StreisandEffect / streisand

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
https://twitter.com/streisandvpn
Other
23.21k stars 1.99k forks source link

Generate Docs directory missing #1576

Open thihara opened 5 years ago

thihara commented 5 years ago

Expected behavior:

After installation completes, the generted-docs directory needs to be present.

Actual Behavior:

Installation completes, but there is no generated-docs directory

Steps to Reproduce:

  1. Run installation on GCE

Ansible Information

Streisand Information

Enabled Roles

thihara commented 5 years ago

Installation output

~/workspace/streisand • ./streisand

S T R E I S A N D

Which provider are you using?

  1. Amazon
  2. Azure
  3. DigitalOcean
  4. Google
  5. Linode
  6. Rackspace
  7. localhost (Advanced)
  8. Existing Server (Advanced) : 4

Do you wish to customize which services Streisand will install? By saying 'no' Streisand will use the settings configured in /Users/thihara/.streisand/site.yml

Press enter to customize your installation:

Confirmed. Customizing Streisand services.

[WARNING]: Found both group and host with same name: localhost

Enter the path to your SSH private key, or press enter for default [~/.ssh/id_rsa]: How many VPN client profiles should be generated per-service (min: 1 max: 20)? Press enter for default [5]: Enable OpenConnect? Press enter for default [yes]: Enable OpenVPN? Press enter for default [yes]: Enable stunnel service (only allowed for OpenVPN)? Press enter for default [yes]: Enable Shadowsocks? Press enter for default [yes]: Enable SSH Forward User? (Note: A SOCKS proxy only user will be added, no shell). Press enter for default [yes]: Enable sshuttle? (Note: A full shell access user will be added) Press enter for default [no]: yes Enable tinyproxy? Press enter for default [yes]: Enable Tor? Press enter for default [no]: yes Enable WireGuard? Press enter for default [yes]:

PLAY [Customize enabled Streisand services] *****

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

TASK [lineinfile] *** ok: [localhost]

PLAY RECAP ** localhost : ok=11 changed=0 unreachable=0 failed=0

[WARNING]: Found both group and host with same name: localhost

PLAY [Perform global variables validation] **

TASK [validation : Stat the Streisand SSH private key] ** ok: [localhost]

TASK [validation : Fail if the Streisand SSH private key file doesn't exist] **** skipping: [localhost]

TASK [validation : Stat the Streisand SSH public key] *** ok: [localhost]

TASK [validation : Fail if the Streisand SSH public key file doesn't exist] ***** skipping: [localhost]

TASK [validation : Validate that OpenVPN optional variables are rational] *** skipping: [localhost]

TASK [validation : Validate that Tinyproxy optional variables are rational] ***** skipping: [localhost]

TASK [validation : Validate that sshutle optional variables are rational] *** skipping: [localhost]

TASK [validation : Validate that the maximum number of clients is set to a reasonable amount] *** skipping: [localhost]

TASK [validation : Validate that at least one VPN is specified] ***** skipping: [localhost]

PLAY RECAP ** localhost : ok=2 changed=0 unreachable=0 failed=0

[WARNING]: Found both group and host with same name: localhost

What zone should the server be located in?

  1. Central US (Iowa A)
  2. Central US (Iowa B)
  3. Central US (Iowa C)
  4. Central US (Iowa F)
  5. Eastern US (Northern Virginia A)
  6. Eastern US (Northern Virginia B)
  7. Eastern US (Northern Virginia C)
  8. Eastern US (South Carolina B)
  9. Eastern US (South Carolina C)
  10. Eastern US (South Carolina D)
  11. Western US (Oregon A)
  12. Western US (Oregon B)
  13. Western US (Oregon C)
  14. Western Europe (Belgium B)
  15. Western Europe (Belgium C)
  16. Western Europe (Belgium D)
  17. Western Europe (London A)
  18. Western Europe (London B)
  19. Western Europe (London C)
  20. Western Europe (Frankfurt A)
  21. Western Europe (Frankfurt B)
  22. Western Europe (Frankfurt C)
  23. Western Europe (Netherlands A)
  24. Western Europe (Netherlands B)
  25. Western Europe (Netherlands C)
  26. East Asia (Taiwan A)
  27. East Asia (Taiwan B)
  28. East Asia (Taiwan C)
  29. Northeast Asia (Tokyo A)
  30. Northeast Asia (Tokyo B)
  31. Northeast Asia (Tokyo C)
  32. South Asia (Mumbai A)
  33. South Asia (Mumbai B)
  34. South Asia (Mumbai C)
  35. Southeast Asia (Singapore A)
  36. Southeast Asia (Singapore B)
  37. Southeast Australia (Sydney A)
  38. Southeast Australia (Sydney B)
  39. Southeast Australia (Sydney C)
  40. South America (São Paulo A)
  41. South America (São Paulo B)
  42. South America (São Paulo C) Please choose the number of your zone. Press enter for default (#3) zone.

What should the server be named? Press enter for default (streisand). [streisand]:

The full path of your unique service account credentials file. Details on generating this can be found at https://docs.ansible.com/ansible/guide_gce.html#credentials and https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts

Streisand will now set up your server. This process usually takes around ten minutes. Press Enter to begin setup... :

PLAY [Provision the GCE Server] *****

TASK [Gathering Facts] ** ok: [localhost]

TASK [Set the Google Compute Engine Zone interactive] *** ok: [localhost]

TASK [Register JSON file contents] ** ok: [localhost]

TASK [Set JSON file contents fact] ** ok: [localhost]

TASK [Set the Google Compute Engine Service Account Email] ** ok: [localhost]

TASK [Set the Google Compute Engine Project ID] ***** ok: [localhost]

TASK [gce-network : Create network] ***** ok: [localhost]

TASK [gce-network : Open the SSH port in the GCE firewall] ** ok: [localhost]

TASK [gce-network : Open the Nginx port in the GCE firewall] **** ok: [localhost]

TASK [gce-network : Open HTTP port for Let's Encrypt in the GCE firewall] *** ok: [localhost]

TASK [gce-network : Open necessary Tor ports in the GCE firewall] *** ok: [localhost]

TASK [gce-network : Open the OpenConnect (ocserv) port in the GCE firewall] ***** ok: [localhost]

TASK [gce-network : Open the OpenVPN ports in the GCE firewall] ***** ok: [localhost]

TASK [gce-network : Open the OpenVPN stunnel port in the GCE firewall] ** ok: [localhost]

TASK [gce-network : Open the Shadowsocks ports in the GCE firewall] ***** ok: [localhost]

TASK [gce-network : Open the WireGuard port in the GCE firewall] **** ok: [localhost]

TASK [genesis-google : set_fact] **** ok: [localhost]

TASK [genesis-google : Get the ~/.ssh/id_rsa.pub contents] ** ok: [localhost]

TASK [genesis-google : Create the GCE instance] ***** changed: [localhost]

TASK [genesis-google : Wait until the server has finished booting and OpenSSH is accepting connections] ***** ok: [localhost]

TASK [genesis-google : Create the in-memory inventory group] **** changed: [localhost]

TASK [genesis-google : Set the streisand_ipv4_address variable] ***** ok: [localhost]

TASK [genesis-google : Set the streisand_server_name variable] ** ok: [localhost]

PLAY [Configure Ansible SSH] ****

TASK [set_fact] ***** ok: [35.244.60.224]

PLAY [Checking instance status] *****

TASK [Wait for cloud-init to complete] ** ok: [35.244.60.224]

PLAY [Prepare the new server for Ansible] ***

TASK [Install Python using a raw SSH command to enable the execution of Ansible modules] **** changed: [35.244.60.224] Do you have a fully qualified domain pointed at your Streisand server?

This is an optional question. If you have a domain that points to your Streisand server, the installation scripts can request a Let's Encrypt HTTPS certificate for you automatically. If you do not provide one or the request fails, a self-signed certificate will be used instead.

If you have just created a new cloud server in previous steps now is a good time to point your fully qualified domain to your server's public address. Make sure the fully qualified domain resolves to the correct IP address before proceeding.

Please type your fully qualified domain below. Press enter to skip. : Which email address do you want to use as a contact for the Streisand server's Let's Encrypt certificate?

This is an optional question. If you supply an email address Let's Encrypt will send you important (but infrequent) notifications about your certificate. These messages include any upcoming certificate expirations, and important changes to the Let's Encrypt service. The email provided will not be used for anything else or shared with the Streisand developers.

Please type your contact email below. Press enter to skip. :

PLAY [Collect information about the Streisand domain] ***

TASK [Set Streisand domain] ***** skipping: [35.244.60.224]

TASK [Set Streisand admin email] **** ok: [35.244.60.224]

TASK [Enable Let's Encrypt role] **** skipping: [35.244.60.224]

TASK [Disable Let's Encrypt role] *** ok: [35.244.60.224]

PLAY [Collect diagnostics in case of error] *****

TASK [diagnostics : Determine the git revision of the current Streisand clone] ** ok: [localhost]

TASK [diagnostics : Determine if there are untracked changes in the Streisand clone] **** ok: [localhost]

TASK [diagnostics : Produce the diagnostics markdown file to share if there is an error] **** changed: [localhost]

PLAY [Configure the Server and install required software] ***

TASK [Gathering Facts] ** ok: [35.244.60.224]

TASK [common : Warn users if the server's Linux distribution is not Ubuntu 16.04] *** skipping: [35.244.60.224]

TASK [common : Set the streisand_ipv4_address variable to the value provided by a 'genesis' role if one is defined] ***** ok: [35.244.60.224]

TASK [common : Set the streisand_ipv4_address variable to the default value if it doesn't already have one. The default is the value defined in the inventory file, which should be the IP address of the server that is being configured.] *** skipping: [35.244.60.224]

TASK [common : Set the streisand_server_name variable to the value provided by a 'genesis' role if one is defined] ** ok: [35.244.60.224]

TASK [common : Set the streisand_server_name variable to the default value if it doesn't already have one. The default is the value of the hostname retrieved from the server that is being configured.] *** skipping: [35.244.60.224]

TASK [common : Install dns module] ** skipping: [35.244.60.224]

TASK [common : Initialize lookup variable] ** skipping: [35.244.60.224]

TASK [common : Check external IP Address through Google] **** skipping: [35.244.60.224]

TASK [common : Set the variable to the value] *** skipping: [35.244.60.224]

