Ubuntu 24.04 Installation failed, aka Pi user task fails.

[scotthugh]

Hey bro,

Seems like an awesome project you have here.

I have tried to run the openvpn-aws installation and I want to get this working but I get an error when running the: ansible-playbook main.yml command. I have tried to run it multiple times to no avail.

I run on Ubuntu 24 LTS.

This is the error I get: TASK [Ensure OpenVPN is running.] *** fatal: [openvpn-aws]: FAILED! => {"changed": false, "msg": "Error connecting: Error while fetching server API version: HTTPConnection.request() got an unexpected keyword argument 'chunked'"}

PLAY RECAP ** openvpn-aws : ok=11 changed=0 unreachable=0 failed=1 skipped=4 rescued=0 ignored=0

In the openvpn.yml you write

TODO The first time this playbook is run, the pi user may not be added

to the docker group, so this task may fail.

I just don't know how to fix this.

Anyone?

Thanks

[scotthugh]

This is what I get when I run with -vvv

The full traceback is: File "/tmp/ansible_community.docker.docker_compose_payload_igw26ipj/ansible_community.docker.docker_compose_payload.zip/ansible_collections/community/docker/plugins/module_utils/common.py", line 248, in init super(AnsibleDockerClientBase, self).init(**self._connect_params) File "/usr/lib/python3/dist-packages/docker/api/client.py", line 197, in init self._version = self._retrieve_server_version() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/docker/api/client.py", line 221, in _retrieve_server_version raise DockerException( fatal: [openvpn-aws]: FAILED! => { "changed": false, "invocation": { "module_args": { "api_version": "auto", "build": false, "ca_path": null, "client_cert": null, "client_key": null, "debug": false, "definition": null, "dependencies": true, "docker_host": "unix:///var/run/docker.sock", "env_file": null, "files": null, "hostname_check": false, "nocache": false, "profiles": null, "project_name": null, "project_src": "/home/myuser/openvpn-server/", "pull": false, "recreate": "smart", "remove_images": null, "remove_orphans": false, "remove_volumes": false, "restarted": false, "scale": null, "services": null, "ssl_version": null, "state": "present", "stopped": false, "timeout": null, "tls": false, "tls_hostname": null, "use_ssh_client": false, "validate_certs": false } }, "msg": "Error connecting: Error while fetching server API version: HTTPConnection.request() got an unexpected keyword argument 'chunked'" }

[d3vilh]

Hi @scotthugh, Hope you sorted it out already :) There is one config inventory.yml where you must add your current username (whoami) instead of admin. Then re-login and run the main playbook again. Should works fine.

[scotthugh]

Hi d3vilh,

I did that. I assumed it should be my own username.

But same error.

I'll try again, but for what it's worth I believe I will get same error again.

[d3vilh]

You need to check that your Docker is running: systemctl status docker

and your user have access to docker socket file ls -l /var/run/docker.sock

and you able to access ti the docker env without any additional passwords docker info; docker container ls; docker image ls

If you can't - relogin and run all the playbooks again, including Ansible modules installation with ansible-galaxy (par 4 of [Installation](https://github.com/d3vilh/openvpn-aws?tab=readme-ov-file#installation manual)).

It is better to follow the installation step by step, it also has user permissions fix in par 6.

[scotthugh]

I do go through the installation step by step meticulously but still get same error.

Now when I run the docker info; docker container ls; docker image ls I get this text - which points me towards thinking that the images are not running. Even if I run the playbooks again from scratch, multiple times etc. nothing, I don't know if I am doing something wrong: Client: Docker Engine - Community Version: 26.1.0 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.14.0 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.26.1 Path: /usr/libexec/docker/cli-plugins/docker-compose

Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 26.1.0 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: e377cd56a71523140ca6ae87e30244719194a521 runc version: v1.1.12-0-g51d5e94 init version: de40ad0 Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 6.8.0-31-generic Operating System: Ubuntu 24.04 LTS OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 1.858GiB Name: vpn.server.com ID: 9421e11b-70d7-42ee-aef5-79967d582ce4 Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES REPOSITORY TAG IMAGE ID CREATED SIZE

[d3vilh]

OK, still this is problem with environment, lets dig further:

• Docker is installed and we assume that
• user has assigned docker group (run groups to check, there must be docker group in the list)
• inventory.yml has your username set to admin var (in line 6)
• We tried to do everything from the scratch, but did not clear the previous installations.

Lets give it one more try but, please:

• Remove the current openvpn-aws repository.
• Reinstall Docker sudo apt-get remove python3-docker && sudo apt-get install python3-docker.
• Doublecheck that current user is in docker group sudo usermod -aG docker $USER.
• Clone repo one more time git clone https://github.com/d3vilh/openvpn-aws.
• Update inventory.yml line 6 with your current username.
• Reinstall ansible galaxy collection ansible-galaxy collection install -r requirements.yml --force. This is very important.
• Clear Docker cache files docker system prune -a, just in case.
• Logout and Login again.
• Run the playbook one more time, it should works fine now.

If it does not work, please share:

systemctl status docker;
groups;
ls -l /var/run/docker.sock;
docker --version && docker info;
pip show docker;
sudo journalctl -u docker.service;
ansible-playbook -vvv main.yml

Thanks for your time and help in debugging this!

[scotthugh]

Hey man, thanks for helping out here.

It still doesn’t work, and I’ll provide you with the information below. Before we jump to that I want to fill in some blanks. I start each time from at stock Ubuntu Server 24.04 LTS image. I created a snapshot that I revert to, to ensure that I don’t have anything from the old installations. What I notice is that the docker images doesn’t seem to be downloaded and spun up. I have little experience in this area, however, being analytical that is what I get out of it. So, maybe we should look there?

Have you tried to spin up a completely stock Ubuntu Server 24.04 LTS image and run the installation?

Ok now to the juicy part 😊 and crazy long

systemctl status docker;

● docker.service - Docker Application Container Engine

 Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: enabled)

 Active: active (running) since Thu 2024-05-02 04:04:57 UTC; 8min ago

TriggeredBy: ● docker.socket

   Docs: https://docs.docker.com

Main PID: 10784 (dockerd)

  Tasks: 9

 Memory: 26.8M (peak: 29.3M)

    CPU: 529ms

 CGroup: /system.slice/docker.service

         └─10784 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.298006611Z" level=info msg="Starting up"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.303233249Z" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.454872567Z" level=info msg="[graphdriver] using prior storage driver: overlay2"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.456533479Z" level=info msg="Loading containers: start."

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.799884108Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.909164213Z" level=info msg="Loading containers: done."

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.938483529Z" level=info msg="Docker daemon" commit=ac2de55 containerd-snapshotter=false storage-driver=overlay2 version=26.1.1

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.938567330Z" level=info msg="Daemon has completed initialization"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.976861812Z" level=info msg="API listen on /run/docker.sock"

May 02 04:04:57 vpn systemd[1]: Started docker.service - Docker Application Container Engine.

groups;

vpnuser adm cdrom sudo dip plugdev lxd docker

ls -l /var/run/docker.sock; srw-rw---- 1 root docker 0 May 2 04:04 /var/run/docker.sock

docker --version && docker info; Docker version 26.1.1, build 4cf5afa Client: Docker Engine - Community Version: 26.1.1 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.14.0 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.26.1 Path: /usr/libexec/docker/cli-plugins/docker-compose

Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 26.1.1 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: e377cd56a71523140ca6ae87e30244719194a521 runc version: v1.1.12-0-g51d5e94 init version: de40ad0 Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 6.8.0-31-generic Operating System: Ubuntu 24.04 LTS OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 1.858GiB Name: vpn ID: 9421e11b-70d7-42ee-aef5-79967d582ce4 Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

pip show docker;

Name: docker

Version: 5.0.3

Summary: A Python library for the Docker Engine API.

