search

ahembree / ansible-hms-docker

Ansible playbook for automated home media server setup
GNU General Public License v3.0
392 stars 47 forks source link

Wait of VPN init #80

Open KnuffigerMaxi opened 1 week ago

KnuffigerMaxi commented 1 week ago 
TASK [hmsdocker : Obtain public IP.] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [hmsdocker : Wait for VPN init] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [hmsdocker : Get public IP from Transmission VPN container.] ******************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["docker", "exec", "transmission", "curl", "-s", "icanhazip.com"], "delta": "0:00:00.008899", "end": "2024-06-30 13:42:09.742076", "msg": "non-zero return code", "rc": 1, "start": "2024-06-30 13:42:09.733177", "stderr": "Error response from daemon: Container 8f1b3f2a267c56d36198a0c8cab8a6418f0cd0271162235d2d5022e893c56720 is restarting, wait until the container is running", "stderr_lines": ["Error response from daemon: Container 8f1b3f2a267c56d36198a0c8cab8a6418f0cd0271162235d2d5022e893c56720 is restarting, wait until the container is running"], "stdout": "", "stdout_lines": []}

PLAY RECAP *************************************************************************************************************************************************************************************************************************
localhost                  : ok=30   changed=1    unreachable=0    failed=1    skipped=67   rescued=0    ignored=0

make: *** [Makefile:49: apply] Error 2
maxi@hms01:~/ansible-hms-docker$

maxi@hms01:~/ansible-hms-docker$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.4 LTS
Release:        22.04
Codename:       jammy

VM -> proxmox q35 seaBios 4core 6,35GB RAM

transmission.yml
### VPN and Transmission settings
# Visit https://haugene.github.io/docker-transmission-openvpn/supported-providers/ for supported VPN providers
# The VPN provider to use and the credentials to use for the VPN connection
transmission_vpn_provider: "WINDSCRIBE"
transmission_vpn_user: "xxxx"
transmission_vpn_pass: "xxxxxx"

# Transmission seed ratio settings
transmission_ratio_limit: "1" # default: "1"
transmission_ratio_enabled: "true" # default: "true"

# DNS servers to use for the transmission container
transmission_dns_1: "1.1.1.1"
transmission_dns_2: "9.9.9.9"

# This will cause Transmission to download the files to your NAS instead of a local folder (useful if you download a lot at once and your server doesn't have a lot of space)
# If enabled, a new "apps" folder will be created within your library folder
transmission_use_nas_for_downloads: no

# Custom directory to store transmission downloads in. Useful for storing on another local drive (assuming you have the partitions and fstab already configured)
transmission_use_custom_download_path: no
transmission_custom_download_path: ""

# Additional environment variables for Transmission (can be found at link above)
transmission_additional_env_vars:
  {
    "TRANSMISSION_DOWNLOAD_QUEUE_SIZE": "25",
    "TRANSMISSION_MAX_PEERS_GLOBAL": "3000",
    "TRANSMISSION_PEER_LIMIT_GLOBAL": "3000",
    "TRANSMISSION_PEER_LIMIT_PER_TORRENT": "300",
  }

## External Providers and Custom VPN Options
# These are for changing the VPN config to a different server or type for example
# For help with these variables, see the docs located in `docs/Transmission.md`