TASK [common : Initialize the prompt] *** skipping: [35.244.60.224]

TASK [common : Ask user to update to public IP address] ***** skipping: [35.244.60.224]

TASK [common : Change streisand_ipv4_address to public if requested] **** skipping: [35.244.60.224]

TASK [common : Ensure the APT cache is up to date] ** ok: [35.244.60.224]

TASK [common : Install Streisand common packages] *** changed: [35.244.60.224]

TASK [common : Purge unneeded services] ***** changed: [35.244.60.224]

TASK [common : Perform a full system upgrade] *** changed: [35.244.60.224]

TASK [common : Copy the English BIP-0039 wordlist] ** changed: [35.244.60.224]

TASK [common : Generate random VPN client names] **** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [common : Ensure the Streisand gateway directory exists] *** changed: [35.244.60.224]

TASK [common : Output the random VPN client names to disk for integration tests] **** skipping: [35.244.60.224]

TASK [common : Copy the HTML header and footer templates that are used during documentation generation] ***** changed: [35.244.60.224] => (item={u'dest': u'/tmp/header.html', u'src': u'header.html'}) changed: [35.244.60.224] => (item={u'dest': u'/tmp/footer.html', u'src': u'footer.html'})

TASK [common : Generate the unattended-upgrades templates to enable automatic security updates] ***** ok: [35.244.60.224] => (item={u'dest': u'/etc/apt/apt.conf.d/20auto-upgrades', u'src': u'20auto-upgrades.j2'}) changed: [35.244.60.224] => (item={u'dest': u'/etc/apt/apt.conf.d/50unattended-upgrades', u'src': u'50unattended-upgrades.j2'})

TASK [include_role : sysctl] ****

TASK [sysctl : Apply custom sysctl values] ** changed: [35.244.60.224] => (item={u'value': 0, u'key': u'kernel.sysrq'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'kernel.core_uses_pid'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'net.ipv4.tcp_syncookies'}) changed: [35.244.60.224] => (item={u'value': 65536, u'key': u'kernel.msgmnb'}) changed: [35.244.60.224] => (item={u'value': 65536, u'key': u'kernel.msgmax'}) changed: [35.244.60.224] => (item={u'value': 68719476736, u'key': u'kernel.shmmax'}) changed: [35.244.60.224] => (item={u'value': 4294967296, u'key': u'kernel.shmall'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.all.accept_source_route'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.default.accept_source_route'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'net.ipv4.conf.all.log_martians'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'net.ipv4.conf.default.log_martians'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.all.accept_redirects'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.default.accept_redirects'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.all.send_redirects'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.default.send_redirects'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.all.rp_filter'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.default.rp_filter'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'net.ipv4.icmp_echo_ignore_broadcasts'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'net.ipv4.icmp_ignore_bogus_error_responses'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.all.secure_redirects'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'net.ipv4.conf.default.secure_redirects'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'kernel.randomize_va_space'}) changed: [35.244.60.224] => (item={u'value': 12582912, u'key': u'net.core.wmem_max'}) changed: [35.244.60.224] => (item={u'value': 12582912, u'key': u'net.core.rmem_max'}) changed: [35.244.60.224] => (item={u'value': 0, u'key': u'fs.suid_dumpable'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'fs.protected_hardlinks'}) changed: [35.244.60.224] => (item={u'value': 1, u'key': u'fs.protected_symlinks'})

TASK [gpg : Install GnuPG 2, dirmngr and gpgv2] ***** changed: [35.244.60.224]

TASK [gpg : Create the GPG directory] *** changed: [35.244.60.224]

TASK [gpg : Create the Streisand GPG directory] ***** changed: [35.244.60.224]

TASK [gpg : Create the Streisand GPG keys directory] **** changed: [35.244.60.224]

TASK [gpg : Write the Streisand GPG dirmngr config] ***** changed: [35.244.60.224]

TASK [gpg : Ensure a GPG agent is running] ** changed: [35.244.60.224]

TASK [gpg : Reload gpg-agent to pick up configuration changes] ** changed: [35.244.60.224]

TASK [gpg : Kill any existing dirmngr] ** changed: [35.244.60.224]

TASK [gpg : Start a new dirmngr with our config changes] **** changed: [35.244.60.224]

TASK [gpg : Wait for the GPG agent and dirmngr control sockets] ***** ok: [35.244.60.224] => (item=S.dirmngr) ok: [35.244.60.224] => (item=S.gpg-agent)

TASK [gpg : Create the Streisand GPG keyring] *** changed: [35.244.60.224]

TASK [gpg : Copy the bootstrap GPG public keys to the Streisand instance] *** changed: [35.244.60.224] => (item=2F2B01E7.security@openvpn.net.asc) changed: [35.244.60.224] => (item=7F343FA7.nmav@redhat.com.asc) changed: [35.244.60.224] => (item=96865171.nmav@gnutls.org.asc) changed: [35.244.60.224] => (item=93298290.torbrowser@torproject.org.asc) changed: [35.244.60.224] => (item=B43434E4.putty@projects.tartarus.org.asc) changed: [35.244.60.224] => (item=DD3AAAA3.Michal.Trojnara@stunnel.org.asc) changed: [35.244.60.224] => (item=2D8330C2.daniel@binaryparadox.net.asc) changed: [35.244.60.224] => (item=CDF6583E.josh@joshlund.com.asc) changed: [35.244.60.224] => (item=F67DA905.nop@nop.com.asc) changed: [35.244.60.224] => (item=3F7F585B.corban@raunco.co.asc)

TASK [gpg : Import the bootstrap GPG public keys to the Streisand GPG keyring] ** changed: [35.244.60.224] => (item=2F2B01E7.security@openvpn.net.asc) changed: [35.244.60.224] => (item=7F343FA7.nmav@redhat.com.asc) changed: [35.244.60.224] => (item=96865171.nmav@gnutls.org.asc) changed: [35.244.60.224] => (item=93298290.torbrowser@torproject.org.asc) changed: [35.244.60.224] => (item=B43434E4.putty@projects.tartarus.org.asc) changed: [35.244.60.224] => (item=DD3AAAA3.Michal.Trojnara@stunnel.org.asc) changed: [35.244.60.224] => (item=2D8330C2.daniel@binaryparadox.net.asc) changed: [35.244.60.224] => (item=CDF6583E.josh@joshlund.com.asc) changed: [35.244.60.224] => (item=F67DA905.nop@nop.com.asc) changed: [35.244.60.224] => (item=3F7F585B.corban@raunco.co.asc)

TASK [gpg : Refresh the Streisand GPG keyring with keyserver information] *** changed: [35.244.60.224]

TASK [gpg : Set up a daily cronjob to refresh the Streisand GPG keyring] **** changed: [35.244.60.224]

TASK [ssh : Reconfigure OpenSSH with enhanced security settings] **** changed: [35.244.60.224]

TASK [ssh : Generate a stronger RSA host key] *** changed: [35.244.60.224]

TASK [ssh : Ensure missing host keys are generated] ***** changed: [35.244.60.224]

TASK [ssh : Register the server's SSH fingerprints] ***** changed: [35.244.60.224] => (item=ssh_host_ecdsa_key.pub) changed: [35.244.60.224] => (item=ssh_host_rsa_key.pub)

TASK [dnsmasq : Ensure that BIND is not installed in order to avoid conflicts with dnsmasq] ***** ok: [35.244.60.224]

TASK [dnsmasq : Install dnsmasq] **** changed: [35.244.60.224]

TASK [dnsmasq : Generate the dnsmasq configuration file] **** changed: [35.244.60.224]

TASK [dnsmasq : Create the dnsmasq systemd drop-in configuration directory] ***** changed: [35.244.60.224]

TASK [dnsmasq : Generate the dnsmasq systemd drop-in service file] ** changed: [35.244.60.224]

TASK [dnsmasq : Enable the dnsmasq service] ***** changed: [35.244.60.224]

TASK [service-net : Install service0 network configuration] ***** changed: [35.244.60.224] => (item=10-service0.netdev) changed: [35.244.60.224] => (item=10-service0.network)

TASK [service-net : Enable and start systemd networking] **** changed: [35.244.60.224]

TASK [service-net : Install dnsmasq for service0 network] *** changed: [35.244.60.224]

TASK [service-net : Restart DNSMasq to pick up the new configuration] *** changed: [35.244.60.224]

TASK [ufw : Install UFW] **** ok: [35.244.60.224]

TASK [ufw : Disable UFW logging] **** changed: [35.244.60.224]

TASK [ufw : Change the default forward policy] ** changed: [35.244.60.224]

TASK [ufw : Ensure UFW allows SSH] ** changed: [35.244.60.224]

TASK [ufw : Ensure UFW is enabled and denies by default] **** changed: [35.244.60.224]

TASK [ufw : Ensure UFW allows nginx] **** changed: [35.244.60.224]

TASK [ip-forwarding : Enable IPv4 traffic forwarding] *** changed: [35.244.60.224]

TASK [ip-forwarding : Add IPv4 traffic forwarding persistence service to init] ** changed: [35.244.60.224]

TASK [ip-forwarding : Enable the streisand-ipforward init service] ** [WARNING]: The service (streisand-ipforward) is actually an init script but the system is managed by systemd

changed: [35.244.60.224]

TASK [openconnect : Enable the Universe repository] ***** changed: [35.244.60.224]

TASK [openconnect : Install ocserv] ***** changed: [35.244.60.224]

TASK [openconnect : Create the OpenConnect rsyslog configuration directory] ***** changed: [35.244.60.224]

TASK [openconnect : Copy the modified rsyslog configuration into place that prevents OpenConnect traffic from being logged] ***** changed: [35.244.60.224]

TASK [openconnect : Create ocserv's PAM control] **** changed: [35.244.60.224]

TASK [openconnect : Create the ocserv configuration directory] ** changed: [35.244.60.224]

TASK [include_role : certificates] **

TASK [certificates : Generate the private keys for the CA and Server certificates] ** changed: [35.244.60.224] => (item=ca) changed: [35.244.60.224] => (item=server)

TASK [certificates : Set the proper permissions on all the private keys] **** changed: [35.244.60.224]

TASK [certificates : Generate CA certificate] *** changed: [35.244.60.224]

TASK [certificates : Generate a random server common name] ** changed: [35.244.60.224]

TASK [certificates : Set permissions on the TLS server common name file] **** changed: [35.244.60.224]