Home-page: https://github.com/docker/docker-py

Author:

Author-email:

License: Apache License 2.0

Location: /usr/lib/python3/dist-packages

Requires:

sudo journalctl -u docker.service;

Apr 30 13:51:20 vpn systemd[1]: Starting docker.service - Docker Application Container Engine...

Apr 30 13:51:20 vpn dockerd[2567]: time="2024-04-30T13:51:20.378684182Z" level=info msg="Starting up"

Apr 30 13:51:20 vpn dockerd[2567]: time="2024-04-30T13:51:20.379768896Z" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"

Apr 30 13:51:20 vpn dockerd[2567]: time="2024-04-30T13:51:20.523651876Z" level=info msg="Loading containers: start."

Apr 30 13:51:20 vpn dockerd[2567]: time="2024-04-30T13:51:20.822945179Z" level=info msg="Loading containers: done."

Apr 30 13:51:20 vpn dockerd[2567]: time="2024-04-30T13:51:20.862013462Z" level=info msg="Docker daemon" commit=c8af8eb containerd-snapshotter=false storage-driver=overlay2 version=26.1.0

Apr 30 13:51:20 vpn dockerd[2567]: time="2024-04-30T13:51:20.862378466Z" level=info msg="Daemon has completed initialization"

Apr 30 13:51:20 vpn dockerd[2567]: time="2024-04-30T13:51:20.980735431Z" level=info msg="API listen on /run/docker.sock"

Apr 30 13:51:20 vpn systemd[1]: Started docker.service - Docker Application Container Engine.

May 02 04:04:57 vpn systemd[1]: Stopping docker.service - Docker Application Container Engine...

May 02 04:04:57 vpn.dockerd[2567]: time="2024-05-02T04:04:57.049470880Z" level=info msg="Processing signal 'terminated'"

May 02 04:04:57 vpn dockerd[2567]: time="2024-05-02T04:04:57.053032006Z" level=info msg="stopping event stream following graceful shutdown" error="" module=libcontainerd namespace=moby

May 02 04:04:57 vpn dockerd[2567]: time="2024-05-02T04:04:57.055482424Z" level=info msg="Daemon shutdown complete"

May 02 04:04:57 vpn systemd[1]: docker.service: Deactivated successfully.

May 02 04:04:57 vpn systemd[1]: Stopped docker.service - Docker Application Container Engine.

May 02 04:04:57 vpn systemd[1]: docker.service: Consumed 40.580s CPU time, 32.1M memory peak, 0B memory swap peak.

May 02 04:04:57 vpn systemd[1]: Starting docker.service - Docker Application Container Engine...

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.298006611Z" level=info msg="Starting up"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.303233249Z" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.454872567Z" level=info msg="[graphdriver] using prior storage driver: overlay2"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.456533479Z" level=info msg="Loading containers: start."

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.799884108Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.909164213Z" level=info msg="Loading containers: done."

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.938483529Z" level=info msg="Docker daemon" commit=ac2de55 containerd-snapshotter=false storage-driver=overlay2 version=26.1.1

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.938567330Z" level=info msg="Daemon has completed initialization"

May 02 04:04:57 vpn dockerd[10784]: time="2024-05-02T04:04:57.976861812Z" level=info msg="API listen on /run/docker.sock"

May 02 04:04:57 vpn systemd[1]: Started docker.service - Docker Application Container Engine.

ansible-playbook -vvv main.yml ansible-playbook [core 2.16.6] config file = /home/vpnuser/openvpn-aws/ansible.cfg configured module search path = ['/home/vpnuser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/vpnuser/.local/lib/python3.12/site-packages/ansible ansible collection location = /home/vpnuser/.ansible/collections:/usr/share/ansible/collections executable location = /home/vpnuser/.local/bin/ansible-playbook python version = 3.12.3 (main, Apr 10 2024, 05:33:47) [GCC 13.2.0] (/usr/bin/python3) jinja version = 3.1.2 libyaml = True Using /home/vpnuser/openvpn-aws/ansible.cfg as config file host_list declined parsing /home/vpnuser/openvpn-aws/inventory.yml as it did not pass its verify_file() method script declined parsing /home/vpnuser/openvpn-aws/inventory.yml as it did not pass its verify_file() method Parsed /home/vpnuser/openvpn-aws/inventory.yml inventory source with yaml plugin statically imported: /home/vpnuser/openvpn-aws/tasks/handlers.yml statically imported: /home/vpnuser/openvpn-aws/tasks/docker.yml statically imported: /home/vpnuser/openvpn-aws/tasks/openvpn.yml statically imported: /home/vpnuser/openvpn-aws/tasks/openvpn_monitoring.yml statically imported: /home/vpnuser/openvpn-aws/tasks/debian-libseccomp-update.yml redirecting (type: modules) community.general.docker_image to community.docker.docker_image Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: main.yml ***** 1 plays in main.yml

PLAY [openvpn-aws] *****

TASK [Gathering Facts] ***** task path: /home/vpnuser/openvpn-aws/main.yml:2 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/vpnuser/.ansible/tmp"&& mkdir "echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623610.2360008-11900-204447222741015" && echo ansible-tmp-1714623610.2360008-11900-204447222741015="echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623610.2360008-11900-204447222741015" ) && sleep 0'

