bluppfisk
commented
6 years ago blatted the server, ran it again and the script went through. Still, it should fail more gracefully.
Closed bluppfisk closed 6 years ago
bluppfisk
commented
6 years ago blatted the server, ran it again and the script went through. Still, it should fail more gracefully.
nopdotcom
commented
6 years ago I'm getting really annoyed with these transient keyserver failures. Are we doing something wrong?
cpu
commented
6 years ago run it on an existing server (option 8), in this case a Vultr VPS running Ubuntu 16.04.
@bluppfisk Where was the Vultr instance provisioned? Does running gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 from that instance succeed now?
I can't explain these transient keyserver errors and there isn't a secure alternative to failing closed when the GPG key can't be imported to verify the release. I've been unable to reproduce the failure so far from any of my own server instances (Vultr included).
bluppfisk
commented
6 years ago It was a tokyo server. Then I blatted it and ran streisand again without a problem, so it'll be hard to find out now. :<
cpu
commented
6 years ago @bluppfisk I'm glad running it again worked. This is definitely the kind of problem that happens briefly and then goes away, tricky to fix! :sob:
I'm going to close this issue since the root cause is similar enough to https://github.com/StreisandEffect/streisand/issues/1199 that I can track GPG keyserver failure improvements there.
Thanks!
Expected behavior:
continuation of the script
Actual Behavior:
aborts at double tor-bridge related failures
Steps to Reproduce:
TASK [tor-bridge : Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads] *** FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (10 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (9 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (8 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (7 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (6 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (5 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (4 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (3 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (2 retries left). FAILED - RETRYING: Import GPG key ID 0x4E2C6E8793298290 for verifying Tor Browser Bundle downloads (1 retries left). fatal: [45.77.13.39]: FAILED! => {"attempts": 10, "changed": true, "cmd": ["gpg", "--keyserver", "x-hkp://pool.sks-keyservers.net", "--recv-keys", "0x4E2C6E8793298290"], "delta": "0:00:00.876633", "end": "2018-03-13 10:16:49.530994", "msg": "non-zero return code", "rc": 2, "start": "2018-03-13 10:16:48.654361", "stderr": "gpg: requesting key 93298290 from hkp server pool.sks-keyservers.net\ngpg: no valid OpenPGP data found.\ngpg: key 93298290: no valid user IDs\ngpg: this may be caused by a missing self-signature\ngpg: Total number processed: 1\ngpg: w/o user IDs: 1", "stderr_lines": ["gpg: requesting key 93298290 from hkp server pool.sks-keyservers.net", "gpg: no valid OpenPGP data found.", "gpg: key 93298290: no valid user IDs", "gpg: this may be caused by a missing self-signature", "gpg: Total number processed: 1", "gpg: w/o user IDs: 1"], "stdout": "gpgkeys: key 4E2C6E8793298290 partially retrieved (probably corrupt)", "stdout_lines": ["gpgkeys: key 4E2C6E8793298290 partially retrieved (probably corrupt)"]}
TASK [tor-bridge : One or more of the VPN clients could not be mirrored. Please file a bug report on GitHub so that the version number, checksum, or download location can be updated. Setup will now continue.] *** Pausing for 20 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [45.77.13.39]
TASK [tor-bridge : Generate the Tor Markdown mirror page] ** failed: [45.77.13.39] (item={'value': {u'file_suffix': u'-fr', u'tor_locale': u'fr', u'language_name': u'Fran\xe7ais'}, 'key': u'fr'}) => {"changed": false, "item": {"key": "fr", "value": {"file_suffix": "-fr", "language_name": "Français", "tor_locale": "fr"}}, "msg": "AnsibleUndefinedVariable: 'tor_linux32_filename_template' is undefined"} failed: [45.77.13.39] (item={'value': {u'file_suffix': u'', u'tor_locale': u'en-US', u'language_name': u'English'}, 'key': u'en'}) => {"changed": false, "item": {"key": "en", "value": {"file_suffix": "", "language_name": "English", "tor_locale": "en-US"}}, "msg": "AnsibleUndefinedVariable: 'tor_linux32_filename_template' is undefined"}
RUNNING HANDLER [ssh : Restart SSH] ****
RUNNING HANDLER [openconnect : Restart ocserv] *****
RUNNING HANDLER [openconnect : Restart rsyslog for OpenConnect] ****
RUNNING HANDLER [l2tp-ipsec : Restart rsyslog for Libreswan] ***
RUNNING HANDLER [dnsmasq : Restart dnsmasq] ****
RUNNING HANDLER [openvpn : Restart OpenVPN] ****
RUNNING HANDLER [tinyproxy : Restart Tinyproxy] ****
RUNNING HANDLER [tor-bridge : Restart Nginx for the Tor hidden service vhost] ***
RUNNING HANDLER [stunnel : Restart stunnel] **** to retry, use: --limit @/home/sander/streisand/playbooks/existing-server.retry
PLAY RECAP ***** 45.77.13.39 : ok=326 changed=244 unreachable=0 failed=2
localhost : ok=5 changed=1 unreachable=0 failed=0
Ansible Information
Streisand Information
Enabled Roles