TASK [certificates : Register the TLS server common name] *** ok: [35.244.60.224]

TASK [certificates : Generate the OpenSSL configuration that will be used for the server certificate's req and ca commands] ***** changed: [35.244.60.224]

TASK [certificates : Seed a blank database file that will be used when generating the Server's certificate] ***** changed: [35.244.60.224]

TASK [certificates : Seed a serial file that will be used when generating the Server's certificate] ***** changed: [35.244.60.224]

TASK [certificates : Generate CSR for the Server] *** changed: [35.244.60.224]

TASK [certificates : Generate certificate for the Server] *** changed: [35.244.60.224]

TASK [certificates : Create directories for clients] **** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Generate the private keys for the client certificates] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Set the proper permissions on all private client keys] ***** changed: [35.244.60.224]

TASK [certificates : Generate CSRs for the clients] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Generate certificates for the clients] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Authorize certificates via /etc/allowed_vpn_certs] ***** changed: [35.244.60.224]

TASK [certificates : Generate a random password that will be used during the PKCS #12 conversion] *** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Set permissions on the PKCS #12 password file] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Register the PKCS #12 passwords] *** ok: [35.244.60.224] => (item=1) ok: [35.244.60.224] => (item=2) ok: [35.244.60.224] => (item=3) ok: [35.244.60.224] => (item=4) ok: [35.244.60.224] => (item=5)

TASK [certificates : Convert the ocserv client keys and certificates into PKCS #12 format] ** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [openconnect : Base64 encode the client PKCS12 file(s)] **** ok: [35.244.60.224] => (item=1) ok: [35.244.60.224] => (item=2) ok: [35.244.60.224] => (item=3) ok: [35.244.60.224] => (item=4) ok: [35.244.60.224] => (item=5)

TASK [openconnect : Generate a UUID for .mobileconfig client PKCS12 certificate] **** ok: [35.244.60.224]

TASK [openconnect : Generate a UUID for .mobileconfig vpn payload identifier] *** ok: [35.244.60.224]

TASK [openconnect : Generate a UUID for .mobileconfig config payload identifier] **** ok: [35.244.60.224]

TASK [openconnect : Generate a UUID for .mobileconfig global identifier] **** ok: [35.244.60.224]

TASK [openconnect : Generate the iOS client mobileconfig file(s)] *** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [openconnect : Generate a random ocserv password] ** changed: [35.244.60.224]

TASK [openconnect : Set permissions on the unhashed ocserv password file] *** changed: [35.244.60.224]

TASK [openconnect : Register the ocserv password] *** ok: [35.244.60.224]

TASK [openconnect : Create an ocpasswd credentials file] **** changed: [35.244.60.224]

TASK [openconnect : Generate the ocserv configuration file] ***** changed: [35.244.60.224]

TASK [openconnect : Generate the ocserv systemd service file] *** changed: [35.244.60.224]

TASK [openconnect : Stop and disable ocserv.socket] ***** changed: [35.244.60.224]

TASK [openconnect : Enable the ocserv service] ** changed: [35.244.60.224]

TASK [openconnect : Ensure UFW allows DNS requests from OpenConnect clients] **** changed: [35.244.60.224]

TASK [openconnect : Ensure UFW allows OpenConnect (ocserv)] ***** changed: [35.244.60.224]

TASK [openconnect : Install the ocserv iptables service file] *** changed: [35.244.60.224]

TASK [openconnect : Enable the ocserv-iptables service] ***** changed: [35.244.60.224]

TASK [openconnect : Create the OpenConnect/AnyConnect Gateway directory] **** changed: [35.244.60.224]

TASK [openconnect : Copy the CA certificate file to the OpenConnect Gateway directory] ** changed: [35.244.60.224]

TASK [openconnect : Copy the client PKCS #12 files to the OpenConnect Gateway directory] **** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [openconnect : Copy the client .mobileconfig files to the OpenConnect Gateway directory] *** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the OpenConnect/AnyConnect Markdown page] **** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the OpenConnect/AnyConnect Markdown page into HTML] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [openconnect : Include the OpenConnect mirror variables] *** ok: [35.244.60.224]

TASK [openconnect : Make the directory where the OpenConnect mirrored files will be stored] ***** changed: [35.244.60.224]

TASK [openconnect : Mirror the OpenConnect clients] ***** changed: [35.244.60.224] => (item={u'url': u'https://d25kfp60e9u1dw.cloudfront.net/openconnect-7.08.tar.gz', u'checksum': u'sha256:1c44ec1f37a6a025d1ca726b9555649417f1d31a46f747922b84099ace628a03'}) changed: [35.244.60.224] => (item={u'url': u'https://github.com/openconnect/openconnect-gui/releases/download/v1.5.3/openconnect-gui-1.5.3-win32.exe', u'checksum': u'sha256:b1d4bd76b41f32d08287bf043b3dc8c798a145c02319217d45a74b0d9545a23d'}) changed: [35.244.60.224] => (item={u'url': u'https://github.com/openconnect/openconnect-gui/releases/download/v1.5.1/openconnect-gui-1.5.1-Darwin.dmg', u'checksum': u'sha256:b2c338cfe9d0725bee98893225449e27cf7e337d43b0f8b08aec96de6f761f08'}) [WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the OpenConnect mirror Markdown page] **** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the OpenConnect mirror Markdown page into HTML] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [openvpn : Add the official OpenVPN APT key; hiding 25 lines of log...] **** changed: [35.244.60.224] => (item=None) changed: [35.244.60.224]

TASK [openvpn : Add the official OpenVPN repository] **** changed: [35.244.60.224]

TASK [openvpn : Install OpenVPN and its dependencies from APT] ** changed: [35.244.60.224]

TASK [openvpn : Configure DNSMasq to listen on 10.8.0.1:53 and 10.9.0.1:53] ***** changed: [35.244.60.224]

TASK [include_role : certificates] **

TASK [certificates : Generate the private keys for the CA and Server certificates] ** changed: [35.244.60.224] => (item=ca) changed: [35.244.60.224] => (item=server)

TASK [certificates : Set the proper permissions on all the private keys] **** changed: [35.244.60.224]

TASK [certificates : Generate CA certificate] *** changed: [35.244.60.224]

TASK [certificates : Generate a random server common name] ** changed: [35.244.60.224]

TASK [certificates : Set permissions on the TLS server common name file] **** changed: [35.244.60.224]

TASK [certificates : Register the TLS server common name] *** ok: [35.244.60.224]

TASK [certificates : Generate the OpenSSL configuration that will be used for the server certificate's req and ca commands] ***** changed: [35.244.60.224]

TASK [certificates : Seed a blank database file that will be used when generating the Server's certificate] ***** changed: [35.244.60.224]

TASK [certificates : Seed a serial file that will be used when generating the Server's certificate] ***** changed: [35.244.60.224]

TASK [certificates : Generate CSR for the Server] *** changed: [35.244.60.224]

TASK [certificates : Generate certificate for the Server] *** changed: [35.244.60.224]

TASK [certificates : Create directories for clients] **** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Generate the private keys for the client certificates] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Set the proper permissions on all private client keys] ***** changed: [35.244.60.224]

TASK [certificates : Generate CSRs for the clients] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Generate certificates for the clients] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [certificates : Authorize certificates via /etc/allowed_vpn_certs] ***** ok: [35.244.60.224]

TASK [certificates : Generate a random password that will be used during the PKCS #12 conversion] *** skipping: [35.244.60.224] => (item=1) skipping: [35.244.60.224] => (item=2) skipping: [35.244.60.224] => (item=3) skipping: [35.244.60.224] => (item=4) skipping: [35.244.60.224] => (item=5)

TASK [certificates : Set permissions on the PKCS #12 password file] ***** skipping: [35.244.60.224] => (item=1) skipping: [35.244.60.224] => (item=2) skipping: [35.244.60.224] => (item=3) skipping: [35.244.60.224] => (item=4) skipping: [35.244.60.224] => (item=5)

TASK [certificates : Register the PKCS #12 passwords] *** skipping: [35.244.60.224] => (item=1) skipping: [35.244.60.224] => (item=2) skipping: [35.244.60.224] => (item=3) skipping: [35.244.60.224] => (item=4) skipping: [35.244.60.224] => (item=5)

TASK [certificates : Convert the {{ vpn_name }} client keys and certificates into PKCS #12 format] ** skipping: [35.244.60.224] => (item=1) skipping: [35.244.60.224] => (item=2) skipping: [35.244.60.224] => (item=3) skipping: [35.244.60.224] => (item=4) skipping: [35.244.60.224] => (item=5)

TASK [openvpn : Register the OpenVPN server common name] **** ok: [35.244.60.224]

TASK [openvpn : Generate HMAC firewall key] ***** changed: [35.244.60.224]

TASK [openvpn : Register CA certificate contents] *** ok: [35.244.60.224]

TASK [openvpn : Register client certificate contents] *** ok: [35.244.60.224] => (item=1) ok: [35.244.60.224] => (item=2) ok: [35.244.60.224] => (item=3) ok: [35.244.60.224] => (item=4) ok: [35.244.60.224] => (item=5)

TASK [openvpn : Register client key contents] *** ok: [35.244.60.224] => (item=1) ok: [35.244.60.224] => (item=2) ok: [35.244.60.224] => (item=3) ok: [35.244.60.224] => (item=4) ok: [35.244.60.224] => (item=5)

TASK [openvpn : Register HMAC firewall contents] **** ok: [35.244.60.224]

TASK [openvpn : Create the client configuration profiles that will be used when connecting directly] **** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [openvpn : Create the client configuration profiles that will be used when connecting directly via UDP] **** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [openvpn : Create the client configuration profiles that will be used when connecting via sslh] **** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [openvpn : Create the client configuration profiles that will be used when connecting via stunnel] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [openvpn : Create the combined client configuration profiles that will be used to connect from the fastest to the most compatible] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [openvpn : Copy OpenVPN configuration file into place] ***** changed: [35.244.60.224]

TASK [openvpn : Copy OpenVPN UDP configuration file into place] ***** changed: [35.244.60.224]

TASK [openvpn : Stop and disable the bundled openvpn.service] *** changed: [35.244.60.224]

TASK [openvpn : Copy the OpenVPN system unit files] ***** changed: [35.244.60.224] => (item=openvpn@server.service) changed: [35.244.60.224] => (item=openvpn@server-udp.service)

