search

StreisandEffect / streisand

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
https://twitter.com/streisandvpn
Other
23.19k stars 1.99k forks source link

Compatibility with Raspberry Pi B+ #1286

Closed drduker closed 6 years ago

drduker commented 6 years ago

Expected behavior: Installation to be successful on top of Raspbian Stretch or on top of a Ubuntu 18.04 version (care less about ubuntu install) for raspberry pi 3 b+.

Actual Behavior:

I actually got father with the install on Rasbian Stretch on the pi 3B+ by changing this nano playbooks/roles/common/vars/main.yml line 27 to "- software-properties-common" So I just fail during "Apply custom sysctl values]"

....
TASK [common : Generate the unattended-upgrades templates to enable automatic security updates] ***********************************************************************************
changed: [localhost] => (item={u'dest': u'/etc/apt/apt.conf.d/20autoupgrades', u'src': u'20auto-upgrades.j2'})
changed: [localhost] => (item={u'dest': u'/etc/apt/apt.conf.d/50unattended-upgrades', u'src': u'50unattended-upgrades.j2'})

TASK [common : Apply the custom sysctl values] ************************************************************************************************************************************

TASK [sysctl : Apply custom sysctl values] ****************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'ansible_virtualization_type != 'lxc'' failed. The error was: error while evaluating conditional (ansible_virtualization_type != 'lxc'): 'ansible_virtualization_type' is undefined\n\nThe error appears to have been in '/home/pi/streisand/playbooks/roles/sysctl/tasks/main.yml': line 3, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n- block:\n    - name: Apply custom sysctl values\n      ^ here\n"}
    to retry, use: --limit @/home/pi/streisand/playbooks/localhost.retry

PLAY RECAP ************************************************************************************************************************************************************************
localhost                  : ok=28   changed=9    unreachable=0    failed=1

Fails during "Full system upgrade" portion of install on ubuntu 18.04:

TASK [common : Set the streisand_server_name variable to the value provided by a 'genesis' role if one is defined] ****************************************************************
skipping: [localhost]

TASK [common : Set the streisand_server_name variable to the default value if it doesn't already have one. The default is the value of the hostname retrieved from the server that is being configured.] ***
ok: [localhost]

TASK [common : Ensure the APT cache is up to date] ********************************************************************************************************************************
ok: [localhost]

TASK [common : Install Streisand common packages] *********************************************************************************************************************************

changed: [localhost] => (item=[u'apparmor', u'apt-transport-https', u'aptitude', u'build-essential', u'curl', u'expect', u'gnupg', u'iptables', u'markdown', u'ntp', u'python-pexpect', u'software-properties-common', u'qrencode', u'unattended-upgrades', u'uuid'])

TASK [common : Purge unneeded services] *******************************************************************************************************************************************
ok: [localhost] => (item=[u'lxd', u'snapd'])

TASK [common : Perform a full system upgrade] *************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "'/usr/bin/aptitude safe-upgrade' failed: setting xserver-xorg-legacy/xwrapper/allowed_users from configuration file\nE: Sub-process /usr/bin/dpkg returned an error code (1)\nupda..........

Steps to Reproduce:

[ contents of streisand-diagnostics.md here ]

Additional Details:

Log output from Ansible or other relevant services (link to Gist for longer output):

Target Cloud Provider:
Operating System of target host:
Operating System of client:
Version of Ansible, using ansible --version :
Output from git rev-parse HEAD in your Streisand directory :
drduker commented 6 years ago

After installing ansible version 2.5.0 it got farther in the install. All the way to:

TASK [openconnect : Enable the Universe repository] *******************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: apt.cache.FetchFailedException: E:The repository 'http://archive.ubuntu.com/ubuntu stretch Release' does not have a Release file.
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_B6MGzS/ansible_module_apt_repository.py\", line 551, in <module>\n    main()\n  File \"/tmp/ansible_B6MGzS/ansible_module_apt_repository.py\", line 543, in main\n    cache.update()\n  File \"/usr/lib/python2.7/dist-packages/apt/cache.py\", line 464, in update\n    raise FetchFailedException(e)\napt.cache.FetchFailedException: E:The repository 'http://archive.ubuntu.com/ubuntu stretch Release' does not have a Release file.\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}
cpu commented 6 years ago

Hi @drduker,

Unfortunately Streisand does not support the ARM architecture that the RaspberryPi B+ uses. Not all of the software we package has ARM builds available.

I'm going to close this issue. You may be able to get a forked version of Streisand working with modification but it won't be something we can help you with.

Thanks!

drduker commented 6 years ago

arg, I was planning on doing this for a school project on the cheap which is due in 10 days.

drduker commented 6 years ago

do any of the previous versions of streisand work with arm?

drduker commented 6 years ago

Please tell me which software packages exactly do not have arm builds.

cpu commented 6 years ago

arg, I was planning on doing this for a school project on the cheap which is due in 10 days.

Bummer! Your best bet is probably to use a cloud provider but that is admittedly not a free choice :-( Perhaps Amazon EC2 or Google Cloud Engine have a free trial or a student tier?

do any of the previous versions of streisand work with arm?

Streisand is presently unversioned. There are no specific releases yet (e.g. 1.0, 1.1, etc). I'm not aware of a specific point in time in which Streisand worked on ARM.

Please tell me which software packages exactly do not have arm builds.

I don't have an explicit list at hand unfortunately. Its been some time since I looked into the details. If you dig deeper and find that things have changed since my last assessment I'd be interested in hearing about it :-)

nopdotcom commented 6 years ago

Streisand requires an Ubuntu 16.04 machine as an installation target.

We also only officially support the amd64 (aka x86_64) architecture. This is not an intentional design choice; we like non-x86 architectures! But when I've tried the Pi's armhf architecture before, I've run into incompatibilities with some of the VPN services. I think I did get a minimal server running, but it was missing stuff like Tor.

People do seem interested in armhf. A little doc saying, "here are configuration options that make a partial server work" would be useful to people, and fixes for gratuitous incompatibilities would be good too. I don't have too many cycles to do new work on this, though.

Bear in mind that Streisand's primary usage model is cloud hosting providers. Are there good armhf/arm64 providers for the kinds of things Streisand does?

(I'm closing this particular issue because there's no way around the 16.04 requirement.)