +4,19 @@ HANDLE= UUID= if [ -f /etc/iiab/openvpn_handle ]; then - # Option #0: Might source directly from /etc/iiab/local_vars.yml in future + # Option #0: Source directly from /etc/iiab/local_vars.yml in future? # Option #1 HANDLE=`cat /etc/iiab/openvpn_handle` -else - # Option #2: Dangerous to invoke hypothetical variables :( - source /etc/iiab/iiab.env - # Option #3: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from /etc/iiab/iiab.ini, but safer now that relegated to #3 ? - if [ -z "$HANDLE" ]; then - HANDLE=`cat /etc/iiab/iiab.ini | gawk \ - '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` - fi + # Option #2: UUID is later used, if openvpn_handle is not set +# Sourcing a variable from ~4 different places is a recipe for total confusion (or worse!) +#else +# # Option #3: Dangerous to invoke hypothetical variables :( +# source /etc/iiab/iiab.env +# # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from /etc/iiab/iiab.ini, but safer now that relegated to #4 ? +# if [ -z "$HANDLE" ]; then +# HANDLE=`cat /etc/iiab/iiab.ini | gawk \ +# '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` +# fi fi HANDLE=${HANDLE// /_} if [ -f /etc/iiab/uuid ]; then From dec52f6af348dc76df99c9d9c66d6e07e7d01a92 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:22:20 -0400 Subject: [PATCH 07/47] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 772f23096..09b96c871 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -190,7 +190,7 @@ openvpn_install: True openvpn_enabled: False # For /etc/iiab/openvpn_handle -openvpn_handle: UNNAMED +#openvpn_handle: UNNAMED # cron seems necessary on CentOS: openvpn_cron_enabled: False From ef845ea51e8862e138bed81fddf8920db19e0705 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:23:42 -0400 Subject: [PATCH 08/47] Update local_vars_min.yml --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 80d71a43a..629b68f00 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: UNNAMED +# openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True From d3c5b2040607a1c5f934ec0cd8b717d5f1ca62a1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:24:05 -0400 Subject: [PATCH 09/47] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 09b96c871..abcbfe102 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -190,7 +190,7 @@ openvpn_install: True openvpn_enabled: False # For /etc/iiab/openvpn_handle -#openvpn_handle: UNNAMED +# openvpn_handle: UNNAMED # cron seems necessary on CentOS: openvpn_cron_enabled: False From 35110300fee4562520cae154df3c4368652dda1c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:24:18 -0400 Subject: [PATCH 10/47] Update main.yml --- roles/openvpn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index 635469873..b30968ae1 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -2,7 +2,7 @@ openvpn_install: True openvpn_enable: False # For /etc/iiab/openvpn_handle -#openvpn_handle: UNNAMED +# openvpn_handle: UNNAMED # cron seems necessary on CentOS: openvpn_cron_enabled: False From c193b491111e661071b4c4b79383d27c8848d012 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:24:42 -0400 Subject: [PATCH 11/47] Update local_vars_min_vpn.yml --- vars/local_vars_min_vpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min_vpn.yml b/vars/local_vars_min_vpn.yml index 93c19e580..c48fc2a28 100644 --- a/vars/local_vars_min_vpn.yml +++ b/vars/local_vars_min_vpn.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: True # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: UNNAMED +# openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 4d72c31310ba481887ef29517b2a3b6947f3c086 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:24:59 -0400 Subject: [PATCH 12/47] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index cfa727c5d..1416b297c 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: UNNAMED +# openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 89c92d6dca9f56528a70e0ec5116bc869cfe69a9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:25:14 -0400 Subject: [PATCH 13/47] Update local_vars_medium_vpn.yml --- vars/local_vars_medium_vpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium_vpn.yml b/vars/local_vars_medium_vpn.yml index 9a670735d..9c9c5a4bc 100644 --- a/vars/local_vars_medium_vpn.yml +++ b/vars/local_vars_medium_vpn.