TASK [openvpn : Enable the OpenVPN services] **** changed: [35.244.60.224] => (item=openvpn@server.service) changed: [35.244.60.224] => (item=openvpn@server-udp.service)

TASK [openvpn : Copy the ca.crt and ta.key files that clients will need in order to connect to the OpenVPN server] ** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5) changed: [35.244.60.224] => (item=5)

TASK [openvpn : Allow OpenVPN through the firewall] ***** changed: [35.244.60.224] => (item=iptables --wait 120 -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT) changed: [35.244.60.224] => (item=iptables --wait 120 -A FORWARD -s 10.8.0.0/24 -j ACCEPT) changed: [35.244.60.224] => (item=iptables --wait 120 -A FORWARD -s 10.9.0.0/24 -j ACCEPT) changed: [35.244.60.224] => (item=iptables --wait 120 -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens4 -j MASQUERADE) changed: [35.244.60.224] => (item=iptables --wait 120 -t nat -A POSTROUTING -s 10.9.0.0/24 -o ens4 -j MASQUERADE)

TASK [openvpn : Ensure UFW allows DNS requests from OpenVPN clients] **** changed: [35.244.60.224]

TASK [openvpn : Ensure UFW allows DNS requests from OpenVPN UDP clients] **** changed: [35.244.60.224]

TASK [openvpn : Ensure UFW allows OpenVPN] ** changed: [35.244.60.224]

TASK [openvpn : Ensure UFW allows OpenVPN over UDP] ***** changed: [35.244.60.224]

TASK [openvpn : Install the OpenVPN iptables service file] ** changed: [35.244.60.224]

TASK [openvpn : Enable the openvpn-iptables service] **** changed: [35.244.60.224]

TASK [openvpn : Create the OpenVPN Gateway directory] *** changed: [35.244.60.224]

TASK [openvpn : Copy the client files to the OpenVPN Gateway directory] ***** changed: [35.244.60.224] => (item=1) changed: [35.244.60.224] => (item=2) changed: [35.244.60.224] => (item=3) changed: [35.244.60.224] => (item=4) changed: [35.244.60.224] => (item=5)

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the OpenVPN Markdown page] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the OpenVPN Markdown page into HTML] ** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the OpenVPN stunnel Markdown page] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the OpenVPN stunnel Markdown page into HTML] ** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [openvpn : Include the OpenVPN mirror variables] *** ok: [35.244.60.224]

TASK [openvpn : Make the directory where OpenVPN's mirrored files will be stored] *** changed: [35.244.60.224]

TASK [openvpn : Mirror Tunnelblick for macOS] *** changed: [35.244.60.224]

TASK [include_role : download-and-verify] ***

TASK [download-and-verify : include_vars] *** ok: [35.244.60.224]

TASK [download-and-verify : Download the OpenVPN Community files] *** changed: [35.244.60.224] => (item={u'sig': u'openvpn-latest-stable.tar.gz.asc', u'file': u'openvpn-latest-stable.tar.gz'}) changed: [35.244.60.224] => (item={u'sig': u'openvpn-install-latest-stable.exe.asc', u'file': u'openvpn-install-latest-stable.exe'})

TASK [download-and-verify : Download the OpenVPN Community signatures] ** changed: [35.244.60.224] => (item={u'sig': u'openvpn-latest-stable.tar.gz.asc', u'file': u'openvpn-latest-stable.tar.gz'}) changed: [35.244.60.224] => (item={u'sig': u'openvpn-install-latest-stable.exe.asc', u'file': u'openvpn-install-latest-stable.exe'})

TASK [download-and-verify : Verify the OpenVPN Community download signatures with the Streisand GPG keyring] **** changed: [35.244.60.224] => (item={u'sig': u'openvpn-latest-stable.tar.gz.asc', u'file': u'openvpn-latest-stable.tar.gz'}) changed: [35.244.60.224] => (item={u'sig': u'openvpn-install-latest-stable.exe.asc', u'file': u'openvpn-install-latest-stable.exe'})

TASK [download-and-verify : Verify the OpenVPN Community download signature checks all passed] ** ok: [35.244.60.224] => (item=None) ok: [35.244.60.224] => (item=None) ok: [35.244.60.224]

TASK [download-and-verify : Verify the OpenVPN Community download signatures were from the correct keys] **** failed: [35.244.60.224] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} failed: [35.244.60.224] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} fatal: [35.244.60.224]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [openvpn : One or more of the VPN clients could not be mirrored. Please file a bug report on GitHub so that the version number, checksum, or download location can be updated. Setup will now continue.] *** Pausing for 20 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [35.244.60.224]

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the OpenVPN mirror Markdown page] **** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the OpenVPN mirror Markdown page into HTML] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [include_role : stunnel] ***

TASK [stunnel : Install stunnel] **** changed: [35.244.60.224]

TASK [stunnel : Generate the stunnel private key] *** changed: [35.244.60.224]

TASK [stunnel : Generate the stunnel certificate.] ** changed: [35.244.60.224]

TASK [stunnel : Export the key and certificate file in PKCS #12 format] ***** changed: [35.244.60.224]

TASK [stunnel : Set the proper permissions on the stunnel key file] ***** changed: [35.244.60.224]

TASK [stunnel : Generate remote stunnel configuration file (for the server)] **** changed: [35.244.60.224]

TASK [stunnel : Generate local stunnel configuration file (for connecting clients)] ***** changed: [35.244.60.224]

TASK [stunnel : Stop (init.d's) stunnel4] *** changed: [35.244.60.224]

TASK [stunnel : Copy the stunnel system unit file] ** changed: [35.244.60.224]

TASK [stunnel : Enable the stunnel service] ***** changed: [35.244.60.224]

TASK [stunnel : Ensure UFW allows stunnel] ** changed: [35.244.60.224]

TASK [stunnel : Include the stunnel mirror variables] *** ok: [35.244.60.224]

TASK [stunnel : Make the directory where the stunnel mirrored files will be stored] ***** changed: [35.244.60.224]

TASK [include_role : download-and-verify] ***

TASK [download-and-verify : include_vars] *** ok: [35.244.60.224]

TASK [download-and-verify : Download the stunnel files] ***** changed: [35.244.60.224] => (item={u'sig': u'stunnel-latest-installer.exe.asc', u'file': u'stunnel-latest-installer.exe'}) changed: [35.244.60.224] => (item={u'sig': u'stunnel-latest.tar.gz.asc', u'file': u'stunnel-latest.tar.gz'})

TASK [download-and-verify : Download the stunnel signatures] **** changed: [35.244.60.224] => (item={u'sig': u'stunnel-latest-installer.exe.asc', u'file': u'stunnel-latest-installer.exe'}) changed: [35.244.60.224] => (item={u'sig': u'stunnel-latest.tar.gz.asc', u'file': u'stunnel-latest.tar.gz'})

TASK [download-and-verify : Verify the stunnel download signatures with the Streisand GPG keyring] ** changed: [35.244.60.224] => (item={u'sig': u'stunnel-latest-installer.exe.asc', u'file': u'stunnel-latest-installer.exe'}) changed: [35.244.60.224] => (item={u'sig': u'stunnel-latest.tar.gz.asc', u'file': u'stunnel-latest.tar.gz'})

TASK [download-and-verify : Verify the stunnel download signature checks all passed] **** ok: [35.244.60.224] => (item=None) ok: [35.244.60.224] => (item=None) ok: [35.244.60.224]

TASK [download-and-verify : Verify the stunnel download signatures were from the correct keys] ** ok: [35.244.60.224] => (item=None) ok: [35.244.60.224] => (item=None) ok: [35.244.60.224]

TASK [stunnel : Get the current stunnel version from the downloaded source file] **** ok: [35.244.60.224]

TASK [stunnel : Set the target stunnel version] ***** ok: [35.244.60.224]

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the stunnel mirror Markdown page] **** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the stunnel mirror Markdown page into HTML] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [shadowsocks : Apply the sysctl value to enable TCP Fast Open] ***** changed: [35.244.60.224]

TASK [shadowsocks : Add the Shadowsocks PPA] **** changed: [35.244.60.224]

TASK [shadowsocks : Install shadowsocks-libev] ** changed: [35.244.60.224]

TASK [shadowsocks : Install the simple-obfs dependencies] *** changed: [35.244.60.224]

TASK [shadowsocks : Create the shadowsocks-libev config directory] ** changed: [35.244.60.224]

TASK [shadowsocks : Populate the shadowsocks-libev systemd defaults] **** changed: [35.244.60.224]

TASK [shadowsocks : Generate a random Shadowsocks password] ***** changed: [35.244.60.224]

TASK [shadowsocks : Set permissions on the Shadowsocks password file] *** changed: [35.244.60.224]

TASK [shadowsocks : Register Shadowsocks password] ** ok: [35.244.60.224]

TASK [shadowsocks : Clone the simple-obfs source code at tag 0.0.5] ***** changed: [35.244.60.224]

TASK [shadowsocks : Update the simple-obfs source code submodules] ** ok: [35.244.60.224]

TASK [shadowsocks : Autogen simple-obfs 0.0.5 source] *** changed: [35.244.60.224]

TASK [shadowsocks : Configure simple-obfs 0.0.5 source] ***** changed: [35.244.60.224]

TASK [shadowsocks : Compile simple-obfs 0.0.5 source] *** changed: [35.244.60.224]

TASK [shadowsocks : Install simple-obfs 0.0.5 binaries] ***** changed: [35.244.60.224]

TASK [shadowsocks : Generate Shadowsocks config file] *** changed: [35.244.60.224]

TASK [shadowsocks : Create the shadowsocks systemd configuration directory] ***** changed: [35.244.60.224]

TASK [shadowsocks : Generate the nginx systemd service file] **** changed: [35.244.60.224]

TASK [shadowsocks : Enable the Shadowsocks service so it starts at boot, and bring it up] *** changed: [35.244.60.224]

TASK [shadowsocks : Check that the Shadowsocks service started (35.244.60.224)] ***** fatal: [35.244.60.224]: FAILED! => {"changed": false, "elapsed": 30, "msg": "Timeout when waiting for 35.244.60.224:8530"} ...ignoring

TASK [shadowsocks : Ensure UFW allows Shadowsocks] ** changed: [35.244.60.224]

TASK [shadowsocks : Create the Shadowsocks Gateway directory] *** changed: [35.244.60.224]