# default: ""
#transmission_ovpn_config_file: "Amsterdam-RedLight-tcp"
transmission_ovpn_config_file: ""

# default: ""
#transmission_ovpn_config_local_path: "/opt/hms-docker/vpn_configs"
transmission_ovpn_config_local_path: ""
# The git repo where the .ovpn file is stored, see: https://github.com/haugene/vpn-configs-contrib/blob/main/CONTRIBUTING.md
# If this is left blank, it will use the default that comes with the container # default: ""
transmission_ovpn_config_source_repo: ""
Starting container with revision: 07f5a2b9aea5028c9bb75438c1552708e91dde71
TRANSMISSION_HOME is currently set to: /config/transmission-home
WARNING: Deprecated. Found old default transmission-home folder at /data/transmission-home, setting this as TRANSMISSION_HOME. This might break in future versions.
We will fallback to this directory as long as the folder exists. Please consider moving it to /config/transmission-home
Creating TUN device /dev/net/tun
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Will get configs from https://github.com/haugene/vpn-configs-contrib.git
Repository is already cloned, checking for update
Already up to date.
Already on 'main'
Your branch is up to date with 'origin/main'.
Found configs for WINDSCRIBE in /config/vpn-configs-contrib/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
Starting OpenVPN using config Amsterdam-RedLight-tcp.ovpn
Modifying /etc/openvpn/windscribe/Amsterdam-RedLight-tcp.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Modification: Updating status for config failure detection
Setting OpenVPN credentials...
adding route to local network 192.168.0.0/24 via 172.18.0.1 dev eth0
2024-06-30 09:49:44 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2024-06-30 09:49:44 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-06-30 09:49:44 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-06-30 09:49:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-06-30 09:49:44 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-06-30 09:49:44 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-06-30 09:49:44 TCP/UDP: Preserving recently used remote address: [AF_INET]72.11.157.35:1194
2024-06-30 09:49:44 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-06-30 09:49:44 Attempting to establish TCP connection with [AF_INET]72.11.157.35:1194 [nonblock]
2024-06-30 09:49:44 TCP connection established with [AF_INET]72.11.157.35:1194
2024-06-30 09:49:44 TCP_CLIENT link local: (not bound)
2024-06-30 09:49:44 TCP_CLIENT link remote: [AF_INET]72.11.157.35:1194
2024-06-30 09:49:44 TLS: Initial packet from [AF_INET]72.11.157.35:1194, sid=01f5f899 40df1edc
2024-06-30 09:49:44 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-06-30 09:49:44 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
2024-06-30 09:49:44 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
2024-06-30 09:49:44 VERIFY KU OK
2024-06-30 09:49:44 Validating certificate extended key usage
2024-06-30 09:49:44 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-06-30 09:49:44 VERIFY EKU OK
2024-06-30 09:49:44 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=ams-289.windscribe.com
2024-06-30 09:49:44 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=ams-289.windscribe.com
2024-06-30 09:49:44 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2024-06-30 09:49:44 [ams-289.windscribe.com] Peer Connection Initiated with [AF_INET]72.11.157.35:1194
2024-06-30 09:49:45 SENT CONTROL [ams-289.windscribe.com]: 'PUSH_REQUEST' (status=1)
2024-06-30 09:49:45 AUTH: Received control message: AUTH_FAILED
2024-06-30 09:49:45 SIGTERM[soft,auth-failure] received, process exiting
maxi@hms01:~/ansible-hms-docker/vars/custom$
ahembree commented 1 week ago

Appears to be an authentication issue with your VPN provider based on this line in the logs you've provided:

2024-06-30 09:49:45 AUTH: Received control message: AUTH_FAILED

Unfortunately I'm unable to help with VPN authentication issues

KnuffigerMaxi commented 1 week ago

yeeahhhh

TASK [hmsdocker : Obtain public IP.] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [hmsdocker : Wait for VPN init] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [hmsdocker : Get public IP from Transmission VPN container.] ******************************************************************************************************************************************************************
ok: [localhost]

TASK [hmsdocker : Ensure public IP and transmission VPN public IP are different.] **************************************************************************************************************************************************
skipping: [localhost]

TASK [hmsdocker : Stop transmission if public IP and VPN IP are identical.] ********************************************************************************************************************************************************
changed: [localhost]

TASK [hmsdocker : Print error message if public IP and VPN IP are identical.] ******************************************************************************************************************************************************
ok: [localhost] => {
    "msg": [
        "Your public IP is NOT protected!",
        "Current public IP: 31.17.xxxx",
        "Current VPN IP: 31.17.xxxxxxxx",
        "The Transmission container has been stopped"
    ]
}

TASK [Verify all Traefik endpoints are accessible] *********************************************************************************************************************************************************************************
skipping: [localhost] => (item={'key': 'traefik', 'value': {'enabled': True, 'proxy_host_rule': 'traefik', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy'}})
skipping: [localhost] => (item={'key': 'sonarr', 'value': {'enabled': True, 'proxy_host_rule': 'sonarr', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'radarr', 'value': {'enabled': True, 'proxy_host_rule': 'radarr', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'bazarr', 'value': {'enabled': True, 'proxy_host_rule': 'bazarr', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'transmission', 'value': {'enabled': True, 'proxy_host_rule': 'transmission', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': True}})
skipping: [localhost] => (item={'key': 'portainer', 'value': {'enabled': True, 'proxy_host_rule': 'portainer', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'oauth2', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'overseerr', 'value': {'enabled': True, 'proxy_host_rule': 'overseerr', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'prowlarr', 'value': {'enabled': True, 'proxy_host_rule': 'prowlarr', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'requestrr', 'value': {'enabled': True, 'proxy_host_rule': 'requestrr', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'plex', 'value': {'enabled': True, 'proxy_host_rule': 'plex', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': True}})
skipping: [localhost] => (item={'key': 'tautulli', 'value': {'enabled': True, 'proxy_host_rule': 'tautulli', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'nzbget', 'value': {'enabled': False, 'proxy_host_rule': 'nzbget', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': True}})
skipping: [localhost] => (item={'key': 'sabnzbd', 'value': {'enabled': False, 'proxy_host_rule': 'sabnzbd', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': True}})
skipping: [localhost] => (item={'key': 'authentik', 'value': {'enabled': False, 'proxy_host_rule': 'authentik', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'tdarr', 'value': {'enabled': False, 'proxy_host_rule': 'tdarr', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'homepage', 'value': {'enabled': False, 'proxy_host_rule': 'homepage', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'uptimekuma', 'value': {'enabled': False, 'proxy_host_rule': 'uptime-kuma', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False}})
skipping: [localhost] => (item={'key': 'heimdall', 'value': {'enabled': False, 'proxy_host_rule': 'heimdall', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False}})
skipping: [localhost] => (item={'key': 'readarr', 'value': {'enabled': False, 'proxy_host_rule': 'readarr', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': False}})
skipping: [localhost] => (item={'key': 'kavita', 'value': {'enabled': False, 'proxy_host_rule': 'kavita', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False}})
skipping: [localhost] => (item={'key': 'calibre', 'value': {'enabled': False, 'proxy_host_rule': 'calibre', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False}})
skipping: [localhost] => (item={'key': 'jellyfin', 'value': {'enabled': False, 'proxy_host_rule': 'jellyfin', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': True}})
skipping: [localhost] => (item={'key': 'emby', 'value': {'enabled': False, 'proxy_host_rule': 'emby', 'directory': True, 'traefik': True, 'authentik': False, 'authentik_provider_type': 'proxy', 'expose_to_public': False, 'homepage': True, 'homepage_stats': True}})
skipping: [localhost]