Attempting python interpreter discovery <192.168.1.1> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'python3.12'"'"'; command -v '"'"'python3.11'"'"'; command -v '"'"'python3.10'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3.12 && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/setup.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmp1qrj4_tg TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623610.2360008-11900-204447222741015/AnsiballZ_setup.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623610.2360008-11900-204447222741015/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623610.2360008-11900-204447222741015/AnsiballZ_setup.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-willangawblljmdlnkdczripsangldno ; /usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623610.2360008-11900-204447222741015/AnsiballZ_setup.py'"'"' && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623610.2360008-11900-204447222741015/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] TASK [Load configuration (with defaults from example file).] *************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/main.yml:6 ok: [openvpn-aws] => (item=example.config.yml) => { "ansible_facts": { "config_dir": "~", "easyrsa_ca_expire": 3650, "easyrsa_cert_expire": 825, "easyrsa_cert_renew": 30, "easyrsa_crl_days": 180, "easyrsa_dn": "org", "easyrsa_key_size": 2048, "easyrsa_req_city": "Kyiv", "easyrsa_req_cn": "server", "easyrsa_req_country": "UA", "easyrsa_req_email": ***@***.******@***.***>, "easyrsa_req_org": "SweetHome", "easyrsa_req_ou": "MyOrganizationalUnit", "easyrsa_req_province": "KY", "monitoring_days_keep_interval": "90d", "monitoring_enable": false, "monitoring_grafana_admin_password": "admin", "ovpn_enable": true, "ovpn_guest_subnet": "10.0.71.0/24", "ovpn_home_subnet": "192.168.88.0/24", "ovpn_remote": "remote 123.124.125.126 1194 udp", "ovpn_trusted_subnet": "10.0.70.0/24", "ovpnui_password": "gagaZush", "ovpnui_user": "aws-admin" }, "ansible_included_var_files": [ "/home/vpnuser/openvpn-aws/example.config.yml" ], "ansible_loop_var": "item", "changed": false, "item": "example.config.yml" } ok: [openvpn-aws] => (item=config.yml) => { "ansible_facts": { "config_dir": "~", "easyrsa_ca_expire": 3650, "easyrsa_cert_expire": 825, "easyrsa_cert_renew": 30, "easyrsa_crl_days": 180, "easyrsa_dn": "org", "easyrsa_key_size": 2048, "easyrsa_req_city": "Kyiv", "easyrsa_req_cn": "server", "easyrsa_req_country": "UA", "easyrsa_req_email": ***@***.******@***.***>, "easyrsa_req_org": "SweetHome", "easyrsa_req_ou": "MyOrganizationalUnit", "easyrsa_req_province": "KY", "monitoring_days_keep_interval": "90d", "monitoring_enable": true, "monitoring_grafana_admin_password": "admin", "ovpn_enable": true, "ovpn_guest_subnet": "10.0.71.0/24", "ovpn_home_subnet": "10.0.0.0/23", "ovpn_remote": "remote 123.124.125.126 1194 udp", "ovpn_trusted_subnet": "10.0.70.0/24", "ovpnui_password": "gagaZush", "ovpnui_user": "aws-admin" }, "ansible_included_var_files": [ "/home/vpnuser/openvpn-aws/config.yml" ], "ansible_loop_var": "item", "changed": false, "item": "config.yml" } TASK [Ensure apt cache is up to date.] ************************************************************************************************************************************************************************************************************************* task path: /home/vpnuser/openvpn-aws/main.yml:12 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623611.4398322-12017-36455444466056 `" && echo ansible-tmp-1714623611.4398322-12017-36455444466056="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623611.4398322-12017-36455444466056 `" ) && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/apt.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmpfy2kbo6m TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623611.4398322-12017-36455444466056/AnsiballZ_apt.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623611.4398322-12017-36455444466056/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623611.4398322-12017-36455444466056/AnsiballZ_apt.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ydrkphygpcqmtnlchhnrpasaxzzoeabx ; /usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623611.4398322-12017-36455444466056/AnsiballZ_apt.py'"'"' && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623611.4398322-12017-36455444466056/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => { "cache_update_time": 1714622687, "cache_updated": false, "changed": false, "invocation": { "module_args": { "allow_change_held_packages": false, "allow_downgrade": false, "allow_unauthenticated": false, "autoclean": false, "autoremove": false, "cache_valid_time": 3600, "clean": false, "deb": null, "default_release": null, "dpkg_options": "force-confdef,force-confold", "fail_on_autoremove": false, "force": false, "force_apt_get": false, "install_recommends": null, "lock_timeout": 60, "only_upgrade": false, "package": null, "policy_rc_d": null, "purge": false, "state": "present", "update_cache": true, "update_cache_retries": 5, "update_cache_retry_max_delay": 12, "upgrade": null } } } TASK [Ensure pacman cache is up to date] *********************************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/main.yml:19 skipping: [openvpn-aws] => { "changed": false, "false_condition": "ansible_facts.os_family == \"Archlinux\"", "skip_reason": "Conditional result was False" } TASK [Check if Docker is already present.] ********************************************************************************************************************************************************************************************************************* task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:2 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.1574037-12049-262378879309406 `" && echo ansible-tmp-1714623612.1574037-12049-262378879309406="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.1574037-12049-262378879309406 `" ) && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/command.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmpamdz97cs TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.1574037-12049-262378879309406/AnsiballZ_command.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.1574037-12049-262378879309406/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.1574037-12049-262378879309406/AnsiballZ_command.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-yazcilmehwbdokbtumdouvgagqwpqpgy ; /usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.1574037-12049-262378879309406/AnsiballZ_command.py'"'"' && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.1574037-12049-262378879309406/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => { "changed": false, "cmd": [ "which", "docker" ], "delta": "0:00:00.003336", "end": "2024-05-02 04:20:12.503643", "failed_when_result": false, "invocation": { "module_args": { "_raw_params": "which docker", "_uses_shell": false, "argv": null, "chdir": null, "creates": null, "executable": null, "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } }, "msg": "", "rc": 0, "start": "2024-05-02 04:20:12.500307", "stderr": "", "stderr_lines": [], "stdout": "/usr/bin/docker", "stdout_lines": [ "/usr/bin/docker" ] } TASK [Download Docker install convenience script.] ************************************************************************************************************************************************************************************************************* task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:9 skipping: [openvpn-aws] => { "changed": false, "false_condition": "docker_command_result.rc == 1", "skip_reason": "Conditional result was False" } TASK [Run Docker install convenience script.] ****************************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:16 skipping: [openvpn-aws] => { "changed": false, "false_condition": "docker_command_result.rc == 1", "skip_reason": "Conditional result was False" } TASK [Ensure Docker is started.] ******************************************************************************************************************************************************************************************************************************* task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:22 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.5883555-12080-63368956559247 `" && echo ansible-tmp-1714623612.5883555-12080-63368956559247="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.5883555-12080-63368956559247 `" ) && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/systemd.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmpnthmo5xd TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.5883555-12080-63368956559247/AnsiballZ_systemd.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.5883555-12080-63368956559247/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.5883555-12080-63368956559247/AnsiballZ_systemd.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-vmvinmjtfuijbupqflcsjcbhqsqsixob ; /usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.5883555-12080-63368956559247/AnsiballZ_systemd.py'"'"' && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623612.5883555-12080-63368956559247/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => { "changed": false, "enabled": true, "invocation": { "module_args": { "daemon_reexec": false, "daemon_reload": false, "enabled": true, "force": null, "masked": null, "name": "docker", "no_block": false, "scope": "system", "state": "started" } }, "name": "docker", "state": "started", "status": { "ActiveEnterTimestamp": "Thu 2024-05-02 04:04:57 UTC", "ActiveEnterTimestampMonotonic": "137874406979", "ActiveExitTimestamp": "Thu 2024-05-02 04:04:57 UTC", "ActiveExitTimestampMonotonic": "137873478564", "ActiveState": "active", "After": "network-online.target containerd.service system.slice docker.socket firewalld.service sysinit.target basic.target systemd-journald.socket time-set.