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the Shadowsocks Markdown page] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the Shadowsocks Markdown page into HTML] ** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [shadowsocks : Generate the Shadowsocks QR code] *** changed: [35.244.60.224]

TASK [shadowsocks : Include the Shadowsocks mirror variables] *** ok: [35.244.60.224]

TASK [shadowsocks : Make the directory where the Shadowsocks mirrored files will be stored] ***** changed: [35.244.60.224]

TASK [shadowsocks : Mirror the Shadowsocks clients] ***** changed: [35.244.60.224] => (item={u'url': u'https://github.com/shadowsocks/shadowsocks-android/releases/download/v4.3.2/shadowsocks-nightly-4.3.2.apk', u'checksum': u'sha256:333833ed934a22767e19ebf468f51e59fff16f9d12ca2cf223b8d1e0eedd5895'}) changed: [35.244.60.224] => (item={u'url': u'https://github.com/shadowsocks/shadowsocks-windows/releases/download/4.0.6/Shadowsocks-4.0.6.zip', u'checksum': u'sha256:4f932e61afb6bd1dd8b5c4c25c715f1623d3f574637d8154256531b4ef5000ac'}) changed: [35.244.60.224] => (item={u'url': u'https://github.com/shadowsocks/ShadowsocksX-NG/releases/download/v1.6.1/ShadowsocksX-NG.1.6.1.zip', u'checksum': u'sha256:dad30943ad569d6f3a7f1b9925b45b9082ef5f5e855d2fcad2c18a0554187281'}) changed: [35.244.60.224] => (item={u'url': u'https://github.com/riobard/go-shadowsocks2/releases/download/v0.0.9/shadowsocks2-linux-x64.gz', u'checksum': u'sha256:9c08118a0caa60acdb6764112fd181513dbaa2c85d63e7b4b333895b7fe225e9'})

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the Shadowsocks mirror Markdown page] **** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the Shadowsocks mirror Markdown page into HTML] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [ssh-forward : Add the SSH forwarding user and generate a key] ***** changed: [35.244.60.224]

TASK [ssh-forward : Register the forwarding user's public SSH key] ** ok: [35.244.60.224]

TASK [ssh-forward : Authorize the forward users's key for accessing the forward user] *** changed: [35.244.60.224]

TASK [ssh-forward : Add the sshuttle user and generate a key] *** changed: [35.244.60.224]

TASK [ssh-forward : Register the sshuttle user's public SSH key] **** ok: [35.244.60.224]

TASK [ssh-forward : Authorize the sshuttle users's key for accessing the sshuttle user] ***** changed: [35.244.60.224]

TASK [ssh-forward : Create the SSH Gateway directory] *** changed: [35.244.60.224]

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the SSH instructions Markdown page] ** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the SSH instructions Markdown page into HTML] ***** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [ssh-forward : Copy the SSH private key that can be used to connect as the 'forward' user to the SSH Gateway directory] **** changed: [35.244.60.224]

TASK [ssh-forward : Install the putty-tools package to facilitate converting the standard OpenSSH key into PuTTY's unique .ppk format] ** changed: [35.244.60.224]

TASK [ssh-forward : Convert the OpenSSH key into a PuTTY .ppk] ** changed: [35.244.60.224]

TASK [ssh-forward : Generate a SSH known hosts file] **** changed: [35.244.60.224]

TASK [ssh-forward : Include the SSH mirror variables] *** ok: [35.244.60.224]

TASK [ssh-forward : Make the directory where the SSH client mirrored files will be stored] ** changed: [35.244.60.224]

TASK [ssh-forward : Mirror shuttle if enabled] ** changed: [35.244.60.224]

TASK [include_role : download-and-verify] ***

TASK [download-and-verify : include_vars] *** ok: [35.244.60.224]

TASK [download-and-verify : Download the PuTTY files] *** changed: [35.244.60.224] => (item={u'sig': u'putty.exe.gpg', u'file': u'putty.exe'})

TASK [download-and-verify : Download the PuTTY signatures] ** changed: [35.244.60.224] => (item={u'sig': u'putty.exe.gpg', u'file': u'putty.exe'})

TASK [download-and-verify : Verify the PuTTY download signatures with the Streisand GPG keyring] **** failed: [35.244.60.224] (item={u'sig': u'putty.exe.gpg', u'file': u'putty.exe'}) => {"changed": true, "cmd": ["gpgv2", "--keyring", "/root/.gnupg/streisand/pubring.gpg", "/var/www/streisand/mirror/ssh/putty.exe.gpg", "/var/www/streisand/mirror/ssh/putty.exe"], "delta": "0:00:00.089260", "end": "2019-05-17 03:24:44.217415", "item": {"file": "putty.exe", "sig": "putty.exe.gpg"}, "msg": "non-zero return code", "rc": 2, "start": "2019-05-17 03:24:44.128155", "stderr": "gpgv: Signature made Sat 16 Mar 2019 04:37:48 PM UTC using RSA key ID 4AE8DA82\ngpgv: Can't check signature: No public key", "stderr_lines": ["gpgv: Signature made Sat 16 Mar 2019 04:37:48 PM UTC using RSA key ID 4AE8DA82", "gpgv: Can't check signature: No public key"], "stdout": "", "stdout_lines": []}

TASK [ssh-forward : One or more of the VPN clients could not be mirrored. Please file a bug report on GitHub so that the version number, checksum, or download location can be updated. Setup will now continue.] *** Pausing for 20 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [35.244.60.224]

TASK [include_role : i18n-docs] *****

TASK [i18n-docs : Generate the SSH mirror Markdown page] **** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [i18n-docs : Convert the SSH mirror Markdown page into HTML] *** changed: [35.244.60.224] => (item=Français) changed: [35.244.60.224] => (item=English)

TASK [tinyproxy : Install Tinyproxy] **** changed: [35.244.60.224]

TASK [tinyproxy : Stop (init.d's) tinyproxy] **** changed: [35.244.60.224]

TASK [tinyproxy : Create the tinyproxy config directory] **** changed: [35.244.60.224]

TASK [tinyproxy : Generate the tinyproxy configuration file] **** changed: [35.244.60.224]

TASK [tinyproxy : Generate the tinyproxy system unit file] ** changed: [35.244.60.224]

TASK [tinyproxy : Generate the systemd tmpfile for tinyproxy] *** changed: [35.244.60.224]

TASK [tinyproxy : Clean up the installed-by-default tinyproxy configuration file] *** changed: [35.244.60.224]

TASK [tinyproxy : Enable and restart the tinyproxy service] ***** changed: [35.244.60.224]

TASK [nginx : Ensure that the Apache web server is not installed in order to avoid conflicts with Nginx] **** ok: [35.244.60.224]

TASK [nginx : Add the official Nginx APT key; hiding 25 lines of log...] **** changed: [35.244.60.224] => (item=None) changed: [35.244.60.224]

TASK [nginx : Add the official Nginx repository] **** changed: [35.244.60.224]

TASK [nginx : Install Nginx] **** changed: [35.244.60.224]

TASK [nginx : Update Nginx configuration] *** changed: [35.244.60.224]

TASK [nginx : Set up Nginx vhost directories] *** changed: [35.244.60.224] => (item=sites-available) changed: [35.244.60.224] => (item=sites-enabled)

TASK [nginx : Create the nginx systemd configuration directory] ***** changed: [35.244.60.224]

TASK [nginx : Generate the nginx systemd service file] ** changed: [35.244.60.224]

TASK [nginx : Enable the nginx service] ***** changed: [35.244.60.224]

TASK [tor-bridge : Add the Tor APT key] ***** fatal: [35.244.60.224]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --keyserver keyserver.ubuntu.com --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89", "msg": "Error fetching key A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 from keyserver: keyserver.ubuntu.com", "rc": 2, "stderr": "gpg: requesting key 886DDD89 from hkp server keyserver.ubuntu.com\ngpg: packet(13) too large\ngpg: read_block: read error: invalid packet\ngpg: Total number processed: 0\ngpg: no valid OpenPGP data found.\n", "stderr_lines": ["gpg: requesting key 886DDD89 from hkp server keyserver.ubuntu.com", "gpg: packet(13) too large", "gpg: read_block: read error: invalid packet", "gpg: Total number processed: 0", "gpg: no valid OpenPGP data found."], "stdout": "Executing: /tmp/tmp.Ybdi788nbB/gpg.1.sh --keyserver\nkeyserver.ubuntu.com\n--recv\nA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89\n", "stdout_lines": ["Executing: /tmp/tmp.Ybdi788nbB/gpg.1.sh --keyserver", "keyserver.ubuntu.com", "--recv", "A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89"]}

RUNNING HANDLER [ssh : Restart SSH] *****

RUNNING HANDLER [dnsmasq : Restart dnsmasq] *****

RUNNING HANDLER [openconnect : Restart rsyslog for OpenConnect] *****

RUNNING HANDLER [stunnel : Restart stunnel] ***** to retry, use: --limit @/Users/thihara/workspace/streisand/playbooks/google.retry

PLAY RECAP ** 35.244.60.224 : ok=266 changed=219 unreachable=0 failed=3
localhost : ok=26 changed=3 unreachable=0 failed=0

   -- -- (master  origin)  ~/workspace/streisand • ls Advanced installation.md README-chs.md Vagrantfile global_vars streisand CONTRIBUTING.md README-fr.md Vagrantfile.remotetest inventories streisand-diagnostics.md Features.md README-ru.md ansible.cfg logo.jpg tests Installation.md README.md deploy playbooks util LICENSE Services.md documentation requirements.txt venv

supermodo commented 4 years ago

I've the same problem on DigitalOcean, seems ok but i can't find the generated-docs directory. What am I missing?


