search

CoffeeITWorks / ansible_burp2_server

Ansible role to deploy burp2 server
MIT License
10 stars 9 forks source link

22.04 Jammy fatal error on dependency libssl1.1 (no package matching) #86

Closed compumatter closed 2 years ago

compumatter commented 2 years ago

Just upgraded to 22.04 server.

Running the burp2_server role throws this message:

FAILED! => {"changed": false, "msg": "No package matching 'libssl1.1' is available"}

I'm not sure of it's purpose. Is it required by burp2_server and if so....

Not sure if it's related but further into the install it hangs up here:

TASK [burp2_server : wait for burpca to get all server certificates] *****

With this in the syslog file: ug 8 15:59:09 servermatter systemd[1]: Stopped Burp Backup service. Aug 8 15:59:09 servermatter systemd[1]: Started Burp Backup service. Aug 8 15:59:09 servermatter burp[1333709]: 2022-08-08 15:59:09 -0700: burp[1333709] Creating /etc/burp/CA/CA_burpCA.crl Aug 8 15:59:09 servermatter burp[1333709]: 2022-08-08 15:59:09 -0700: burp[1333709] Running '/usr/local/sbin/burp_ca --name burpCA --config /etc/burp/CA.cnf --dir /etc/burp/CA --crl' Aug 8 15:59:09 servermatter burp[1333709]: 2022-08-08 15:59:09 -0700: burp[1333709] /usr/local/sbin/burp_ca returned: 1 Aug 8 15:59:09 servermatter burp[1333709]: 2022-08-08 15:59:09 -0700: burp[1333709] Error running /usr/local/sbin/burp_ca Aug 8 15:59:09 servermatter burp[1333709]: 2022-08-08 15:59:09 -0700: burp[1333709] CA setup failed Aug 8 15:59:09 servermatter systemd[1]: burp-server.service: Main process exited, code=exited, status=1/FAILURE Aug 8 15:59:09 servermatter systemd[1]: burp-server.service: Failed with result 'exit-code'.

And finally back in Ansible:

failed: [compumatter.biz] (item=/etc/burp/ssl_cert_ca-server.pem) => {"ansible_loop_var": "item", "changed": false, "elapsed": 300, "item": "/etc/burp/ssl_cert_ca-server.pem", "msg": "Timeout when waiting for file /etc/burp/ssl_cert_ca-server.pem"}

Thanks.

compumatter commented 2 years ago

I am also seeing a lof of supervisor "skipping" ie; TASK [burp2_server : supervisor deprecated | update cache] *** skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | Install supervisor] skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | configure supervisor logrotate] skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | configure supervisor logrotate] skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | Ensure "/etc/supervisor/conf.d" dir exists] skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | configure supervisor service for burp-server] skipping: [compumatter.biz] => (item={'src': 'burp-server.conf_supervisor.j2', 'dest': '/etc/supervisor/conf.d/burp-server.conf'})

TASK [burp2_server : supervisor deprecated | ensure supervisor is started] skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | ensure supervisor is restarted] skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | pause 10 seconds when supervisor started] skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | start burp server] skipping: [compumatter.biz]

TASK [burp2_server : supervisor deprecated | wait for burp_server port] skipping: [compumatter.biz]

In case this is relevant in the hanging up on TASK [burp2_server : wait for burpca to get all server certificates]

Thanks.

pablodav commented 2 years ago

thanks you for reporting this, I will check and fix during the weekend

pablodav commented 2 years ago

Hi @compumatter

I checked this issue, prepared the changes in new branch feature/86_support_ubuntu2204

But I'm not able to merge the changes, let me explain:

Ubuntu 22.04 doesn't has libssl1.1 in its repositories, it provides officially openssl 3 only. So, change for supporting ubuntu 22.04 is easy, I only have to change the variables for the new distro, but:

Openssl 3 is not support yet by burp: https://github.com/grke/burp/issues/904

So, even if I change the variables it will not work.

Possible workaround for you:

As explained here, you can install dependencies for openssl and download the packages: https://askubuntu.com/questions/1403837/how-do-i-use-openssl-1-1-1-in-ubuntu-22-04

I recommend to prepare a separate "ansible playbook/role" as "workaround openssl 1.1 for ubuntu 22.04" until burp supports openssl 3.

For better automation, maybe you can consider adding the sources for apt-get of this ppa: https://launchpad.net/~mgrocock/+archive/ubuntu/openssl and then it should work for Ubuntu 22.04 role as is.

I will keep this issue open until burp supports openssl 3.

compumatter commented 2 years ago

Thank you. I will keep an ear to the ground on this and look forward to Graham incorporating openssl3 and the subsequent Ansible role adjustment.

pablodav commented 2 years ago

Local test passed, now running github action tests.

pablodav commented 2 years ago

thanks you very much @compumatter for your donation, it is really appreciated :D