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Thu 2024-05-02 04:04:57 UTC", "AssertTimestampMonotonic": "137873562999", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "669966000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2024-05-02 04:04:57 UTC", "ConditionTimestampMonotonic": "137873562997", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/docker.service", "ControlGroupId": "25477", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "yes", "DelegateControllers": "cpu cpuset io memory pids", "Description": "Docker Application Container Engine", "DevicePolicy": "auto", "Documentation": https://docs.docker.com, "DynamicUser": "no", "EffectiveCPUs": "0-1", "EffectiveMemoryNodes": "0", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "10784", "ExecMainStartTimestamp": "Thu 2024-05-02 04:04:57 UTC", "ExecMainStartTimestampMonotonic": "137873572414", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/bin/dockerd ; argv[]=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ; ignore_errors=no ; start_time=[Thu 2024-05-02 04:04:57 UTC] ; stop_time=[n/a] ; pid=10784 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/bin/dockerd ; argv[]=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ; flags= ; start_time=[Thu 2024-05-02 04:04:57 UTC] ; stop_time=[n/a] ; pid=10784 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/docker.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "docker.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "Thu 2024-05-02 04:04:57 UTC", "InactiveEnterTimestampMonotonic": "137873548912", "InactiveExitTimestamp": "Thu 2024-05-02 04:04:57 UTC", "InactiveExitTimestampMonotonic": "137873575198", "InvocationID": "26d8dbceefef4bb3a3a5b2ed1eea1ce9", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "process", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "infinity", "LimitNPROCSoft": "infinity", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "7326", "LimitSIGPENDINGSoft": "7326", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "10784", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "1460899840", "MemoryCurrent": "28434432", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "31043584", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "docker.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMPolicy": "continue", "OOMScoreAdjust": "-500", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice docker.socket", "Restart": "always", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "2s", "RestartUSecNext": "2s", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "3", "StartLimitIntervalUSec": "1min", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Thu 2024-05-02 04:04:57 UTC", "StateChangeTimestampMonotonic": "137874406979", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "9", "TasksMax": "infinity", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "infinity", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "TriggeredBy": "docker.socket", "Type": "notify", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "containerd.service network-online.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [Ensure dependencies are installed (Debian).] ************************************************************************************************************************************************************************************************************* task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:28 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623613.256449-12110-43664989272505 `" && echo ansible-tmp-1714623613.256449-12110-43664989272505="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623613.256449-12110-43664989272505 `" ) && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/apt.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmp85rclh86 TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623613.256449-12110-43664989272505/AnsiballZ_apt.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623613.256449-12110-43664989272505/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623613.256449-12110-43664989272505/AnsiballZ_apt.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-fodiewimcprkvlcqyejjensvwcfugnlv ; /usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623613.256449-12110-43664989272505/AnsiballZ_apt.py'"'"' && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623613.256449-12110-43664989272505/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => { "cache_update_time": 1714622687, "cache_updated": false, "changed": false, "invocation": { "module_args": { "allow_change_held_packages": false, "allow_downgrade": false, "allow_unauthenticated": false, "autoclean": false, "autoremove": false, "cache_valid_time": 0, "clean": false, "deb": null, "default_release": null, "dpkg_options": "force-confdef,force-confold", "fail_on_autoremove": false, "force": false, "force_apt_get": false, "install_recommends": null, "lock_timeout": 60, "name": [ "libffi-dev", "libssl-dev", "python3-dev", "python3-pip", "git" ], "only_upgrade": false, "package": [ "libffi-dev", "libssl-dev", "python3-dev", "python3-pip", "git" ], "policy_rc_d": null, "purge": false, "state": "present", "update_cache": null, "update_cache_retries": 5, "update_cache_retry_max_delay": 12, "upgrade": null } } } TASK [Ensure dependencies are installed (Archlinux).] ********************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:39 skipping: [openvpn-aws] => { "changed": false, "false_condition": "ansible_facts.os_family == \"Archlinux\"", "skip_reason": "Conditional result was False" } TASK [Install Docker Compose] ********************************************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:56 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.023424-12145-107183817174563 `" && echo ansible-tmp-1714623614.023424-12145-107183817174563="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.023424-12145-107183817174563 `" ) && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/apt.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmpt923pltd TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.023424-12145-107183817174563/AnsiballZ_apt.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.023424-12145-107183817174563/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.023424-12145-107183817174563/AnsiballZ_apt.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-jclfplshjknkzltohrnkolmopvwjtgww ; /usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.023424-12145-107183817174563/AnsiballZ_apt.py'"'"' && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.023424-12145-107183817174563/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => { "cache_update_time": 1714622687, "cache_updated": false, "changed": false, "invocation": { "module_args": { "allow_change_held_packages": false, "allow_downgrade": false, "allow_unauthenticated": false, "autoclean": false, "autoremove": false, "cache_valid_time": 0, "clean": false, "deb": null, "default_release": null, "dpkg_options": "force-confdef,force-confold", "fail_on_autoremove": false, "force": false, "force_apt_get": false, "install_recommends": null, "lock_timeout": 60, "name": "docker-compose", "only_upgrade": false, "package": [ "docker-compose" ], "policy_rc_d": null, "purge": false, "state": "present", "update_cache": null, "update_cache_retries": 5, "update_cache_retry_max_delay": 12, "upgrade": null } } } TASK [Ensure vpnuser user is added to the docker group.] ***************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:61 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.7795806-12179-168024923735042 `" && echo ansible-tmp-1714623614.7795806-12179-168024923735042="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.7795806-12179-168024923735042 `" ) && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/user.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmp5noi2ttf TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.7795806-12179-168024923735042/AnsiballZ_user.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.7795806-12179-168024923735042/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.7795806-12179-168024923735042/AnsiballZ_user.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-mwgghfygftyamvrlfajtqxekavpfysuu ; /usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.7795806-12179-168024923735042/AnsiballZ_user.py'"'"' && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623614.7795806-12179-168024923735042/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => { "append": true, "changed": false, "comment": "vpn user", "group": 1000, "groups": "docker", "home": "/home/vpnuser", "invocation": { "module_args": { "append": true, "authorization": null, "comment": null, "create_home": true, "expires": null, "force": false, "generate_ssh_key": null, "group": null, "groups": [ "docker" ], "hidden": null, "home": null, "local": null, "login_class": null, "move_home": false, "name": "vpnuser", "non_unique": false, "password": null, "password_expire_max": null, "password_expire_min": null, "password_expire_warn": null, "password_lock": null, "profile": null, "remove": false, "role": null, "seuser": null, "shell": null, "skeleton": null, "ssh_key_bits": 0, "ssh_key_comment": "ansible-generated on vpn", "ssh_key_file": null, "ssh_key_passphrase": null, "ssh_key_type": "rsa", "state": "present", "system": false, "uid": null, "umask": null, "update_password": "always" } }, "move_home": false, "name": "vpnuser", "shell": "/bin/bash", "state": "present", "uid": 1000 } TASK [Reset connection so docker group is picked up.] ********************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/tasks/docker.yml:68 [WARNING]: Reset is not implemented for this connection META: reset connection TASK [Create OpenVPN folder on Pi.] **************************************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/tasks/openvpn.yml:2 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.229754-12209-244945476006362 `" && echo ansible-tmp-1714623615.229754-12209-244945476006362="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.229754-12209-244945476006362 `" ) && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/file.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmp0pslfqc_ TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.229754-12209-244945476006362/AnsiballZ_file.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.229754-12209-244945476006362/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.229754-12209-244945476006362/AnsiballZ_file.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.229754-12209-244945476006362/AnsiballZ_file.