This is the ./streisandfolder after the installation:

(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:~/streisand# ls -la
total 372
drwxr-xr-x 13 root root   4096 Nov 11 11:14  .
drwx------  9 root root   4096 Nov 11 10:07  ..
-rw-r--r--  1 root root   2942 Nov 11 10:01 'Advanced installation.md'
-rw-r--r--  1 root root    869 Nov 11 10:01  ansible.cfg
-rw-r--r--  1 root root   6699 Nov 11 10:01  CONTRIBUTING.md
drwxr-xr-x  2 root root   4096 Nov 11 10:01  deploy
drwxr-xr-x  4 root root   4096 Nov 11 10:01  documentation
-rw-r--r--  1 root root   3991 Nov 11 10:01  Features.md
drwxr-xr-x  8 root root   4096 Nov 11 10:01  .git
drwxr-xr-x  3 root root   4096 Nov 11 10:01  .github
-rw-r--r--  1 root root    400 Nov 11 10:01  .gitignore
drwxr-xr-x  4 root root   4096 Nov 11 10:01  global_vars
-rw-r--r--  1 root root   5395 Nov 11 10:01  Installation.md
drwxr-xr-x  2 root root   4096 Nov 11 10:01  inventories
drwxr-xr-x  2 root root   4096 Nov 11 10:01  library
-rw-r--r--  1 root root  36362 Nov 11 10:01  LICENSE
-rw-r--r--  1 root root 141163 Nov 11 10:01  logo.jpg
drwxr-xr-x  4 root root   4096 Nov 11 10:01  playbooks
-rw-r--r--  1 root root  17854 Nov 11 10:01  README-chs.md
-rw-r--r--  1 root root  21034 Nov 11 10:01  README-fr.md
-rw-r--r--  1 root root   5540 Nov 11 10:01  README.md
-rw-r--r--  1 root root  28203 Nov 11 10:01  README-ru.md
-rw-r--r--  1 root root    347 Nov 11 10:01  requirements.txt
-rw-r--r--  1 root root   5962 Nov 11 10:01  Services.md
-rwxr-xr-x  1 root root   7217 Nov 11 10:01  streisand
-rw-r--r--  1 root root    870 Nov 11 11:14  streisand-diagnostics.md
drwxr-xr-x  4 root root   4096 Nov 11 10:01  tests
drwxr-xr-x  2 root root   4096 Nov 11 10:01  util
-rw-r--r--  1 root root   1380 Nov 11 10:01  Vagrantfile
-rw-r--r--  1 root root    817 Nov 11 10:01  Vagrantfile.remotetest
drwxr-xr-x  6 root root   4096 Nov 11 10:04  venv

The root folder:

(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:~# ls -la
total 48
drwx------  9 root root 4096 Nov 11 10:07 .
drwxr-xr-x 23 root root 4096 Nov 10 19:11 ..
drwx------  4 root root 4096 Nov 10 19:25 .ansible
-rw-------  1 root root  340 Nov 10 22:05 .bash_history
-rw-r--r--  1 root root 3106 Apr  9  2018 .bashrc
drwx------  3 root root 4096 Nov 10 19:13 .cache
-rw-r--r--  1 root root    0 Nov 10 18:26 .cloud-locale-test.skip
drwx------  3 root root 4096 Nov 10 18:31 .gnupg
drwxr-xr-x  3 root root 4096 Nov 10 21:51 .local
-rw-r--r--  1 root root  148 Aug 17  2015 .profile
drwx------  2 root root 4096 Nov 10 19:25 .ssh
drwxr-xr-x 13 root root 4096 Nov 11 11:14 streisand
drwxr-xr-x  2 root root 4096 Nov 11 10:07 .streisand

Here the installation details:

(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:~/streisand# ./streisand 

  S T R E I S A N D  

Which provider are you using?
  1. Amazon
  2. Azure
  3. DigitalOcean
  4. Google
  5. Linode
  6. Rackspace
  7. localhost (Advanced)
  8. Existing Server (Advanced)
: 3

Do you wish to customize which services Streisand will install?
By saying 'no' Streisand will use the settings configured in /root/.streisand/site.yml

Press enter to customize your installation: no

Installing Streisand services specified in /root/.streisand/site.yml

 [WARNING]: Found both group and host with same name: localhost

PLAY [Perform global variables validation] ****************************************************************************************************************************

TASK [validation : Stat the Streisand SSH private key] ****************************************************************************************************************
ok: [localhost]

TASK [validation : Fail if the Streisand SSH private key file doesn't exist] ******************************************************************************************
skipping: [localhost]

TASK [validation : Stat the Streisand SSH public key] *****************************************************************************************************************
[DEPRECATION WARNING]: evaluating true as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see 
CONDITIONAL_BARE_VARS configuration toggle.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False 
in ansible.cfg.
ok: [localhost]

TASK [validation : Fail if the Streisand SSH public key file doesn't exist] *******************************************************************************************
[DEPRECATION WARNING]: evaluating true as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see 
CONDITIONAL_BARE_VARS configuration toggle.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False 
in ansible.cfg.
skipping: [localhost]

TASK [validation : Validate that OpenVPN optional variables are rational] *********************************************************************************************
skipping: [localhost]

TASK [validation : Validate that Tinyproxy optional variables are rational] *******************************************************************************************
skipping: [localhost]

TASK [validation : Validate that sshutle optional variables are rational] *********************************************************************************************
skipping: [localhost]

TASK [validation : Validate that the maximum number of clients is set to a reasonable amount] *************************************************************************
skipping: [localhost]

TASK [validation : Validate that at least one VPN is specified] *******************************************************************************************************
skipping: [localhost]

PLAY RECAP ************************************************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=7    rescued=0    ignored=0   

 [WARNING]: Found both group and host with same name: localhost

What region should the server be located in?
  1.  Amsterdam        (Datacenter 2)
  2.  Amsterdam        (Datacenter 3)
  3.  Bangalore
  4.  Frankfurt
  5.  London
  6.  New York         (Datacenter 1)
  7.  New York         (Datacenter 2)
  8.  New York         (Datacenter 3)
  9.  San Francisco    (Datacenter 1)
  10. San Francisco    (Datacenter 2)
  11. Singapore
  12. Toronto
Please choose the number of your region. Press enter for default (#2) region.
 [2]: 6

What should the server be named? Press enter for default (streisand).
 [streisand]: streisandVPNServer

Personal Access Tokens allow Streisand to create a droplet for you.
New Personal Access Tokens can be generated in the DigitalOcean control panel.
To generate a new token please do the following:
      * Go to https://cloud.digitalocean.com/settings/applications
      * Click 'Generate New Token'
      * Give the token a name (it is arbitrary)
      * Be sure to select the 'Write' scope as well (this is not optional)
      * Click 'Generate Token'
      * Copy the long string that is generated and paste it below.
If this field is left blank, the environment variable DO_API_KEY will be used.

What is your DigitalOcean Personal Access Token?
: 155f302cb44381bf3***********************************************

The following information can be found on your DigitalOcean control panel.
https://cloud.digitalocean.com/settings/security

What is the name of the DigitalOcean SSH key that you would like to use?
  * If you have never uploaded an SSH key to DigitalOcean then the default
    value will work!
  * This key should match your Streisand SSH key file (default: ~/.ssh/id_rsa.pub).
  * DigitalOcean requires SSH keys to be unique. You cannot upload multiple
    keys that have the same value under different names.

    If you see an error that says 'SSH Key failed to be created' once the setup
    process starts, then this is the problem. You can retry the setup process
    using the name of the existing SSH key from the DigitalOcean control panel
    that matches the contents of your RSA public key.
 [streisand]: streisandVPN

Streisand will now set up your server. This process usually takes around ten minutes. Press Enter to begin setup...
: 

PLAY [Provision the DigitalOcean Server] ******************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************
ok: [localhost]

TASK [genesis-digitalocean : set_fact] ********************************************************************************************************************************
ok: [localhost]

TASK [genesis-digitalocean : Get the ~/.ssh/id_rsa.pub contents] ******************************************************************************************************
ok: [localhost]

TASK [genesis-digitalocean : Set the DigitalOcean Access Token fact to the value that was entered, or attempt to retrieve it from the environment if the entry is blank] ***
ok: [localhost]

TASK [genesis-digitalocean : Add the SSH key to DigitalOcean if it doesn't already exist] *****************************************************************************
ok: [localhost]

TASK [genesis-digitalocean : Create the new Droplet] ******************************************************************************************************************
changed: [localhost]

TASK [genesis-digitalocean : Wait until the server has finished booting and OpenSSH is accepting connections] *********************************************************
ok: [localhost]

TASK [genesis-digitalocean : Create the in-memory inventory group] ****************************************************************************************************
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user 
configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
 [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

changed: [localhost]

TASK [genesis-digitalocean : Set the streisand_ipv4_address variable] *************************************************************************************************
ok: [localhost]

TASK [genesis-digitalocean : Set the streisand_server_name variable] **************************************************************************************************
ok: [localhost]

PLAY [Configure Ansible SSH] ******************************************************************************************************************************************

TASK [set_fact] *******************************************************************************************************************************************************
ok: [142.93.***.***]

PLAY [Checking instance status] ***************************************************************************************************************************************

TASK [Wait for cloud-init to complete] ********************************************************************************************************************************
ok: [142.93.***.***]

PLAY [Prepare the new server for Ansible] *****************************************************************************************************************************

TASK [Install Python using a raw SSH command to enable the execution of Ansible modules] ******************************************************************************
changed: [142.93.***.***]
Do you have a fully qualified domain pointed at your Streisand server?

This is an optional question. If you have a domain that points to your
Streisand server, the installation scripts can request a Let's Encrypt
HTTPS certificate for you automatically.  If you do not provide one or
the request fails, a self-signed certificate will be used instead.

If you have just created a new cloud server in previous steps now is a
good time to point your fully qualified domain to your server's public
address. Make sure the fully qualified domain resolves to the correct IP
address before proceeding.

Please type your fully qualified domain below. Press enter to skip.
: vpn.***********.com
Which email address do you want to use as a contact for the Streisand
server's Let's Encrypt certificate?

This is an optional question. If you supply an email address Let's
Encrypt will send you important (but infrequent) notifications about
your certificate. These messages include any upcoming certificate
expirations, and important changes to the Let's Encrypt service.
The email provided will not be used for anything else or shared with the
Streisand developers.