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: True # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: UNNAMED +# openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True From cd7d969c5581da625203674c024d69be89ddf7d5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:25:30 -0400 Subject: [PATCH 14/47] Update local_vars_big.yml --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index dc32d67d0..a70619bb5 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: UNNAMED +# openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 8ed8d8110ac436e8fb1c6e53e721ba7aaf3b9f31 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:25:48 -0400 Subject: [PATCH 15/47] Update local_vars_big_vpn.yml --- vars/local_vars_big_vpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big_vpn.yml b/vars/local_vars_big_vpn.yml index 32c7d1482..bf3fdfeb2 100644 --- a/vars/local_vars_big_vpn.yml +++ b/vars/local_vars_big_vpn.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: True # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: UNNAMED +# openvpn_handle: UNNAMED # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 8c1d9951bad0f2bf2e94b2e68bd323d128252cda Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:28:09 -0400 Subject: [PATCH 16/47] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 760143704..d6a2879a6 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -24,7 +24,7 @@ group: root mode: 0755 -- name: Create folder /usr/lib/iiab (not on path) for iiab executables start & up_wan +- name: Create folder /usr/lib/iiab (not on path) for iiab executable up_wan file: path: /usr/lib/iiab state: directory From 1ede0526203e2fad6bc21ce7547997cde5b1a228 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:43:57 -0400 Subject: [PATCH 17/47] up-wan -> up_wan (hasn't run in years!) --- roles/openvpn/templates/15-openvpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/15-openvpn b/roles/openvpn/templates/15-openvpn index e34e63133..77e11591b 100755 --- a/roles/openvpn/templates/15-openvpn +++ b/roles/openvpn/templates/15-openvpn @@ -13,7 +13,7 @@ if [ "$2" = "up" ]; then sleep 2 /sbin/ip route list dev "$1" | grep -q '^default' && # restart the services - systemctl -q is-enabled openvpn@xscenet.service && /usr/lib/iiab/up-wan + systemctl -q is-enabled openvpn@xscenet.service && /usr/lib/iiab/up_wan fi # we added this to prevent logs from filling with openvpn errors From bc517cc3a15b7ea4816daace2cd7b7bc9bfa2dae Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:52:40 -0400 Subject: [PATCH 18/47] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index d6a2879a6..3a54dea5b 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -24,6 +24,7 @@ group: root mode: 0755 +# Comment out in future? Unused for ~2 years as of August 2018: - name: Create folder /usr/lib/iiab (not on path) for iiab executable up_wan file: path: /usr/lib/iiab @@ -47,8 +48,9 @@ - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } - { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } + # Comment out in future? Unused for ~2 years as of August 2018: - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } - # Appears no longer used (August 2018) + # Unused for ~2 years as of August 2018: #- { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } @@ -70,12 +72,14 @@ # dest: /usr/lib/iiab/up_wan # when: is_debuntu +# Comment out in future? Contained very serious bug & unused for ~2 years as of August 2018: - name: Put dispatcher up for NM (not debuntu) template: src: 15-openvpn dest: /etc/NetworkManager/dispatcher.d/ when: not is_debuntu +# Comment out in future? Unused for ~2 years as of August 2018: - name: Check for manually configured OpenVPN tunnel stat: path: /etc/openvpn/iiab-vpn.conf From bf57c10709a4c5599e0d19a242b13007c00e3946 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 14:57:15 -0400 Subject: [PATCH 19/47] Update main.yml --- roles/openvpn/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 3a54dea5b..60a62fd33 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -72,7 +72,9 @@ # dest: /usr/lib/iiab/up_wan # when: is_debuntu -# Comment out in future? Contained very serious bug & unused for ~2 years as of August 2018: +# Comment out in future? Contained serious bug (15-openvpn called +# up-wan instead of up_wan in /usr/lib/iiab/) so evidently unused +# for ~2 years, as of Aug 2018: - name: Put dispatcher up for NM (not debuntu) template: src: 15-openvpn From 902131ccd49f62c220b5d0b2828ad0b7bbed2545 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:27:46 -0400 Subject: [PATCH 20/47] Update iiab-handle.j2 --- roles/openvpn/templates/iiab-handle.j2 | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index 41009b0c4..b31bc55a8 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -1,13 +1,15 @@ #!