search

StreisandEffect / streisand

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
https://twitter.com/streisandvpn
Other
23.18k stars 1.99k forks source link

cloudflared not running during install (was: TASK: Install Nginx failure) #1700

Open koljenovic opened 4 years ago

koljenovic commented 4 years ago

Expected behavior:

Expected the installation to complete successfully.

Actual Behavior:

Installation hanged and eventually failed on TASK [nginx : Install Nginx].

Steps to Reproduce:

  1. Start install on fresh Ubuntu 16.04 as per master/Installation.md
  2. Select option 8. Existing Server (Advanced)
  3. Customize as below: 
    Enable DNS-based ad-blocking? Press enter for default  [no]: yes
Enable OpenConnect? Press enter for default  [yes]:
Enable OpenVPN? Press enter for default  [yes]:
Enable stunnel service (only allowed for OpenVPN)? Press enter for default  [yes]:
Enable Shadowsocks? Press enter for default  [yes]:
Enable v2ray-plugin for Shadowsocks? Press enter for default  [no]:
Enable SSH Forward User? (Note: A SOCKS proxy only user will be added, no shell). Press enter for default  [yes]:
Enable sshuttle? (Note: A full shell access user will be added) Press enter for default  [no]:
Enable tinyproxy? Press enter for default  [yes]:
Enable Tor? Press enter for default  [no]:
Enable WireGuard? Press enter for default  [yes]:
Enable DNS-over-HTTPS (cloudflared)? Press enter for default  [yes]:
  4. Let run until if fails

Additional Details:

After logging into the destination server (while hanged) and stracing the running apt instance (one trying to install nginx), I noticed archive.ununtu.org (and other sources) failing to resolve repeatedly, thus hanging apt, manually trying to resolve other URLs failed as well, trying to resolve on 8.8.8.8 worked but DNS didn't work on 127.0.0.1, dnsmasq was open on 53 and configured with server=127.0.0.1#5053, although port 5053 was not opened, after further inspection I noticed that cloudflared service was created but not running, after running systemctl start cloudflared the DNS resolved successfully thus fixing the issue, running ./streisand one more time finished the installation without any further errors. It might be that the service creation/start timing ordering is misconfigured so it accidentally fails DNS for the whole machine in the gap between create and start, while trying to do other tasks in the meantime (apt install nginx).

Log output from Ansible or other relevant services (link to Gist for longer output):

fatal: [xxx.xxx.xxx.xxx]: FAILED! => {"cache_update_time": 1577616037, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\"      install 'nginx'' failed: E: Failed to fetch http://mirror.hetzner.de/ubuntu/packages/pool/main/libj/libjpeg-turbo/libjpeg-turbo8_1.4.2-0ubuntu3.3_amd64.deb  Temporary failure resolving 'archive.ubuntu.com'\n\nE: Failed to fetch http://mirror.hetzner.de/ubuntu/packages/pool/
...
Target Cloud Provider: Hetzner
Operating System of target host: Ubuntu 16.04
Operating System of client: Ubuntu 16.04
Version of Ansible, using ansible --version: ansible 2.8.4
Output from git rev-parse HEAD in your Streisand directory: f155974bc9542b1d8525bf223a931dab9b56836f
PyGeek03 commented 4 years ago

Yeah my installation failed at the installing Nginx step too, but I let streisand create a new GCP server instead of using an existing one.

nopdotcom commented 4 years ago

I've defaulted cloudflared to off in #1616, so this no longer affects the default config.