Please type your contact email below. Press enter to skip.
: *********@gmail.com

PLAY [Collect information about the Streisand domain] *****************************************************************************************************************

TASK [Set Streisand domain] *******************************************************************************************************************************************
ok: [142.93.***.***]

TASK [Set Streisand admin email] **************************************************************************************************************************************
ok: [142.93.***.***]

TASK [Enable Let's Encrypt role] **************************************************************************************************************************************
ok: [142.93.***.***]

TASK [Disable Let's Encrypt role] *************************************************************************************************************************************
skipping: [142.93.***.***]

PLAY [Collect diagnostics in case of error] ***************************************************************************************************************************

TASK [diagnostics : Determine the git revision of the current Streisand clone] ****************************************************************************************
ok: [localhost]

TASK [diagnostics : Determine if there are untracked changes in the Streisand clone] **********************************************************************************
ok: [localhost]

TASK [diagnostics : Produce the diagnostics markdown file to share if there is an error] ******************************************************************************
changed: [localhost]

PLAY [Configure the Server and install required software] *************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************
ok: [142.93.***.***]

TASK [common : Warn users if the server's Linux distribution is not Ubuntu 16.04] *************************************************************************************
skipping: [142.93.***.***]

TASK [common : Set the streisand_ipv4_address variable to the value provided by a 'genesis' role if one is defined] ***************************************************
ok: [142.93.***.***]

TASK [common : Set the streisand_ipv4_address variable to the default value if it doesn't already have one. The default is the value defined in the inventory file, which should be the IP address of the server that is being configured.] ***
skipping: [142.93.***.***]

TASK [common : Set the streisand_server_name variable to the value provided by a 'genesis' role if one is defined] ****************************************************
ok: [142.93.***.***]

TASK [common : Set the streisand_server_name variable to the default value if it doesn't already have one. The default is the value of the hostname retrieved from the server that is being configured.] ***
skipping: [142.93.***.***]

TASK [common : Install dns module] ************************************************************************************************************************************
skipping: [142.93.***.***]

TASK [common : Initialize lookup variable] ****************************************************************************************************************************
skipping: [142.93.***.***]

TASK [common : Check external IP Address through Google] **************************************************************************************************************
skipping: [142.93.***.***]

TASK [common : Set the variable to the value] *************************************************************************************************************************
skipping: [142.93.***.***]

TASK [common : Initialize the prompt] *********************************************************************************************************************************
skipping: [142.93.***.***]

TASK [common : Ask user to update to public IP address] ***************************************************************************************************************
skipping: [142.93.***.***]

TASK [common : Change streisand_ipv4_address to public if requested] **************************************************************************************************
skipping: [142.93.***.***]

TASK [common : Ensure the APT cache is up to date] ********************************************************************************************************************
 [WARNING]: Updating cache and auto-installing missing dependency: python-apt

 [WARNING]: Could not find aptitude. Using apt-get instead

ok: [142.93.***.***]

TASK [common : Install Streisand common packages] *********************************************************************************************************************
changed: [142.93.***.***]

TASK [common : Purge unneeded services] *******************************************************************************************************************************
changed: [142.93.***.***]

TASK [common : Perform a full system upgrade] *************************************************************************************************************************
changed: [142.93.***.***]

TASK [common : Copy the English BIP-0039 wordlist] ********************************************************************************************************************
changed: [142.93.***.***]

TASK [common : Generate random VPN client names] **********************************************************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [common : Ensure the Streisand gateway directory exists] *********************************************************************************************************
changed: [142.93.***.***]

TASK [common : Output the random VPN client names to disk for integration tests] **************************************************************************************
skipping: [142.93.***.***]

TASK [common : Copy the HTML header and footer templates that are used during documentation generation] ***************************************************************
changed: [142.93.***.***] => (item={'src': 'header.html', 'dest': '/tmp/header.html'})
changed: [142.93.***.***] => (item={'src': 'footer.html', 'dest': '/tmp/footer.html'})

TASK [common : Generate the unattended-upgrades templates to enable automatic security updates] ***********************************************************************
ok: [142.93.***.***] => (item={'src': '20auto-upgrades.j2', 'dest': '/etc/apt/apt.conf.d/20auto-upgrades'})
changed: [142.93.***.***] => (item={'src': '50unattended-upgrades.j2', 'dest': '/etc/apt/apt.conf.d/50unattended-upgrades'})

TASK [Apply the custom sysctl values] *********************************************************************************************************************************

TASK [sysctl : Apply custom sysctl values] ****************************************************************************************************************************
changed: [142.93.***.***] => (item={'key': 'kernel.sysrq', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'kernel.core_uses_pid', 'value': 1})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.tcp_syncookies', 'value': 1})
changed: [142.93.***.***] => (item={'key': 'kernel.msgmnb', 'value': 65536})
changed: [142.93.***.***] => (item={'key': 'kernel.msgmax', 'value': 65536})
changed: [142.93.***.***] => (item={'key': 'kernel.shmmax', 'value': 68719476736})
changed: [142.93.***.***] => (item={'key': 'kernel.shmall', 'value': 4294967296})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.all.accept_source_route', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.default.accept_source_route', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.all.log_martians', 'value': 1})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.default.log_martians', 'value': 1})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.all.accept_redirects', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.default.accept_redirects', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.all.send_redirects', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.default.send_redirects', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.all.rp_filter', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.default.rp_filter', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.icmp_echo_ignore_broadcasts', 'value': 1})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.icmp_ignore_bogus_error_responses', 'value': 1})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.all.secure_redirects', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'net.ipv4.conf.default.secure_redirects', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'kernel.randomize_va_space', 'value': 1})
changed: [142.93.***.***] => (item={'key': 'net.core.wmem_max', 'value': 12582912})
changed: [142.93.***.***] => (item={'key': 'net.core.rmem_max', 'value': 12582912})
changed: [142.93.***.***] => (item={'key': 'fs.suid_dumpable', 'value': 0})
changed: [142.93.***.***] => (item={'key': 'fs.protected_hardlinks', 'value': 1})
changed: [142.93.***.***] => (item={'key': 'fs.protected_symlinks', 'value': 1})

TASK [gpg : Install GnuPG 2, dirmngr and gpgv2] ***********************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Create the GPG directory] *********************************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Create the Streisand GPG directory] ***********************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Create the Streisand GPG keys directory] ******************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Write the Streisand GPG dirmngr config] *******************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Ensure a GPG agent is running] ****************************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Reload gpg-agent to pick up configuration changes] ********************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Kill any existing dirmngr] ********************************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Start a new dirmngr with our config changes] **************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Wait for the GPG agent and dirmngr control sockets] *******************************************************************************************************
ok: [142.93.***.***] => (item=S.dirmngr)
ok: [142.93.***.***] => (item=S.gpg-agent)

TASK [gpg : Create the Streisand GPG keyring] *************************************************************************************************************************
changed: [142.93.***.***]

TASK [gpg : Copy the bootstrap GPG public keys to the Streisand instance] *********************************************************************************************
changed: [142.93.***.***] => (item=2F2B01E7.security@openvpn.net.asc)
changed: [142.93.***.***] => (item=7F343FA7.nmav@redhat.com.asc)
changed: [142.93.***.***] => (item=96865171.nmav@gnutls.org.asc)
changed: [142.93.***.***] => (item=93298290.torbrowser@torproject.org.asc)
changed: [142.93.***.***] => (item=4AE8DA82.putty@projects.tartarus.org.asc)
changed: [142.93.***.***] => (item=DD3AAAA3.Michal.Trojnara@stunnel.org.asc)
changed: [142.93.***.***] => (item=2D8330C2.daniel@binaryparadox.net.asc)
changed: [142.93.***.***] => (item=CDF6583E.josh@joshlund.com.asc)
changed: [142.93.***.***] => (item=F67DA905.nop@nop.com.asc)
changed: [142.93.***.***] => (item=A697A56F.corban@raunco.co.asc)

TASK [gpg : Import the bootstrap GPG public keys to the Streisand GPG keyring] ****************************************************************************************
changed: [142.93.***.***] => (item=2F2B01E7.security@openvpn.net.asc)
changed: [142.93.***.***] => (item=7F343FA7.nmav@redhat.com.asc)
changed: [142.93.***.***] => (item=96865171.nmav@gnutls.org.asc)
changed: [142.93.***.***] => (item=93298290.torbrowser@torproject.org.asc)
changed: [142.93.***.***] => (item=4AE8DA82.putty@projects.tartarus.org.asc)
changed: [142.93.***.***] => (item=DD3AAAA3.Michal.Trojnara@stunnel.org.asc)
changed: [142.93.***.***] => (item=2D8330C2.daniel@binaryparadox.net.asc)
changed: [142.93.***.***] => (item=CDF6583E.josh@joshlund.com.asc)
changed: [142.93.***.***] => (item=F67DA905.nop@nop.com.asc)
changed: [142.93.***.***] => (item=A697A56F.corban@raunco.co.asc)

TASK [gpg : Refresh the Streisand GPG keyring with keyserver information] *********************************************************************************************
skipping: [142.93.***.***]

TASK [gpg : Set up a daily cronjob to refresh the Streisand GPG keyring] **********************************************************************************************
changed: [142.93.***.***]

TASK [ssh : Reconfigure OpenSSH with enhanced security settings] ******************************************************************************************************
changed: [142.93.***.***]

TASK [ssh : Generate a stronger RSA host key] *************************************************************************************************************************
changed: [142.93.***.***]

TASK [ssh : Ensure missing host keys are generated] *******************************************************************************************************************
changed: [142.93.***.***]

TASK [ssh : Register the server's SSH fingerprints] *******************************************************************************************************************
changed: [142.93.***.***] => (item=ssh_host_ecdsa_key.pub)
changed: [142.93.***.***] => (item=ssh_host_rsa_key.pub)

TASK [dnsmasq : Ensure that BIND is not installed in order to avoid conflicts with dnsmasq] ***************************************************************************
ok: [142.93.***.***]

TASK [dnsmasq : Install dnsmasq] **************************************************************************************************************************************
changed: [142.93.***.***]

TASK [dnsmasq : Generate the dnsmasq configuration file] **************************************************************************************************************
changed: [142.93.***.***]

TASK [dnsmasq : Create the dnsmasq systemd drop-in configuration directory] *******************************************************************************************
changed: [142.93.***.***]

TASK [dnsmasq : Generate the dnsmasq systemd drop-in service file] ****************************************************************************************************
changed: [142.93.***.***]

TASK [dnsmasq : Enable the dnsmasq service] ***************************************************************************************************************************
changed: [142.93.***.***]

TASK [service-net : Install service0 network configuration] ***********************************************************************************************************
changed: [142.93.***.***] => (item=10-service0.netdev)
changed: [142.93.***.***] => (item=10-service0.network)

TASK [service-net : Enable and start systemd networking] **************************************************************************************************************
changed: [142.93.***.***]

TASK [service-net : Install dnsmasq for service0 network] *************************************************************************************************************
changed: [142.93.***.***]