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.229754-12209-244945476006362/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => { "changed": false, "diff": { "after": { "path": "/home/vpnuser/openvpn-server" }, "before": { "path": "/home/vpnuser/openvpn-server" } }, "gid": 1000, "group": "vpnuser", "invocation": { "module_args": { "_diff_peek": null, "_original_basename": null, "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "follow": true, "force": false, "group": null, "mode": 493, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "/home/vpnuser/openvpn-server", "recurse": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "directory", "unsafe_writes": false } }, "mode": "0755", "owner": "vpnuser", "path": "/home/vpnuser/openvpn-server", "size": 4096, "state": "directory", "uid": 1000 } TASK [Synchronize openvpn directory.] ************************************************************************************************************************************************************************************************************************** task path: /home/vpnuser/openvpn-aws/tasks/openvpn.yml:9 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.5848143-12234-3001108956749 `" && echo ansible-tmp-1714623615.5848143-12234-3001108956749="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.5848143-12234-3001108956749 `" ) && sleep 0' Using module file /home/vpnuser/.ansible/collections/ansible_collections/ansible/posix/plugins/modules/synchronize.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmp2t83_m7i TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.5848143-12234-3001108956749/AnsiballZ_synchronize.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.5848143-12234-3001108956749/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.5848143-12234-3001108956749/AnsiballZ_synchronize.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.5848143-12234-3001108956749/AnsiballZ_synchronize.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623615.5848143-12234-3001108956749/ > /dev/null 2>&1 && sleep 0' changed: [openvpn-aws] => { "changed": true, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --no-perms --out-format='<>%i %n%L' /home/vpnuser/openvpn-aws/openvpn-server /home/vpnuser/", "invocation": { "module_args": { "_local_rsync_password": null, "_local_rsync_path": "rsync", "_substitute_controller": false, "archive": true, "checksum": false, "compress": true, "copy_links": false, "delay_updates": true, "delete": false, "dest": "/home/vpnuser/", "dest_port": null, "dirs": false, "existing_only": false, "group": null, "link_dest": null, "links": null, "mode": "push", "owner": null, "partial": false, "perms": false, "private_key": null, "recursive": true, "rsync_opts": [], "rsync_path": null, "rsync_timeout": 0, "set_remote_user": true, "src": "/home/vpnuser/openvpn-aws/openvpn-server", "ssh_args": null, "ssh_connection_multiplexing": false, "times": null, "verify_host": false } }, "msg": ".d..t...... openvpn-server/\n", "rc": 0, "stdout_lines": [ ".d..t...... openvpn-server/" ] } TASK [Copy OpenVPN docker-compose template to Pi.] ************************************************************************************************************************************************************************************************************* task path: /home/vpnuser/openvpn-aws/tasks/openvpn.yml:18 <192.168.1.1> ESTABLISH LOCAL CONNECTION FOR USER: vpnuser <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354 `" && echo ansible-tmp-1714623616.0031245-12262-4632989009354="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354 `" ) && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/stat.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmpyixh5nz4 TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/AnsiballZ_stat.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/AnsiballZ_stat.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/AnsiballZ_stat.py && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/file.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmpgxky51hl TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/AnsiballZ_file.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/AnsiballZ_file.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/AnsiballZ_file.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.0031245-12262-4632989009354/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => (item={'src': 'openvpn-docker-compose.yml.j2', 'dest': 'docker-compose.yml'}) => { "ansible_loop_var": "item", "changed": false, "checksum": "16a8e06c25f8ac3e43d1af80d108cf7b07d281fd", "dest": "/home/vpnuser/openvpn-server/docker-compose.yml", "diff": { "after": { "path": "/home/vpnuser/openvpn-server/docker-compose.yml" }, "before": { "path": "/home/vpnuser/openvpn-server/docker-compose.yml" } }, "gid": 1000, "group": "vpnuser", "invocation": { "module_args": { "_diff_peek": null, "_original_basename": "openvpn-docker-compose.yml.j2", "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "dest": "/home/vpnuser/openvpn-server/docker-compose.yml", "follow": true, "force": false, "group": null, "mode": 480, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "/home/vpnuser/openvpn-server/docker-compose.yml", "recurse": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "file", "unsafe_writes": false } }, "item": { "dest": "docker-compose.yml", "src": "openvpn-docker-compose.yml.j2" }, "mode": "0740", "owner": "vpnuser", "path": "/home/vpnuser/openvpn-server/docker-compose.yml", "size": 1522, "state": "file", "uid": 1000 } <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559 `" && echo ansible-tmp-1714623616.5559103-12262-110277246565559="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559 `" ) && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/stat.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmppr8_or4c TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/AnsiballZ_stat.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/AnsiballZ_stat.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/AnsiballZ_stat.py && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/file.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmppkl557gm TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/AnsiballZ_file.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/AnsiballZ_file.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/AnsiballZ_file.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.5559103-12262-110277246565559/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => (item={'src': 'openvpn-docker-entrypoint.sh.j2', 'dest': 'openvpn-docker/docker-entrypoint.sh'}) => { "ansible_loop_var": "item", "changed": false, "checksum": "c7c935e67d8f70871337d2b37c18fae74b2412b9", "dest": "/home/vpnuser/openvpn-server/openvpn-docker/docker-entrypoint.sh", "diff": { "after": { "path": "/home/vpnuser/openvpn-server/openvpn-docker/docker-entrypoint.sh" }, "before": { "path": "/home/vpnuser/openvpn-server/openvpn-docker/docker-entrypoint.sh" } }, "gid": 1000, "group": "vpnuser", "invocation": { "module_args": { "_diff_peek": null, "_original_basename": "openvpn-docker-entrypoint.sh.j2", "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "dest": "/home/vpnuser/openvpn-server/openvpn-docker/docker-entrypoint.sh", "follow": true, "force": false, "group": null, "mode": 480, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "/home/vpnuser/openvpn-server/openvpn-docker/docker-entrypoint.sh", "recurse": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "file", "unsafe_writes": false } }, "item": { "dest": "openvpn-docker/docker-entrypoint.sh", "src": "openvpn-docker-entrypoint.sh.j2" }, "mode": "0740", "owner": "vpnuser", "path": "/home/vpnuser/openvpn-server/openvpn-docker/docker-entrypoint.sh", "size": 2756, "state": "file", "uid": 1000 } <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819 `" && echo ansible-tmp-1714623616.9819796-12262-276763549741819="` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819 `" ) && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/stat.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmpjos01e_p TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/AnsiballZ_stat.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/AnsiballZ_stat.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/AnsiballZ_stat.py && sleep 0' Using module file /home/vpnuser/.local/lib/python3.12/site-packages/ansible/modules/file.py <192.168.1.1> PUT /home/vpnuser/.ansible/tmp/ansible-local-118964paw_6ag/tmpolcsq4i9 TO /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/AnsiballZ_file.py <192.168.1.1> EXEC /bin/sh -c 'chmod u+x /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/ /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/AnsiballZ_file.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c '/usr/bin/python3 /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/AnsiballZ_file.py && sleep 0' <192.168.1.1> EXEC /bin/sh -c 'rm -f -r /home/vpnuser/.ansible/tmp/ansible-tmp-1714623616.9819796-12262-276763549741819/ > /dev/null 2>&1 && sleep 0' ok: [openvpn-aws] => (item={'src': 'openvpn_client.conf.j2', 'dest': 'config/client.conf'}) => { "ansible_loop_var": "item", "changed": false, "checksum": "a1c32c4deffe9a3677eb85463e006f5f87787fdc", "dest": "/home/vpnuser/openvpn-server/config/client.conf", "diff": { "after": { "path": "/home/vpnuser/openvpn-server/config/client.conf" }, "before": { "path": "/home/vpnuser/openvpn-server/config/client.conf" } }, "gid": 1000, "group": "vpnuser", "invocation": { "module_args": { "_diff_peek": null, "_original_basename": "openvpn_client.conf.j2", "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "dest": "/home/vpnuser/openvpn-server/config/client.conf", "follow": true, "force": false, "group": null, "mode": 480, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "/home/vpnuser/openvpn-server/config/client.conf", "recurse": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "file", "unsafe_writes": false } }, "item": { "dest": "config/client.conf", "src": "openvpn_client.conf.j2" }, "mode": "0740", "owner": "vpnuser", "path": "/home/vpnuser/openvpn-server/config/client.conf", "size": 473, "state": "file", "uid": 1000 } <192.168.1.1> EXEC /bin/sh -c 'echo ~vpnuser && sleep 0' <192.168.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vpnuser/.ansible/tmp `"&& mkdir "` echo /home/vpnuser/.ansible/tmp/ansible-tmp-1714623617.4108555-12262-21331634902133 `" && echo ansible-tmp-1714623617.4108555-12262-21331634902133="` echo /home/