PLAY RECAP *************************************************************************************************************************************************************************************************************************
localhost                  : ok=33   changed=4    unreachable=0    failed=0    skipped=69   rescued=0    ignored=0
KnuffigerMaxi commented 1 week ago

Appears to be an authentication issue with your VPN provider based on this line in the logs you've provided:

2024-06-30 09:49:45 AUTH: Received control message: AUTH_FAILED

Unfortunately I'm unable to help with VPN authentication issues

I can also log in to the website with the login data.... I'll look for other help on google

thats my same problem: https://github.com/haugene/docker-transmission-openvpn/issues/498

ahembree commented 1 week ago

You may need to create a "service account" within your VPN account of some sort to get a different set of credentials. If your account is protected by MFA, that may be the cause of the failure.

KnuffigerMaxi commented 1 week ago

AUTH: Received control message: AUTH_FAILED If your logs end like this, the wrong username/password was sent to your VPN provider.

AUTH: Received control message: AUTH_FAILED SIGTERM[soft,auth-failure] received, process exiting We can divide the possible errors here into three. You have entered the wrong credentials, the server has some kind of error or the container has messed up your credentials. We have had challenges with special characters. Having "?= as part of your password has tripped up our scripts from time to time.

NOTE Some providers have multiple sets of credentials. Some for OpenVPN, others for web login, proxy solutions, etc. Make sure that you use the ones intended for OpenVPN. PIA users: this has recently changed. It used to be a separate pair, but now you should use the same login as you do in the web control panel. Before you were supposed to use a username like x12345, now it's the p12345 one. There is also a 99 character limit on password length.

First, check that your credentials are correct. Some providers have separate credentials for OpenVPN so it might not be the same as for their apps. Secondly, test a few different servers just to make sure that it's not just a faulty server. If this doesn't resolve it, it's probably the container.

To verify this you can mount a volume to /config in the container. So for example /temporary/folder:/config. Your credentials will be written to /config/openvpn-credentials.txt when the container starts, more on that here. So by mounting this folder you will be able to check the contents of that text file. The first line should be your username, the second should be your password.

This file is what's passed to OpenVPN. If your username/password is correct here then you should probably contact your provider.

half solved: https://haugene.github.io/docker-transmission-openvpn/faq/

KnuffigerMaxi commented 1 week ago 

TASK [hmsdocker : Obtain public IP.] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [hmsdocker : Wait for VPN init] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [hmsdocker : Get public IP from Transmission VPN container.] ******************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["docker", "exec", "transmission", "curl", "-s", "icanhazip.com"], "delta": "0:00:00.009205", "end": "2024-06-30 14:31:45.253870", "msg": "non-zero return code", "rc": 1, "start": "2024-06-30 14:31:45.244665", "stderr": "Error response from daemon: Container f47ab5d05609da23b552053f68d87eed969fc76b29e4a862099053f6f9566d08 is restarting, wait until the container is running", "stderr_lines": ["Error response from daemon: Container f47ab5d05609da23b552053f68d87eed969fc76b29e4a862099053f6f9566d08 is restarting, wait until the container is running"], "stdout": "", "stdout_lines": []}

PLAY RECAP *************************************************************************************************************************************************************************************************************************
localhost                  : ok=30   changed=1    unreachable=0    failed=1    skipped=67   rescued=0    ignored=0
KnuffigerMaxi commented 1 week ago

https://github.com/haugene/vpn-configs-contrib/issues/102#issuecomment-2198589638