/bin/bash -# script to write a handle file that identifies the openvpn client to server -echo -echo -read -p "what identifying handle would you like to use? " ans +# Interactive script writes openvpn_handle file, to identify client to server + +echo -e '\n\nPLEASE INSTEAD CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' +echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' + +read -p "Or, for a temporary solution until the next time Ansible is run, what OpenVPN handle do you want to use? " ans if [ "$ans" == "" ]; then - if [ -f /etc/iiab/openvpn_handle ]; then - rm -f /etc/iiab/openvpn_handle - fi + if [ -f /etc/iiab/openvpn_handle ]; then + rm -f /etc/iiab/openvpn_handle + fi else - echo $ans > /etc/iiab/openvpn_handle + echo $ans > /etc/iiab/openvpn_handle fi {{ systemctl_program }} restart openvpn@xscenet From afa51daaee26aa4729d1fc6103c8304b44c0ede9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:33:02 -0400 Subject: [PATCH 21/47] Update iiab-handle.j2 --- roles/openvpn/templates/iiab-handle.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index b31bc55a8..f967663e3 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -1,7 +1,7 @@ #!/bin/bash -# Interactive script writes openvpn_handle file, to identify client to server +# Interactive script (over)writes /etc/iiab/openvpn_handle file, identifying client to server -echo -e '\n\nPLEASE INSTEAD CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' +echo -e '\n\nCORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' read -p "Or, for a temporary solution until the next time Ansible is run, what OpenVPN handle do you want to use? " ans From bc6b4e451b4df4025be32150311559d27a94dfb4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:38:08 -0400 Subject: [PATCH 22/47] Update main.yml --- roles/openvpn/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 60a62fd33..cd3716252 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -65,7 +65,8 @@ backup: yes when: openvpn_handle is defined -# Was being installed twice (also above) +# Comment out in future? up_wan was being installed twice (also above) and +# was unused for ~2 years as of August 2018: (see 15-openvpn below) #- name: Put up_wan in place (debuntu) # template: # src: up_wan From c84b5bd87d6923c0afc86e41c2205765311d698b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:43:02 -0400 Subject: [PATCH 23/47] 10.8.0.1 -> openvpn_server_virtual_ip --- roles/openvpn/templates/{iiab-remote-on => iiab-remote-on.j2} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename roles/openvpn/templates/{iiab-remote-on => iiab-remote-on.j2} (87%) diff --git a/roles/openvpn/templates/iiab-remote-on b/roles/openvpn/templates/iiab-remote-on.j2 similarity index 87% rename from roles/openvpn/templates/iiab-remote-on rename to roles/openvpn/templates/iiab-remote-on.j2 index 0c1215077..45c48f228 100644 --- a/roles/openvpn/templates/iiab-remote-on +++ b/roles/openvpn/templates/iiab-remote-on.j2 @@ -11,7 +11,7 @@ systemctl enable openvpn@xscenet.service systemctl start openvpn@xscenet.service sleep 5 -ping -c 2 10.8.0.1 +ping -c 2 {{ openvpn_server_virtual_ip }} # 10.8.0.1 if [ $? -eq 0 ]; then echo OpenVPN successfully started. else From 895755436faf23431d3a8bbdad393124415bfc17 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:43:51 -0400 Subject: [PATCH 24/47] iiab-remote-on -> iiab-remote-on.j2 --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index cd3716252..0b4860e33 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -52,7 +52,7 @@ - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } # Unused for ~2 years as of August 2018: #- { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } - - { src: 'iiab-remote-on', dest: '/usr/bin/iiab-remote-on', mode: '0755' } + - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } - name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) From b90b1b39a1089e0442720b0bcdb0a5344ba7d153 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:48:07 -0400 Subject: [PATCH 25/47] Rename xsce-vpn.conf.in to xsce-vpn.conf.in.deprecated --- .../templates/{xsce-vpn.conf.in => xsce-vpn.conf.in.