[d3vilh]

Thanks for the logs! As per the beginning everything with your configuration is OK. Ansible tasks which fit to the GitHub comment size character limit are successfully completed.

Could you attach ansible-playbook -vvv main.yml output as a text file (so it will contain all the steps and error)?

Have you tried to spin up a completely stock Ubuntu Server 24.04 LTS image and run the installation?

Ubuntu should work like a charm, we have successful installations on prod servers, and I have Bookworm as main x86 test environment (kind of a similar to Ubuntu, but who knows, maybe eventually I'll emulate one more x86 env with Ubuntu)

Let's try to dig a little more if you still not bothered :) This full log should be fine, I predict one of the tasks are failed due to some permission or config file is missed.

[d3vilh]

Hi @scotthugh I found one problem with Ubuntu 24.04. docker-compose and docker from the standard repository just won't works together in 24.04 LTS.

To override this we have to move to docker-compose-v2 or downgrade docker version (which is NOK). So, I did slight playbooks redesign and seems all works fine in u24.04 branch.

You could try it, but before this you need to

• Remove old docker and docker-compose packages:

  sudo apt remove docker-ce containerd.io docker-ce-cli docker-compose-plugin;
  sudo apt autoremove

• Remove old openvpn-aws version

  rm -rf ~/openvpn-aws

• Clone new version and switch to the branch u24.04

  git clone https://github.com/d3vilh/openvpn-aws
  cd openvpn-aws && git switch u24.04

• Continue updated installation procedure, from the step 4.

It now seems run fine with LTS 24.04:

dodo@ubuntu24:~/$ uname -a
Linux ubuntu24.04-x86 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
dodo@ubuntu24:~/$  cd openvpn-aws && git switch u24.04
M   config.yml
M   inventory.yml
Already on 'u24.04'
Your branch is up to date with 'origin/u24.04'.

dodo@ubuntu24:~/openvpn-aws$ sudo groupadd docker
dodo@ubuntu24:~/openvpn-aws$ sudo usermod -aG docker $USER
dodo@ubuntu24:~/openvpn-aws$ logout

dodo@ubuntu24:~/$  cd openvpn-aws 
dodo@ubuntu24:~/openvpn-aws$ groups
dodo adm cdrom sudo dip plugdev users lpadmin docker
dodo@ubuntu24:~/openvpn-aws$ ansible-galaxy collection install -r requirements.yml --force
dodo@ubuntu24:~/openvpn-aws$ yes | cp -p example.config.yml config.yml
dodo@ubuntu24:~/openvpn-aws$ sudo ansible-playbook main.yml
[sudo] password for dodo:

PLAY [openvpn-aws] ***************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************
ok: [openvpn-aws]

TASK [Load configuration (with defaults from example file).] *********************************************************************
ok: [openvpn-aws] => (item=example.config.yml)
ok: [openvpn-aws] => (item=config.yml)

TASK [Ensure apt cache is up to date.] *******************************************************************************************
changed: [openvpn-aws]

TASK [Ensure pacman cache is up to date] *****************************************************************************************
skipping: [openvpn-aws]

TASK [Check if Docker is already present.] ***************************************************************************************
skipping: [openvpn-aws]

TASK [Download Docker install convenience script.] *******************************************************************************
skipping: [openvpn-aws]

TASK [Run Docker install convenience script.] ************************************************************************************
skipping: [openvpn-aws]

TASK [Ensure Docker is started.] *************************************************************************************************
skipping: [openvpn-aws]

TASK [Ensure dependencies are installed (Debian).] *******************************************************************************
skipping: [openvpn-aws]

TASK [Ensure dependencies are installed (Archlinux).] ****************************************************************************
skipping: [openvpn-aws]

TASK [Ensure dodo user is added to the docker group.] *************************************************************************
skipping: [openvpn-aws]

TASK [Reset connection so docker group is picked up.] ****************************************************************************
[WARNING]: reset_connection task does not support when conditional
[WARNING]: Reset is not implemented for this connection

TASK [Create OpenVPN folder on Pi.] **********************************************************************************************
skipping: [openvpn-aws]

TASK [Synchronize openvpn directory.] ********************************************************************************************
skipping: [openvpn-aws]

TASK [Copy OpenVPN docker-compose template to Pi.] *******************************************************************************
skipping: [openvpn-aws] => (item={'src': 'openvpn-docker-compose.yml.j2', 'dest': 'docker-compose.yml'})
skipping: [openvpn-aws] => (item={'src': 'openvpn-docker-entrypoint.sh.j2', 'dest': 'openvpn-docker/docker-entrypoint.sh'})
skipping: [openvpn-aws] => (item={'src': 'openvpn_client.conf.j2', 'dest': 'config/client.conf'})
skipping: [openvpn-aws] => (item={'src': 'easy-rsa.vars.j2', 'dest': 'config/easy-rsa.vars'})
skipping: [openvpn-aws]

TASK [Ensure OpenVPN is running.] ************************************************************************************************
skipping: [openvpn-aws]

TASK [Gather package facts.] *****************************************************************************************************
skipping: [openvpn-aws]

TASK [Add Buster backports apt key.] *********************************************************************************************
skipping: [openvpn-aws] => (item=04EE7237B7D453EC)
skipping: [openvpn-aws] => (item=648ACFD622F3D138)
skipping: [openvpn-aws]

TASK [Add Buster backports for fixed libseccomp2.] *******************************************************************************
skipping: [openvpn-aws]

TASK [Install >libseccomp2.4.4 to fix 32-bit OS issue.] **************************************************************************
skipping: [openvpn-aws]

TASK [Synchronize monitoring directory.] *****************************************************************************************
skipping: [openvpn-aws]

TASK [Ensure monitoring directory is not a Git repository.] **********************************************************************
skipping: [openvpn-aws]

TASK [Copy templated monitoring files into place.] *******************************************************************************
skipping: [openvpn-aws] => (item={'src': 'grafana-config.monitoring.j2', 'dest': 'grafana/config.monitoring'})
skipping: [openvpn-aws] => (item={'src': 'prometheus.yml.j2', 'dest': 'prometheus/prometheus.yml'})
skipping: [openvpn-aws] => (item={'src': 'openvpn_exporter-docker-compose.yml.j2', 'dest': 'docker-compose.yml'})
skipping: [openvpn-aws]

TASK [Copy OpenVPN monitoring dashboard config to Grafana.] **********************************************************************
skipping: [openvpn-aws]

TASK [Pull latest Grafana Docker image] ******************************************************************************************
skipping: [openvpn-aws]

TASK [Ensure monitoring environment is running.] *********************************************************************************
skipping: [openvpn-aws]

TASK [Check if Docker is already present.] ***************************************************************************************
ok: [openvpn-aws]

TASK [Install Docker and Docker Compose v2 (Ubuntu).] ****************************************************************************
changed: [openvpn-aws]

TASK [Ensure Docker is started.] *************************************************************************************************
ok: [openvpn-aws]

TASK [Ensure dodo user is added to the docker group.] *************************************************************************
ok: [openvpn-aws]

TASK [Reset connection so docker group is picked up.] ****************************************************************************

TASK [Create OpenVPN folder on Pi.] **********************************************************************************************
changed: [openvpn-aws]

TASK [Synchronize openvpn directory.] ********************************************************************************************
changed: [openvpn-aws]

TASK [Copy OpenVPN docker-compose template to Pi.] *******************************************************************************
changed: [openvpn-aws] => (item={'src': 'openvpn-docker-compose.yml.j2', 'dest': 'docker-compose.yml'})
changed: [openvpn-aws] => (item={'src': 'openvpn-docker-entrypoint.sh.j2', 'dest': 'openvpn-docker/docker-entrypoint.sh'})
changed: [openvpn-aws] => (item={'src': 'openvpn_client.conf.j2', 'dest': 'config/client.conf'})
changed: [openvpn-aws] => (item={'src': 'easy-rsa.vars.j2', 'dest': 'config/easy-rsa.vars'})