TASK [service-net : Restart DNSMasq to pick up the new configuration] *************************************************************************************************
changed: [142.93.***.***]

TASK [ufw : Install UFW] **********************************************************************************************************************************************
ok: [142.93.***.***]

TASK [ufw : Disable UFW logging] **************************************************************************************************************************************
changed: [142.93.***.***]

TASK [ufw : Change the default forward policy] ************************************************************************************************************************
changed: [142.93.***.***]

TASK [ufw : Ensure UFW allows SSH] ************************************************************************************************************************************
 [WARNING]: The value 22 (type int) in a string field was converted to u'22' (type string). If this does not look like what you expect, quote the entire value to
ensure it does not change.

changed: [142.93.***.***]

TASK [ufw : Ensure UFW is enabled and denies by default] **************************************************************************************************************
changed: [142.93.***.***]

TASK [ufw : Ensure UFW allows nginx] **********************************************************************************************************************************
changed: [142.93.***.***]

TASK [ip-forwarding : Enable IPv4 traffic forwarding] *****************************************************************************************************************
 [WARNING]: The value 1 (type int) in a string field was converted to u'1' (type string). If this does not look like what you expect, quote the entire value to ensure
it does not change.

changed: [142.93.***.***]

TASK [ip-forwarding : Add IPv4 traffic forwarding persistence service to init] ****************************************************************************************
changed: [142.93.***.***]

TASK [ip-forwarding : Enable the streisand-ipforward init service] ****************************************************************************************************
 [WARNING]: The service (streisand-ipforward) is actually an init script but the system is managed by systemd

changed: [142.93.***.***]

TASK [openconnect : Enable the Universe repository] *******************************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Install ocserv] ***********************************************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Create the OpenConnect rsyslog configuration directory] *******************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Copy the modified rsyslog configuration into place that prevents OpenConnect traffic from being logged] *******************************************
changed: [142.93.***.***]

TASK [openconnect : Create ocserv's PAM control] **********************************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Create the ocserv configuration directory] ********************************************************************************************************
changed: [142.93.***.***]

TASK [include_role : certificates] ************************************************************************************************************************************

TASK [certificates : Generate the private keys for the CA and Server certificates] ************************************************************************************
changed: [142.93.***.***] => (item=ca)
changed: [142.93.***.***] => (item=server)

TASK [certificates : Set the proper permissions on all the private keys] **********************************************************************************************
changed: [142.93.***.***]

TASK [certificates : Generate CA certificate] *************************************************************************************************************************
changed: [142.93.***.***]

TASK [certificates : Generate a random server common name] ************************************************************************************************************
changed: [142.93.***.***]

TASK [certificates : Set permissions on the TLS server common name file] **********************************************************************************************
changed: [142.93.***.***]

TASK [certificates : Register the TLS server common name] *************************************************************************************************************
ok: [142.93.***.***]

TASK [certificates : Generate the OpenSSL configuration that will be used for the server certificate's req and ca commands] *******************************************
changed: [142.93.***.***]

TASK [certificates : Seed a blank database file that will be used when generating the Server's certificate] ***********************************************************
changed: [142.93.***.***]

TASK [certificates : Seed a serial file that will be used when generating the Server's certificate] *******************************************************************
changed: [142.93.***.***]

TASK [certificates : Generate CSR for the Server] *********************************************************************************************************************
changed: [142.93.***.***]

TASK [certificates : Generate certificate for the Server] *************************************************************************************************************
changed: [142.93.***.***]

TASK [certificates : Create directories for clients] ******************************************************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [certificates : Generate the private keys for the client certificates] *******************************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [certificates : Set the proper permissions on all private client keys] *******************************************************************************************
changed: [142.93.***.***]

TASK [certificates : Generate CSRs for the clients] *******************************************************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [certificates : Generate certificates for the clients] ***********************************************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [certificates : Authorize certificates via /etc/allowed_vpn_certs] ***********************************************************************************************
changed: [142.93.***.***]

TASK [certificates : Generate a random password that will be used during the PKCS #12 conversion] *********************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [certificates : Set permissions on the PKCS #12 password file] ***************************************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [certificates : Register the PKCS #12 passwords] *****************************************************************************************************************
ok: [142.93.***.***] => (item=1)
ok: [142.93.***.***] => (item=2)
ok: [142.93.***.***] => (item=3)
ok: [142.93.***.***] => (item=4)
ok: [142.93.***.***] => (item=5)
ok: [142.93.***.***] => (item=6)
ok: [142.93.***.***] => (item=7)
ok: [142.93.***.***] => (item=8)
ok: [142.93.***.***] => (item=9)
ok: [142.93.***.***] => (item=10)

TASK [certificates : Convert the ocserv client keys and certificates into PKCS #12 format] ****************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [openconnect : Base64 encode the client PKCS12 file(s)] **********************************************************************************************************
ok: [142.93.***.***] => (item=1)
ok: [142.93.***.***] => (item=2)
ok: [142.93.***.***] => (item=3)
ok: [142.93.***.***] => (item=4)
ok: [142.93.***.***] => (item=5)
ok: [142.93.***.***] => (item=6)
ok: [142.93.***.***] => (item=7)
ok: [142.93.***.***] => (item=8)
ok: [142.93.***.***] => (item=9)
ok: [142.93.***.***] => (item=10)

TASK [openconnect : Generate a UUID for .mobileconfig client PKCS12 certificate] **************************************************************************************
ok: [142.93.***.***]

TASK [openconnect : Generate a UUID for .mobileconfig vpn payload identifier] *****************************************************************************************
ok: [142.93.***.***]

TASK [openconnect : Generate a UUID for .mobileconfig config payload identifier] **************************************************************************************
ok: [142.93.***.***]

TASK [openconnect : Generate a UUID for .mobileconfig global identifier] **********************************************************************************************
ok: [142.93.***.***]

TASK [openconnect : Generate the iOS client mobileconfig file(s)] *****************************************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [openconnect : Generate a random ocserv password] ****************************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Set permissions on the unhashed ocserv password file] *********************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Register the ocserv password] *********************************************************************************************************************
ok: [142.93.***.***]

TASK [openconnect : Create an ocpasswd credentials file] **************************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Generate the ocserv configuration file] ***********************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Generate the ocserv systemd service file] *********************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Stop and disable ocserv.socket] *******************************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Enable the ocserv service] ************************************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Ensure UFW allows DNS requests from OpenConnect clients] ******************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Ensure UFW allows OpenConnect (ocserv)] ***********************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Install the ocserv iptables service file] *********************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Enable the ocserv-iptables service] ***************************************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Create the OpenConnect/AnyConnect Gateway directory] **********************************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Copy the CA certificate file to the OpenConnect Gateway directory] ********************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Copy the client PKCS #12 files to the OpenConnect Gateway directory] ******************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [openconnect : Copy the client .mobileconfig files to the OpenConnect Gateway directory] *************************************************************************
changed: [142.93.***.***] => (item=1)
changed: [142.93.***.***] => (item=2)
changed: [142.93.***.***] => (item=3)
changed: [142.93.***.***] => (item=4)
changed: [142.93.***.***] => (item=5)
changed: [142.93.***.***] => (item=6)
changed: [142.93.***.***] => (item=7)
changed: [142.93.***.***] => (item=8)
changed: [142.93.***.***] => (item=9)
changed: [142.93.***.***] => (item=10)

TASK [include_role : i18n-docs] ***************************************************************************************************************************************

TASK [i18n-docs : Generate the OpenConnect/AnyConnect Markdown page] **************************************************************************************************
changed: [142.93.***.***] => (item=English)
changed: [142.93.***.***] => (item=Français)

TASK [i18n-docs : Convert the OpenConnect/AnyConnect Markdown page into HTML] *****************************************************************************************
changed: [142.93.***.***] => (item=English)
changed: [142.93.***.***] => (item=Français)

TASK [openconnect : Include the OpenConnect mirror variables] *********************************************************************************************************
ok: [142.93.***.***]

TASK [openconnect : Make the directory where the OpenConnect mirrored files will be stored] ***************************************************************************
changed: [142.93.***.***]

TASK [openconnect : Mirror the OpenConnect clients] *******************************************************************************************************************
changed: [142.93.***.***] => (item={'url': 'https://d25kfp60e9u1dw.cloudfront.net/openconnect-7.08.tar.gz', 'checksum': 'sha256:1c44ec1f37a6a025d1ca726b9555649417f1d31a46f747922b84099ace628a03'})
changed: [142.93.***.***] => (item={'url': 'https://github.com/openconnect/openconnect-gui/releases/download/v1.5.3/openconnect-gui-1.5.3-win32.exe', 'checksum': 'sha256:b1d4bd76b41f32d08287bf043b3dc8c798a145c02319217d45a74b0d9545a23d'})
changed: [142.93.***.***] => (item={'url': 'https://github.com/openconnect/openconnect-gui/releases/download/v1.5.1/openconnect-gui-1.5.1-Darwin.dmg', 'checksum': 'sha256:b2c338cfe9d0725bee98893225449e27cf7e337d43b0f8b08aec96de6f761f08'})

TASK [include_role : i18n-docs] ***************************************************************************************************************************************

TASK [i18n-docs : Generate the OpenConnect mirror Markdown page] ******************************************************************************************************
changed: [142.93.***.***] => (item=English)
changed: [142.93.***.***] => (item=Français)

TASK [i18n-docs : Convert the OpenConnect mirror Markdown page into HTML] *********************************************************************************************
changed: [142.93.***.***] => (item=English)
changed: [142.93.***.***] => (item=Français)

TASK [openvpn : Add the official OpenVPN APT key; hiding 25 lines of log...] ******************************************************************************************
failed: [142.93.***.***] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
fatal: [142.93.***.***]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

RUNNING HANDLER [ssh : Restart SSH] ***********************************************************************************************************************************

RUNNING HANDLER [dnsmasq : Restart dnsmasq] ***************************************************************************************************************************

RUNNING HANDLER [openconnect : Restart rsyslog for OpenConnect] *******************************************************************************************************

PLAY RECAP ************************************************************************************************************************************************************
142.93.***.***             : ok=112  changed=91   unreachable=0    failed=1    skipped=13   rescued=0    ignored=0   
localhost                  : ok=13   changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
Partha1b commented 3 years ago

On Windows 10 using WSL. Using Streisand with AWS. After completion, no folder names generated-docs.