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/openvpn/templates/{xsce-vpn.conf.in => xsce-vpn.conf.in.deprecated} (100%) diff --git a/roles/openvpn/templates/xsce-vpn.conf.in b/roles/openvpn/templates/xsce-vpn.conf.in.deprecated similarity index 100% rename from roles/openvpn/templates/xsce-vpn.conf.in rename to roles/openvpn/templates/xsce-vpn.conf.in.deprecated From 33965671e4135adb5b3f1a2943e01c2b19f13c26 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:48:18 -0400 Subject: [PATCH 26/47] Rename iiab-vpn.conf.in to iiab-vpn.conf.in.deprecated --- .../templates/{iiab-vpn.conf.in => iiab-vpn.conf.in.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/openvpn/templates/{iiab-vpn.conf.in => iiab-vpn.conf.in.deprecated} (100%) diff --git a/roles/openvpn/templates/iiab-vpn.conf.in b/roles/openvpn/templates/iiab-vpn.conf.in.deprecated similarity index 100% rename from roles/openvpn/templates/iiab-vpn.conf.in rename to roles/openvpn/templates/iiab-vpn.conf.in.deprecated From 98d20898b22f7a63c2c48c545a37f2914f05782e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:49:48 -0400 Subject: [PATCH 27/47] Update main.yml --- roles/openvpn/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 0b4860e33..ec2e51456 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -45,7 +45,8 @@ - { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } - - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } + # Moved to iiab-vpn.conf.in as of August 2018 + # - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } - { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } # Comment out in future? Unused for ~2 years as of August 2018: From d3cbacf907e8b4a2fc771f9e4702567ed6f5e1b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 15:54:46 -0400 Subject: [PATCH 28/47] Rename iiab-vpn.conf.in.deprecated to iiab-vpn.conf.in --- .../templates/{iiab-vpn.conf.in.deprecated => iiab-vpn.conf.in} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/openvpn/templates/{iiab-vpn.conf.in.deprecated => iiab-vpn.conf.in} (100%) diff --git a/roles/openvpn/templates/iiab-vpn.conf.in.deprecated b/roles/openvpn/templates/iiab-vpn.conf.in similarity index 100% rename from roles/openvpn/templates/iiab-vpn.conf.in.deprecated rename to roles/openvpn/templates/iiab-vpn.conf.in From 171f8278eec481801502e38413c85e2311401ebc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:19:25 -0400 Subject: [PATCH 29/47] Update and rename party-line.conf.j2 to party-line.conf.j2.deprecated --- .../{party-line.conf.j2 => party-line.conf.j2.deprecated} | 2 ++ 1 file changed, 2 insertions(+) rename roles/openvpn/templates/{party-line.conf.j2 => party-line.conf.j2.deprecated} (93%) diff --git a/roles/openvpn/templates/party-line.conf.j2 b/roles/openvpn/templates/party-line.conf.j2.deprecated similarity index 93% rename from roles/openvpn/templates/party-line.conf.j2 rename to roles/openvpn/templates/party-line.conf.j2.deprecated index 1ff61a019..1ed627baa 100644 --- a/roles/openvpn/templates/party-line.conf.j2 +++ b/roles/openvpn/templates/party-line.conf.j2.deprecated @@ -1,3 +1,5 @@ +# REPLACED BY xscenet.conf.j2 -> /etc/openvpn/xscenet.conf + ######################################### # Sample client-side OpenVPN config file # for connecting to multi-client server. From e037b84217a9f1c80e50905f2310f4475672484f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:25:58 -0400 Subject: [PATCH 30/47] Update and rename iiab-vpn.j2 to iiab-vpn.j2.deprecated --- roles/openvpn/templates/{iiab-vpn.j2 => iiab-vpn.j2.deprecated} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename roles/openvpn/templates/{iiab-vpn.j2 => iiab-vpn.j2.deprecated} (94%) diff --git a/roles/openvpn/templates/iiab-vpn.j2 b/roles/openvpn/templates/iiab-vpn.j2.deprecated similarity index 94% rename from roles/openvpn/templates/iiab-vpn.j2 rename to roles/openvpn/templates/iiab-vpn.j2.deprecated index 306902c1e..d463f85ed 100755 --- a/roles/openvpn/templates/iiab-vpn.j2 +++ b/roles/openvpn/templates/iiab-vpn.j2.deprecated @@ -2,7 +2,7 @@ # script to manage openvpn if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then - VPNCONFIG='party-line.conf' + VPNCONFIG='xscenet.conf' # WAS BUGGY (set to non-existent "party-line.conf", but thankfully unused) as of August 2018 VPNIP={{ openvpn_server_virtual_ip }} else # expect the sourced file to set the above variables From 98e7af657f3e3f984055ca9e4ad8c01c8a46294b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:26:54 -0400 Subject: [PATCH 31/47] Update main.yml --- roles/openvpn/tasks/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index ec2e51456..f25aa3ed2 