external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-13 11:42:08 +00:00
Code Issues Releases Wiki Activity
iiab/roles/openvpn/templates/iiab-support

126 lines
5.7 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
PLAYBOOK="install-support.yml"
INVENTORY="ansible_hosts"
# 2021-08-18: bash scripts using default_vars.yml &/or local_vars.yml
# https://github.com/iiab/iiab-factory/blob/master/iiab#L79-L97
# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L13
# https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52
# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L25-L34
# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN
# openvpn_handle WAS stored in 2 files on disk, one slightly stripped down (from
# the other) due to Ansible. Still, we emulate Ansible behavior when reading var
# (and later writing to disk) removing outer cruft as explained on Lines 31-40:
handle=$(grep "^openvpn_handle:\s" /etc/iiab/local_vars.yml | head -1 | sed "s/^openvpn_handle:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
echo -e "\n/etc/iiab/local_vars.yml shows openvpn_handle: $handle\n"
if [ -f /etc/iiab/openvpn_handle ]; then
echo -e " \e[41mFYI /etc/iiab/openvpn_handle is no longer supported.\e[0m\n"
echo -e " \e[41m/etc/iiab/local_vars.yml is now used instead (SSOT).\e[0m\n"
fi
echo -e "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n"
echo -e " cape-town-school-36-rpi-2019-05-31\n"
echo -en "Or hit [Enter] to keep the existing name:\e[0m "
read ans < /dev/tty
# BEHAVIOR LIKE ANSIBLE'S parsing of vars from .yml:
# (0) No need to remove hash/comments b/c it's live input here, unlike above.
# (1) sed: Remove outer spacing IF NEC, then...
# (2) sed: Remove 1 pair of matching outer quotes (IF NEC)
# (3) Ansible vars can have non-string value null. SEE /opt/iiab/iiab/test.yml
# Here in bash, we focus only on string values e.g. "" empty string if nec.
# (4) When writing to disk, we aggressively overwrite such null var lines, e.g.
# including sloppy unassigned var lines like "^var:$" that lack whitespace.
ans=$(echo $ans | sed "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
# if ( [ "$ans" = "$handle" ] || [ "$ans" = "" ] ) && [ "$handle" != "" ]; then # Overkill
if [ "$ans" = "" ] || [ "$ans" = "$handle" ]; then
echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in /etc/iiab/local_vars.yml\e[0m\n"
else
if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml
else
echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml
fi
echo -e "\n\e[1mSAVED YOUR NEW openvpn_handle to /etc/iiab/local_vars.yml\e[0m\n"
handle=$ans; # For display at bottom
fi
if grep -q '^openvpn_installed:\s\+[tT]rue\b' /etc/iiab/iiab_state.yml; then
echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
else
echo -e "Plz wait a few minutes as sshd & OpenVPN are confirmed/installed...\n"
if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml
else
echo "openvpn_install: True" >> /etc/iiab/local_vars.yml
fi
if [ -d /opt/iiab/iiab ]; then
cd /opt/iiab/iiab
export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log"
ansible -m setup -i $INVENTORY localhost --connection=local | grep python
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local
# 2 roles (sshd & openvpn) faster than running all of "./runrole 1-prep"
echo
else
echo -e " \e[41m Directory /opt/iiab/iiab does not exist: CANNOT INSTALL OPENVPN! \e[0m\n"
exit 1
fi
fi
echo -e "Now let's (re)enable OpenVPN...\n"
if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then
sed -i "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml
else
echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml
fi
systemctl enable openvpn
echo -e "\nNow let's restart OpenVPN..."
#systemctl start openvpn
systemctl restart openvpn
echo -en "\n "
for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -en " OpenVPN TIPS "
for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -e "\n\n 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'"
echo -e " 2. Check your OpenVPN connection: run 'ping 10.8.0.1'"
echo -e " 3. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x"
echo -e " 4. If necessary, run 'systemctl restart openvpn' which should"
echo -e " run 'systemctl restart openvpn@xscenet' for you."
echo -e " 5. SOMETIMES WAITING A MINUTE HELPS -- retry steps 2 and 3 to monitor."
echo -e " 6. If in future you want to disable OpenVPN connections to-and-from your"
echo -e " Internet-in-a-Box (IIAB) please run 'iiab-support-off' at that time."
echo -e " 7. Read 'How can I remotely manage my Internet-in-a-Box?' at"
echo -e " http://FAQ.IIAB.IO to learn about DIY remote support alternatives"
echo -e " like ngrok, serveo, remot3.it and TeamViewer.\n"
echo -en " "
for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -en " OpenVPN TIPS "
for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs that (or more!)"
sleep 15
echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m"
echo -en $handle
echo -en "\e[0m"
vpnip=$(ip a | grep tun0$ | awk '{print $2}')
if [ "$vpnip" != "" ]; then
echo -e "\nYour OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n"
else
echo -e "\n \e[41m ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS \e[0m\n"
exit 1
fi
Reference in a new issue View git blame Copy permalink