TASK [Ensure OpenVPN is running (Ubuntu).] ***************************************************************************************
changed: [openvpn-aws]

TASK [Gather package facts.] *****************************************************************************************************
skipping: [openvpn-aws]

TASK [Add Buster backports apt key.] *********************************************************************************************
skipping: [openvpn-aws] => (item=04EE7237B7D453EC)
skipping: [openvpn-aws] => (item=648ACFD622F3D138)
skipping: [openvpn-aws]

TASK [Add Buster backports for fixed libseccomp2.] *******************************************************************************
skipping: [openvpn-aws]

TASK [Install >libseccomp2.4.4 to fix 32-bit OS issue.] **************************************************************************
skipping: [openvpn-aws]

TASK [Synchronize monitoring directory.] *****************************************************************************************
skipping: [openvpn-aws]

TASK [Ensure monitoring directory is not a Git repository.] **********************************************************************
skipping: [openvpn-aws]

TASK [Copy templated monitoring files into place.] *******************************************************************************
skipping: [openvpn-aws] => (item={'src': 'grafana-config.monitoring.j2', 'dest': 'grafana/config.monitoring'})
skipping: [openvpn-aws] => (item={'src': 'prometheus.yml.j2', 'dest': 'prometheus/prometheus.yml'})
skipping: [openvpn-aws] => (item={'src': 'openvpn_exporter-docker-compose.yml.j2', 'dest': 'docker-compose.yml'})
skipping: [openvpn-aws]

TASK [Copy OpenVPN monitoring dashboard config to Grafana.] **********************************************************************
skipping: [openvpn-aws]

TASK [Pull latest Grafana Docker image] ******************************************************************************************
skipping: [openvpn-aws]

TASK [Ensure monitoring environment is running.] *********************************************************************************
skipping: [openvpn-aws]

RUNNING HANDLER [Restart openvpn (Ubuntu)] ***************************************************************************************
changed: [openvpn-aws]

PLAY RECAP ***********************************************************************************************************************
openvpn-aws                : ok=12   changed=7    unreachable=0    failed=0    skipped=32   rescued=0    ignored=0

dodo@ubuntu24:~/openvpn-aws$ docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED          STATUS         PORTS                                       NAMES
23eff3be18f6   d3vilh/openvpn-server:latest   "/bin/sh -c ./docker…"   34 seconds ago   Up 9 seconds   0.0.0.0:1194->1194/udp, :::1194->1194/udp   openvpn
b49718503a77   d3vilh/openvpn-ui:latest       "/bin/sh -c /opt/sta…"   34 seconds ago   Up 9 seconds   0.0.0.0:8080->8080/tcp, :::8080->8080/tcp   openvpn-ui

dodo@ubuntu24:~/openvpn-aws$ docker logs openvpn -f
EasyRSA path: /usr/share/easy-rsa OVPN path: /etc/openvpn
Setting up public key infrastructure...

Notice
------
'init-pki' complete; you may now create a CA or requests.

...

net.ipv4.ip_forward = 1
Configuring iptables...
NAT for OpenVPN clients
Blocking ICMP for external clients
Blocking internal home subnet to access from external openvpn clients (Internet still available)
No additional firewall rules to apply.
IPT MASQ Chains:
MASQUERADE  all  --  10.0.70.0/24         anywhere
MASQUERADE  all  --  10.0.71.0/24         anywhere
IPT FWD Chains:
       0        0 DROP       1    --  *      *       10.0.71.0/24         0.0.0.0/0            icmptype 8
       0        0 DROP       1    --  *      *       10.0.71.0/24         0.0.0.0/0            icmptype 0
       0        0 DROP       0    --  *      *       10.0.71.0/24         192.168.88.0/24
Start openvpn process...
^C

Let me know if this will works fine to you.

[scotthugh]

That is awesome! Thank you! Now I can actually get access to the interface and create a user.

However, what doesn't work as intended is connecting to it. I have created a certificate and generated the ovpn file, downloaded it to my mac and added it to the client, but when I connect it gives me this error: Connection Failed There was an error attempting to connect to the selected server. Error message: PKey::parse_pem: error in private key:: error:1C800064:Provider routines::bad decrypt / error:11800074:PKCS12 routines::pkcs12 cipherfinal error / error:1C800064:Provider routines::bad decrypt / error:11800074:PKCS12 routines::pkcs12 cipherfinal error

Do you have any idea what I should do? Thanks

Another question that arose was regarding restarting the vpn server. Does it automatically restart the containers and everything?

[d3vilh]

It seems you have something wrong with your passphrase or certificate. Can you share your server.conf, newly generated client.ovpn and openvpn.log with connection attempt

Be sure you will hide all the IPs and keys, so nor me nor anyone else will connect :)

[scotthugh]

Yes! You are right, it was the password. I created a new with a "simpler" password and it worked.

I have a bunch of questions because this project is awesome!

But first I really want to say thank you, for having created and maintaining this project, it is awesome and easy when it works.

So, now the questions:

1. In the guide for the new branch, should there be an extra line with the switch command you sent me or is it not necessary?
2. Regarding the passwords, which characters are allowed, because it was the same I experienced for the user for the interface, that some characters are not allowed. Maybe there could be some kind of validation for this.
3. The 2 characters area code for the province, could that be just a general text with no validation, according to DigiCert, it can be either a 2 letter state code or a province name.
4. The 2FA, could that be setup for "Profiles" as well? I set it up with the certificates and it works as intended, really cool feature!
5. How can I specificy server side, what ip addresses the specific certificate is allowed to access internally? So let's say a certificate has a range of 4 ip's 10.0.0.5 through 10.0.0.8 both included and the certificate should only be allowed to access those ip's, how do I ensure they are not able to access 10.0.0.9 internally from? Right now if running split tunnel I can define this in the client certificate, but how do I do it server side?
6. How do I server side disable/enable split or full vpn for a certificate? Again here I know I can do it in the client certificate, but I would really love to be able to control this server side instead of allowing the client to do it in the certificate.
7. What happens if I restart the virtual machine? Does the containers automatically start again? (I just restarted the server and it automatically spins up the containers, so question answered :))
8. Do you have a guide on the trusted/guest subnets (the static/dynamic pool of ip's)?
9. What happens if the server certificate is renewed? Does the users have to get new ovpn files or is that only for the server? And, when is renewal available for it (the button is greyed out right now)?
10. Would it be possible to run the openvpn-ui interface on https maybe using a Let's Encrypt certificate (that auto renews every 2 months)?
11. Would it be possible to create say a sub-admin-user where the super-administrator can specify an ip range the sub-admin-user has access to, along with the sub-admin-user's information (which will then be propogated automatically when the sub-admin-user creates certificates), and maybe the ability to limit the sub-admin-user to be able to create up to x number of certificates for the sub-admin-user to manage? This would give the possibility to allow sub admins to maintain its own set of certificates without giving them access to anything else but its own certificates. So, no access to the Profiles nor server settings, nor nothing, just certificates.
12. Would it be possible to edit "Profile" users being an administrator?
13. When I delete a "Profile user" it returns: "User "" deleted successfully" (missing the actual user that has been deleted).
14. How do I update when a new version is released without messing with the certificates?
15. Is it possible to have the 2FA code below the QR code to send it to users? Right now when I click send mail none of that information is added to the email.
16. There could even be added an smtp server or a way to add a relay so the system itself could send an email with the ovpn file and the qr code.