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -45,9 +45,10 @@ - { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } - # Moved to iiab-vpn.conf.in as of August 2018 - # - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } - - { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } + # Buggy & rarely used as of August 2018: + #- { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } + # Buggy & rarely used as of August 2018: + #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } # Comment out in future? Unused for ~2 years as of August 2018: - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } From f715aabfdd18bd5425a9a69d7b96cf63be4ade18 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:33:11 -0400 Subject: [PATCH 32/47] Update main.yml --- roles/openvpn/tasks/main.yml | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index f25aa3ed2..85ef06a55 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -45,17 +45,18 @@ - { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } + - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } + - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } + # Comment out in future? Not recommended as of August 2018: + - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } + # Comment out in future? Might still be relevant for CentOS but unused for ~2 years as of August 2018: + - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } + # Unused for ~2 years as of August 2018: + #- { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } # Buggy & rarely used as of August 2018: #- { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } # Buggy & rarely used as of August 2018: #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } - - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } - # Comment out in future? Unused for ~2 years as of August 2018: - - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } - # Unused for ~2 years as of August 2018: - #- { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } - - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } - name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) template: @@ -84,11 +85,11 @@ dest: /etc/NetworkManager/dispatcher.d/ when: not is_debuntu -# Comment out in future? Unused for ~2 years as of August 2018: -- name: Check for manually configured OpenVPN tunnel - stat: - path: /etc/openvpn/iiab-vpn.conf - register: stat +# Was buggy & unused for ~2 years as of August 2018: +#- name: Check for manually configured OpenVPN tunnel +# stat: +# path: /etc/openvpn/iiab-vpn.conf +# register: stat # FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not @@ -120,13 +121,15 @@ name: openvpn@xscenet.service enabled: yes state: restarted - when: openvpn_enabled and not stat.exists is defined + when: openvpn_enabled + #when: openvpn_enabled and not stat.exists is defined - name: Enable hourly cron job for OpenVPN lineinfile: path: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" - when: openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined + when: openvpn_enabled and openvpn_cron_enabled + #when: openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined - name: Remove hourly cron job for OpenVPN lineinfile: From 928eac19f7ed1ff6f306560eba11fa6ab873e71b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:38:15 -0400 Subject: [PATCH 33/47] Update main.yml --- roles/openvpn/tasks/main.yml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 85ef06a55..b978144f1 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -24,19 +24,20 @@ group: root mode: 0755 -# Comment out in future? Unused for ~2 years as of August 2018: +# Comment out in future? Might still be relevant for CentOS but unused for ~2 years as of August 2018: - name: Create folder /usr/lib/iiab (not on path) for iiab executable up_wan file: path: /usr/lib/iiab state: directory -- name: Configure OpenVPN +- name: Configure OpenVPN (BACKS UP FILES IF CHANGED) template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: root mode: "{{ item.mode }}" + backup: yes with_items: - { src: 'ca.crt', dest: '/etc/openvpn/keys/ca.crt', mode: '0644' } - { src: 'client1.crt', dest: '/etc/openvpn/keys/client1.crt', mode: '0644' } @@ -47,6 +48,7 @@ - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } + - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } # Comment out in future? Not recommended as of August 2018: - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } # Comment out