Closed ovizii closed 8 years ago
pressed CTRL+C and tried again, this time I got to this part: TASK [l2tp-ipsec : Install the Libreswan dependencies that are required for compilation] *** failed: [xxx.xxx.xxx.xxx] => (item=[u'bison', u'flex', u'libcap-ng-dev', u'libcap-ng-utils', u'libcurl4-nss-dev', u'libevent-dev', u'libgmp3-dev', u'libnspr4-dev', u'libnss3-dev', u'libnss3-tools', u'libpam0g-dev', u'libselinux1-dev', u'libunbound-dev', u'pkg-config', u'xmlto']) => {"cache_update_time": 0, "cache_updated": false, "failed": true, "item": ["bison", "flex", "libcap-ng-dev", "libcap-ng-utils", "libcurl4-nss-dev", "libevent-dev", "libgmp3-dev", "libnspr4-dev", "libnss3-dev", "libnss3-tools", "libpam0g-dev", "libselinux1-dev", "libunbound-dev", "pkg-config", "xmlto"], "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" install 'bison' 'flex' 'libcap-ng-dev' 'libcap-ng-utils' 'libcurl4-nss-dev' 'libevent-dev' 'libgmp3-dev' 'libnspr4-dev' 'libnss3-dev' 'libnss3-tools' 'libselinux1-dev' 'libunbound-dev' 'xmlto'' failed: E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem. \n", "stderr": "E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem. \n", "stdout": "", "stdout_lines": []}
NO MORE HOSTS LEFT ***** to retry, use: --limit @playbooks/streisand.retry
PLAY RECAP ***** xxx.xxx.xxx.xxx : ok=42 changed=6 unreachable=0 failed=1
hm, seems an apt-get install got stuck had to fix it with dpkg. Last run seems the most successful so far:
PLAY RECAP *********************************************************************
xxx.xxx.xxx.xxx : ok=60 changed=22 unreachable=0 failed=1
The errors I see in red on my MacBook:
TASK [l2tp-ipsec : Apply the sysctl values] ************************************
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'kernel.sysrq', u'value': 0}) => {"failed": true, "item": {"key": "kernel.sysrq", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'kernel.core_uses_pid', u'value': 1}) => {"failed": true, "item": {"key": "kernel.core_uses_pid", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.tcp_syncookies', u'value': 1}) => {"failed": true, "item": {"key": "net.ipv4.tcp_syncookies", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'kernel.msgmnb', u'value': 65536}) => {"failed": true, "item": {"key": "kernel.msgmnb", "value": 65536}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'kernel.msgmax', u'value': 65536}) => {"failed": true, "item": {"key": "kernel.msgmax", "value": 65536}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'kernel.shmmax', u'value': 68719476736}) => {"failed": true, "item": {"key": "kernel.shmmax", "value": 68719476736}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'kernel.shmall', u'value': 4294967296}) => {"failed": true, "item": {"key": "kernel.shmall", "value": 4294967296}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
ok: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.ip_forward', u'value': 1})
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.all.accept_source_route', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.all.accept_source_route", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.default.accept_source_route', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.default.accept_source_route", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.all.log_martians', u'value': 1}) => {"failed": true, "item": {"key": "net.ipv4.conf.all.log_martians", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.default.log_martians', u'value': 1}) => {"failed": true, "item": {"key": "net.ipv4.conf.default.log_martians", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.all.accept_redirects', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.all.accept_redirects", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.default.accept_redirects', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.default.accept_redirects", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.all.send_redirects', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.all.send_redirects", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.default.send_redirects', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.default.send_redirects", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.all.rp_filter', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.all.rp_filter", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.default.rp_filter', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.default.rp_filter", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nnet.ipv4.conf.default.rp_filter = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.icmp_echo_ignore_broadcasts', u'value': 1}) => {"failed": true, "item": {"key": "net.ipv4.icmp_echo_ignore_broadcasts", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nnet.ipv4.conf.default.rp_filter = 0\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.icmp_ignore_bogus_error_responses', u'value': 1}) => {"failed": true, "item": {"key": "net.ipv4.icmp_ignore_bogus_error_responses", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nnet.ipv4.conf.default.rp_filter = 0\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.all.secure_redirects', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.all.secure_redirects", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nnet.ipv4.conf.default.rp_filter = 0\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\nnet.ipv4.conf.all.secure_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.ipv4.conf.default.secure_redirects', u'value': 0}) => {"failed": true, "item": {"key": "net.ipv4.conf.default.secure_redirects", "value": 0}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nnet.ipv4.conf.default.rp_filter = 0\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\nnet.ipv4.conf.all.secure_redirects = 0\nnet.ipv4.conf.default.secure_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'kernel.randomize_va_space', u'value': 1}) => {"failed": true, "item": {"key": "kernel.randomize_va_space", "value": 