That was a mouthful :)

Again, an amazing project! If I can contribute in any way, please let me know.

[d3vilh]

Hey, Im glad that we figure out that Ubuntu is not the same to Debian Bookworm. I had intention that it's 1 to 1 compatible, but it is not, so we have fix now.

1. In the guide for the new branch, should there be an extra line with the switch command you sent me or is it not necessary?

Not necessary anymore, as I pushed Ubuntu related changes to the main branch.

2. Regarding the passwords, which characters are allowed, because it was the same I experienced for the user for the interface, that some characters are not allowed. Maybe there could be some kind of validation for this.

The cert passphrase is just a string in GoLang backend, however I found and fixed one possible issue with shell script which generate new certificate, it seems had issue with special characters. This fix is now in dev branch for OpenVPN-Ui will be included in next release.

3. The 2 characters area code for the province, could that be just a general text with no validation, according to DigiCert, it can be either a 2 letter state code or a province name.

Thus can be anything no one is taking care, unless you have your own special guidelines for this :)

4. The 2FA, could that be setup for "Profiles" as well? I set it up with the certificates and it works as intended, really cool feature!

2FA is part of openVPN server side, it is either can be enabled (for all the clients) or disabled. That is why all the profiles sticked to the same server configuration, but you really desire to have 2FA and non 2FA functionality active at the same time, you could have workaround with running multiple OpenVPN server containers and UIs.

5. How can I specificy server side, what ip addresses the specific certificate is allowed to access internally? So let's say a certificate has a range of 4 ip's 10.0.0.5 through 10.0.0.8 both included and the certificate should only be allowed to access those ip's, how do I ensure they are not able to access 10.0.0.9 internally from? Right now if running split tunnel I can define this in the client certificate, but how do I do it server side?

Any access rules should be applied on the openvpn server side. With IPTables or UFW chains. In openvpn-server project server side container has fw-rules.sh script which runs every time when container just started to be sure all the rules are applied. You could add there any iptables rules with standard syntax. Here is one old issue, describing the process on example of limiting access between two different clients.

6. How do I server side disable/enable split or full vpn for a certificate? Again here I know I can do it in the client certificate, but I would really love to be able to control this server side instead of allowing the client to do it in the certificate.

For myself I decided to deal with it with fw-rules.sh script described above, but currently UI don't have any specific interface to configure or view it (as it is not the standard OpenVPN functionality and requires specific knowledge to maintain). Maybe in the future I'll add this as a feature for "Admin" profiles only.

7. What happens if I restart the virtual machine? Does the containers automatically start again? (I just restarted the server and it automatically spins up the containers, so question answered :))

Docker will start all the containers as part of default self restoration policy. So you don't need to take care about it, just be sure Docker demon in enabled in your sysctlconfig.

8. Do you have a guide on the trusted/guest subnets (the static/dynamic pool of ip's)?

No specific guide, just high level picture describes functionality. In general, you have 2 subnets:

• One "guests" allow internet access only by blocking TCP and ICMP packets towards home subnet on the OpenVPN server container level.
• Other "trusted" don't have any blocking policy

9. What happens if the server certificate is renewed? Does the users have to get new ovpn files or is that only for the server? And, when is renewal available for it (the button is greyed out right now)?

When you renew server side certificate all the clients have to be re-generated. This will require OpenVPN services downtime. (That is why it's greyed, you should understand what you are doing). If you need to regenerate it, then it's faster to backup your PKI and just recreate it from scratch with new parameters. It is available under "Configuration > Maintenance" menu. Be aware, all your client certificates will stop working.

10. Would it be possible to run the openvpn-ui interface on https maybe using a Let's Encrypt certificate (that auto renews every 2 months)?

I thought about it in the past, but OpenVPN-Ui pretends to be "Home/SOHO" easy solution, so you could install it once and then use without any additional attention in the future. Maybe, if some corp dudes will be interesting I will add this and other business related features in separate branch and port for everyone else as additonal disabled by default functionality.

11. Would it be possible to create say a sub-admin-user where the super-administrator can specify an ip range the sub-admin-user has access to, along with the sub-admin-user's information (which will then be propogated automatically when the sub-admin-user creates certificates), and maybe the ability to limit the sub-admin-user to be able to create up to x number of certificates for the sub-admin-user to manage? This would give the possibility to allow sub admins to maintain its own set of certificates without giving them access to anything else but its own certificates. So, no access to the Profiles nor server settings, nor nothing, just certificates.

In this case we should somehow segregate access to the same PKI and it is possible, but requires some efforts. As WA you could just run additional server and Ui containers to maintain 2 different PKIs independently.

12. Would it be possible to edit "Profile" users being an administrator?

Now you can just delete old and create new users, but I think it maybe a good feature (to change name and email) for the existing users.

13. When I delete a "Profile user" it returns: "User "" deleted successfully" (missing the actual user that has been deleted).

Looks like a bug, could you open issue with docker logs openvpn-ui output attached?

14. How do I update when a new version is released without messing with the certificates?

OpenVPN-Ui itself does to store any PKI infrastructure locally. So you just need to re-create container with newer image, that's it. Here is Upgrade instruction you could follow.

15. Is it possible to have the 2FA code below the QR code to send it to users? Right now when I click send mail none of that information is added to the email.

Well, it is special limitation of mailto: protocol. You can't just attach anything except text (not even in HTML format) to email body. If we really need this feature, we should run local mail server with own domain to send such emails over it. Again it is complicates setup and maintenance, that is why was not implemented by default.

16. There could even be added an smtp server or a way to add a relay so the system itself could send an email with the ovpn file and the qr code.

Yes, you are right, this is the way. Again, it will require efforts to develop and then it depends on how often you do need to send this QRs. For SOHO, you can just copy/paste it.

Maybe, we could prepare smtp container, this we can link to OpenVPN-UI backend as a special option. I think about it.

BTW, there are some paid services which provides smtp servers within subscriptions (so you don't have to maintain own one), but I would not include this, as it may looks like I can have some benefit from this :)

That was a mouthful :)

Again, an amazing project! If I can contribute in any way, please let me know.

Thank you for all the testing efforts!

[d3vilh]

12. Would it be possible to edit "Profile" users being an administrator?

I just pushed this feature in dev branch. Definitely will be in next release.

13. When I delete a "Profile user" it returns: "User "" deleted successfully" (missing the actual user that has been deleted).

Will be fixed in next release as well. 10x.

[permanutry]

finally, This Ubuntu related changes smells like new release!

[scotthugh]

Thanks bro, I’ll be updating soon as well. Need to figure out how to do the upgrading!

I appreciate the effort!

[scotthugh]

I tried to do the upgrading and found myself in a pickle and had to run the playbook again because the docker-compose.yaml is not found where indicated. The structure in the openvpn-aws is different from the openvpn-ui.

[GasparFabio]

Good evening, I want to congratulate you on your work. I'm doing the deployment and it's showing the error.

TASK [Set up OpenVPN (Ubuntu).] **** fatal: [openvpn-aws]: FAILED! => {"reason": "couldn't resolve module/action 'com munity.docker.docker_compose_v2'. This often indicates a misspelling, missing co llection, or incorrect module path.\n\nThe error appears to be in '/home/ubuntu/ openvpn-aws/tasks/openvpn_ubuntu.yml': line 37, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n# to the docker group, so this task may fail.\n- name: Ensure OpenV PN is running (Ubuntu).\n ^ here\n"}

PLAY RECAP ***** openvpn-aws : ok=8 changed=2 unreachable=0 failed=1 s kipped=22 rescued=0 ignored=0