in future? Might still be relevant for CentOS but unused for ~2 years as of August 2018: @@ -58,15 +60,15 @@ # Buggy & rarely used as of August 2018: #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } -- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) - template: - src: openvpn_handle.j2 - dest: /etc/iiab/openvpn_handle - owner: root - group: root - mode: 0644 - backup: yes - when: openvpn_handle is defined +#- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) +# template: +# src: openvpn_handle.j2 +# dest: /etc/iiab/openvpn_handle +# owner: root +# group: root +# mode: 0644 +# backup: yes +# when: openvpn_handle is defined # Comment out in future? up_wan was being installed twice (also above) and # was unused for ~2 years as of August 2018: (see 15-openvpn below) From 9da941333c647d4bb019139d55b7ba60a98ccebc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:40:04 -0400 Subject: [PATCH 34/47] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index b978144f1..d6f4e9709 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -176,9 +176,9 @@ value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" -# Uncomment *if* openvpn_handle variable later becomes mandatory -# - option: handle -# value: "{{ openvpn_handle }}" +# Uncommented as openvpn_handle variable is now mandatory: (if set to "", the UUID will be used instead) + - option: handle + value: "{{ openvpn_handle }}" - option: cron_enabled value: "{{ openvpn_cron_enabled }}" - option: server From fb150e7ec945cf97f0085bce7ae2e303c36db1c0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:40:49 -0400 Subject: [PATCH 35/47] Update main.yml --- roles/openvpn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index b30968ae1..e29db28d8 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -2,7 +2,7 @@ openvpn_install: True openvpn_enable: False # For /etc/iiab/openvpn_handle -# openvpn_handle: UNNAMED +openvpn_handle: "" # cron seems necessary on CentOS: openvpn_cron_enabled: False From 9f3fdead9db0427bf1e5f32542f060ca32c1553f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:42:23 -0400 Subject: [PATCH 36/47] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index abcbfe102..245bc85c3 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -190,7 +190,7 @@ openvpn_install: True openvpn_enabled: False # For /etc/iiab/openvpn_handle -# openvpn_handle: UNNAMED +openvpn_handle: "" # cron seems necessary on CentOS: openvpn_cron_enabled: False From 0b609ac331cbd4559de1bfe30b7e233a314215b7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:42:43 -0400 Subject: [PATCH 37/47] Update local_vars_min.yml --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 629b68f00..2a6a7d2f4 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -# openvpn_handle: UNNAMED +openvpn_handle: "" # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 3a381833bfa0b710a069b506163c66ab542bfc5e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:43:04 -0400 Subject: [PATCH 38/47] Update local_vars_min_vpn.yml --- vars/local_vars_min_vpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min_vpn.yml b/vars/local_vars_min_vpn.yml index c48fc2a28..349513bcf 100644 --- a/vars/local_vars_min_vpn.yml +++ b/vars/local_vars_min_vpn.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: True # Set /etc/iiab/openvpn_handle in advance here: -# openvpn_handle: UNNAMED +openvpn_handle: "" # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 87986f28f319086f6da40a062fffc587eb950047 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:43:23 -0400 Subject: [PATCH 39/47] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 1416b297c..9290dfee8 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -# openvpn_handle: UNNAMED +openvpn_handle: "" # The following seems necessary on CentOS: # openvpn_cron_enabled: True From f79988ca6e45aee5c9ee99fe1562fd912a3cdc1e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:43:39 -0400 Subject: [PATCH 40/47] Update local_vars_medium_vpn.yml --- vars/local_vars_medium_vpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium_vpn.yml b/vars/local_vars_medium_vpn.yml index 9c9c5a4bc..41f30edad 100644 --- a/vars/local_vars_medium_vpn.yml +++ b/vars/local_vars_medium_vpn.