New command /usr/bin/iiab-remoteit to quickly obtain a new Claim Code for https://remote.it (allows remote connections to manage an IIAB)

[holta]

Thanks to @jvonau's ideas at #3158 and building on:

• Enhance [and test!] roles/remoteit so it works on RaspiOS Bullseye, Ubuntu, Mint & Debian too [user testing & documentation for remote.it remote support] #3006
• PR remoteit/README.md: Clean up explanations + links #3154
• PR Always install the latest remote.it Device Package (instead of hard-coding a new version# every 1-2 months!) #3156
• PR vars files: Update remote.it & OpenVPN tips #3157

This PR also overhauls and dramatically simplifies the installation of remote.it's Device Package, using their official 1-line installer ("curl -L https://downloads.remote.it/remoteit/install_agent.sh") as recommended by their 2022-01-24 document "Streamlined installation for Linux and Raspberry Pi platforms".

Note that apt purge remoteit* is regrettably necessary at this time [prior to running remote.it's install_agent.sh], in order to get a new Claim Code in many corner cases, and for several reasons. One of those reasons is that the Device Package .deb files (same thing you get at https://remote.it/download/) are oddly each built in slightly different ways. Without going into all the ugly details, the situation and its resolution are summarized here:

https://github.com/holta/iiab/blob/5854ab7c619b3c01446951f925c5f27eb37ed077/roles/remoteit/templates/iiab-remoteit#L32-L34

FYI this PR intentionally avoids Ansible, so that the /usr/bin/iiab-remoteit command runs as quickly and resiliently as possible, quite similar to /usr/bin/iiab-support with OpenVPN.

This PR is tested on the latest pre-release of Ubuntu Desktop 22.04, with more testing ongoing on other OS's too, including 32-bit and 64-bit RasPiOS on Raspberry Pi 4.

[jvonau]

_installed: True are the only entries found in iiab_state, if ! and just the echo if missing seems more appropriate, does away with the unneeded sed alteration shorting the code

[holta]

Makes sense.

(Unless /etc/iiab/iiab_state.yml hypothetically changes in future, to store other kinds of state...)

[jvonau]

Other new states sure I can see that, I doubt you are refactoring every role to drop is defined for any reason other than code churn.

[jvonau]

The forced reinstall is a pretty big hammer and might be able to go away. I've discovered that removing /etc/remoteit/config.json and then restarting connectd results in a new config.json with a different 'id' & 'claim' being generated, looks like 'name' is generated from the hostname of the machine.

FYI this PR intentionally avoids Ansible, so that the /usr/bin/iiab-remoteit command runs as quickly and resiliently as possible, quite similar to /usr/bin/iiab-support with OpenVPN.

Just to clarify, the current logic in iiab-support that skips using ansible relies on ansible being run at least once to install the role otherwise ansible will be used used to install openvpn to place all the template files in to their correct locations.

[holta]

Aside; It appears remote.it is hardly bug-free on Raspberry Pi.

If so this is unfortunate and a bit surprising, as the company has a very long history working with Raspberry Pis.

Still, let's try to get more feedback from more implementers to see what many different people's experiences are in coming weeks and months.

[jvonau]

On ubuntu-22.04 running curl -L https://downloads.remote.it/remoteit/install_agent.sh | sudo sh by hand results in the restart services dialog box coming to the forefront and not being able to tab over to 'ok', can't see how ansible will be able to proceed given this stall

[holta]

On ubuntu-22.04 running curl -L https://downloads.remote.it/remoteit/install_agent.sh | sudo sh by hand results in the restart services dialog box coming to the forefront and not being able to tab over to 'ok', can't see how ansible will be able to proceed

It's a good question as to why this in fact works without stalling from scripts and from Ansible.

I'd love to know the answer — as this happens in other situations too — specifically: such scripts do consistently work even on graphical desktop OS's, e.g. when invoked from a script or from Ansible, instead of from a graphical command-line.

(Possibly this has something to do with the particular environment variables or similar, within a graphical [I meant interactive] terminal, [versus non-interactive scripts] ?)

[holta]

I've discovered that removing /etc/remoteit/config.json and then restarting connectd results in a new config.json with a different 'id' & 'claim' being generated, looks like 'name' is generated from the hostname of the machine.

This is very promising. I've seen 1 instance where this did not work, but it would seem to work a vast majority of the time.

[jvonau]

On ubuntu-22.04 running curl -L https://downloads.remote.it/remoteit/install_agent.sh | sudo sh by hand results in the restart services dialog box coming to the forefront and not being able to tab over to 'ok', can't see how ansible will be able to proceed

It's a good question as to why this in fact works without stalling from scripts and from Ansible.

I'd love to know the answer — as this happens in other situations too — specifically: such scripts do consistently work even on graphical desktop OS's, e.g. when invoked from a script or from Ansible, instead of from a graphical command-line.

This was from a ssh session with no desktop installed.

(Possibly this has something to do with the particular environment variables or similar, within a graphical terminal ?)

no graphics just a cmdline over ssh

[holta]

no graphics just a cmdline over ssh

Indeed. I should not have said a literal graphical desktop (in the style of X Windows, etc). Certainly it works from scripts/Ansible.

But I don't know the exact dynamics. I (suspect?) it has something to do with shell environment variables — that somehow establish whether it's an interactive session or not.

Likewise: The needrestart command (that recent Ubuntu-like OS's use when you apt update) shows the same behavior — it prompts you colorfully if you're running from an interactive terminal / shell — but somehow is wise enough not to get stuck when the same command runs from a script.

[jvonau]

no graphics just a cmdline over ssh

Indeed. I should not have said a literal graphical desktop (in the style of X Windows, etc). Certainly it works from scripts/Ansible.

But I don't know the exact dynamics. I (suspect?) it has something to do with shell environment variables — that somehow establish whether it's an interactive session or not.

Likewise: The needrestart command (that recent Ubuntu-like OS's use when you apt update) shows the same behavior — it prompts you colorfully if you're running from an interactive terminal / shell — but somehow is wise enough not to get stuck when the same command runs from a script.

You still have to tab over to OK and then enter to proceed when using /usr/bin/iiab-remoteit, same as doing a wget of install_agent.sh then sudo bash install_agent.sh(yea I could of chmod it) only using curl directly doesn't allow one to tab over to OK. Must have an interactive tty flag somewhere that ansible and/or needrestart makes use of.

[jvonau]

#3011 (comment) additional inspiration for this PR.

I've discovered that removing /etc/remoteit/config.json and then restarting connectd results in a new config.json with a different 'id' & 'claim' being generated, looks like 'name' is generated from the hostname of the machine.

This is very promising. I've seen 1 instance where this did not work, but it would seem to work a vast majority of the time.

Think the only time this won't work if there is a /etc/remoteit/registration file present.

[holta]

Heavily tested on Ubuntu 22.04 pre-release (VM).

Time to push this and seek out broader community feedback as more people bang on this and use it in many different ways.

Many thanks to @jvonau whose insight into deleting /etc/remoteit/config.json and then restarting systemd service connectd was instrumental to the new command /usr/bin/iiab-remoteit quickly obtaining a new claim code.

(Hopefully this undocumented feature[*] will remain working as part of remote.it Device Packages for years to come, if we're lucky!)

[*] Hinted at within https://support.remote.it/hc/en-us/articles/360061228252-Oops-I-cloned-an-SD-card-