1}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nnet.ipv4.conf.default.rp_filter = 0\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\nnet.ipv4.conf.all.secure_redirects = 0\nnet.ipv4.conf.default.secure_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\nsysctl: setting key \"kernel.randomize_va_space\": Read-only file system\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.core.wmem_max', u'value': 12582912}) => {"failed": true, "item": {"key": "net.core.wmem_max", "value": 12582912}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nnet.ipv4.conf.default.rp_filter = 0\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\nnet.ipv4.conf.all.secure_redirects = 0\nnet.ipv4.conf.default.secure_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\nsysctl: setting key \"kernel.randomize_va_space\": Read-only file system\nsysctl: cannot stat /proc/sys/net/core/wmem_max: No such file or directory\n"}
failed: [xxx.xxx.xxx.xxx] => (item={u'key': u'net.core.rmem_max', u'value': 12582912}) => {"failed": true, "item": {"key": "net.core.rmem_max", "value": 12582912}, "msg": "Failed to reload sysctl: net.ipv4.ip_forward = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.rp_filter = 0\nnet.ipv4.conf.default.rp_filter = 0\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\nnet.ipv4.conf.all.secure_redirects = 0\nnet.ipv4.conf.default.secure_redirects = 0\nsysctl: setting key \"kernel.sysrq\": Read-only file system\nsysctl: setting key \"kernel.core_uses_pid\": Read-only file system\nsysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory\nsysctl: setting key \"kernel.msgmnb\": Read-only file system\nsysctl: setting key \"kernel.msgmax\": Read-only file system\nsysctl: setting key \"kernel.shmmax\": Read-only file system\nsysctl: setting key \"kernel.shmall\": Read-only file system\nsysctl: setting key \"kernel.randomize_va_space\": Read-only file system\nsysctl: cannot stat /proc/sys/net/core/wmem_max: No such file or directory\nsysctl: cannot stat /proc/sys/net/core/rmem_max: No such file or directory\n"}
Next run, 1 fail again:
TASK [openvpn : Restart OpenVPN so the 10.8.0.0 interface is available to dnsmasq] ***
fatal: [xxx.xxx.xxx.xxx]: FAILED! => {"changed": false, "failed": true, "msg": "Stopping virtual private network daemon:.\nStarting virtual private network daemon: server failed!\n"}
NO MORE HOSTS LEFT *************************************************************
to retry, use: --limit @playbooks/streisand.retry
PLAY RECAP *********************************************************************
xxx.xxx.xxx.xxx : ok=93 changed=40 unreachable=0 failed=1
Last try, about to give up:
TASK [openvpn : Restart OpenVPN so the 10.8.0.0 interface is available to dnsmasq] *** fatal: [xxx.xxx.xxx.xxx]: FAILED! => {"changed": false, "failed": true, "msg": "Stopping virtual private network daemon:.\nStarting virtual private network daemon: server failed!\n"}
NO MORE HOSTS LEFT ***** to retry, use: --limit @playbooks/streisand.retry
PLAY RECAP ***** xxx.xxx.xxx.xxx : ok=92 changed=21 unreachable=0 failed=1
I would appreciate some help, everytime I run this I get a different error:
TASK [openvpn : Create the client configuration profiles that will be used when connecting via stunnel] ***
fatal: [xxx.xxx.xxx.xxx]: FAILED! => {"failed": true, "msg": "failed to resolve remote temporary directory from ansible-tmp-1457344102.85-62527186595959: `mkdir -p \"` echo $HOME/.ansible/tmp/ansible-tmp-1457344102.85-62527186595959 `\" && echo \"` echo $HOME/.ansible/tmp/ansible-tmp-1457344102.85-62527186595959 `\"` returned empty string"}
NO MORE HOSTS LEFT *************************************************************
to retry, use: --limit @playbooks/streisand.retry
PLAY RECAP *********************************************************************
xxx.xxx.xxx.xxx : ok=87 changed=18 unreachable=0 failed=1
You are running the playbook on Debian 8, which is an unsupported distribution with many known issues that are seriously problematic--particularly with the OpenVPN daemon and systemd. I also ran into that same error when I explored using Debian 8 as the base foundation to replace Debian 7. You are then further increasing the difficulty by adding local virtualization and LXC into the mix.
I think it's cool to try new stuff, and these types of experiments will prove helpful when I reevaluate whether Debian 8 or Ubuntu 16.04 will become the new foundation, but you need to be using Ubuntu 14.04 right now if you want everything to work out of the box. That's why I added the "probably going to fail" warning to the playbook that gets displayed and pauses execution every single time the playbook is run on an unsupported distribution. Even on Ubuntu 14.04, things might not work well inside an LXC container. I have never tried that before.
I appreciate the feedback. I'm really sorry if this has been frustrating, but you're doing several unconventional things :)
Looking again, the sysctl failures are almost certainly due to processes inside of the LXC container being restricted from modifying those values for security purposes. The same thing happens inside a Docker container unless the container is started with a special flag that essentially removes almost all process isolation. Maybe the same thing is possible with LXC?
Here's the simplest path forward:
Hey, thanks for the feedback and yes, I was well aware of your warning. I was just looking for confirmation that I wasn't doing anything wrong besides not using the suggested OS:-)
I'll give it another try on an Ubuntu 14.04 LXC container (as in running it on my MacBook installing on an LXC container)
Yes, there is a way to make a container unconstrained with the following option:
lxc.aa_profile: unconfined
But I'll try without that flag first and report back.
Trying to install from my MacBook Pro to a LXC container running Debian Jessie.
On my MB it hangs at this step:
TASK [openconnect : Execute the PKCS #12 conversion Expect script] *************
Checking the syslog of the target system I see:
Any ideas?