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: True # Set /etc/iiab/openvpn_handle in advance here: -# openvpn_handle: UNNAMED +openvpn_handle: "" # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 87bd47c3e0b75238f21d16e4ef1bab8644646a3f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:43:55 -0400 Subject: [PATCH 41/47] Update local_vars_big.yml --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index a70619bb5..603bd2901 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -# openvpn_handle: UNNAMED +openvpn_handle: "" # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 4ce5ce9feece97dc995eeea370608851858b2f5a Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:44:11 -0400 Subject: [PATCH 42/47] Update local_vars_big_vpn.yml --- vars/local_vars_big_vpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big_vpn.yml b/vars/local_vars_big_vpn.yml index bf3fdfeb2..081ea50b5 100644 --- a/vars/local_vars_big_vpn.yml +++ b/vars/local_vars_big_vpn.yml @@ -87,7 +87,7 @@ openvpn_install: True openvpn_enabled: True # Set /etc/iiab/openvpn_handle in advance here: -# openvpn_handle: UNNAMED +openvpn_handle: "" # The following seems necessary on CentOS: # openvpn_cron_enabled: True From 40a36c16fa61621fcc979c7f3836807b299accd3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:48:24 -0400 Subject: [PATCH 43/47] Update main.yml --- roles/openvpn/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index d6f4e9709..3376d30a4 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -124,14 +124,12 @@ enabled: yes state: restarted when: openvpn_enabled - #when: openvpn_enabled and not stat.exists is defined - name: Enable hourly cron job for OpenVPN lineinfile: path: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" when: openvpn_enabled and openvpn_cron_enabled - #when: openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined - name: Remove hourly cron job for OpenVPN lineinfile: From e28ae923e35f798d990cbd4bcf527c0f43697ae5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 16:51:09 -0400 Subject: [PATCH 44/47] Rename iiab-vpn.conf.in to iiab-vpn.conf.in.deprecated --- .../templates/{iiab-vpn.conf.in => iiab-vpn.conf.in.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/openvpn/templates/{iiab-vpn.conf.in => iiab-vpn.conf.in.deprecated} (100%) diff --git a/roles/openvpn/templates/iiab-vpn.conf.in b/roles/openvpn/templates/iiab-vpn.conf.in.deprecated similarity index 100% rename from roles/openvpn/templates/iiab-vpn.conf.in rename to roles/openvpn/templates/iiab-vpn.conf.in.deprecated From e5da00c284af693d12924d9feeadc354b23ea27c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 17:05:51 -0400 Subject: [PATCH 45/47] Update iiab-handle.j2 --- roles/openvpn/templates/iiab-handle.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index f967663e3..e68653c60 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -1,10 +1,12 @@ #!/bin/bash # Interactive script (over)writes /etc/iiab/openvpn_handle file, identifying client to server -echo -e '\n\nCORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' +echo -e '\nCORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' read -p "Or, for a temporary solution until the next time Ansible is run, what OpenVPN handle do you want to use? " ans +echo + if [ "$ans" == "" ]; then if [ -f /etc/iiab/openvpn_handle ]; then rm -f /etc/iiab/openvpn_handle From 9f844f8e247509301bf9bd12dc0f875d3edf76a6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 17:12:17 -0400 Subject: [PATCH 46/47] Update iiab-handle.j2 --- roles/openvpn/templates/iiab-handle.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index e68653c60..f9d8edcac 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -4,7 +4,8 @@ echo -e '\nCORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' -read -p "Or, for a temporary solution until the next time Ansible is run, what OpenVPN handle do you want to use? " ans +echo -e "Or, for a temporary solution until the next time Ansible is run," +read -p "what OpenVPN handle do you want to use? " ans echo if [ "$ans" == "" ]; then From a73e2aa3c97ee3a6f8cd807c7329046a54f7c32d Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 17:31:02 -0400 Subject: [PATCH 47/47] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 3376d30a4..31f9d9c8f 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -174,7 +174,7 @@ value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" -# Uncommented as openvpn_handle variable is now mandatory: (if set to "", the UUID will be used instead) +# Uncommented as openvpn_handle variable is now mandatory: (if set to "", /etc/iiab/uuid will be used instead) - option: handle value: "{{ openvpn_handle }}" - option: cron_enabled