[1.8.1] app server unreachable when checking secureboot status

[emkll]

Description

When performing a new install on the latest release/1.8.1 branch, the installer fails at the following step:

TASK [prepare-servers: Install python and packages required by installer] *************
ok: [mon]
fatal: [app] UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"10.20.2.2\". Make sure this host can be reached over ssh: ", "unreachable": true}

What is strange is that ssh to the app server is still working after that failure.

Steps to Reproduce

./securedrop-admin --force install on a newly provisioned 20.04 install

Expected Behavior

prepare-servers role should complete successfully

Actual Behavior

prepare-servers fails at the "Check SecureDrop status" step

Comments

I tried several things:

• re-cloning the repository
• using different hardware (mac mini, NUC10, all with secureboot disabled)
• deleting ~/.ansible/cp/

[kushaldas]

We need someone else than me to reproduce this, on a normal VM based approach can not test secureboot related checks. Just now finished a normal installation on Focal via release/1.8.1 branch and works perfectly.

[emkll]

I just ran install again and did not observe this error. It's unclear if this is was a transient error or user error :confused:

[zenmonkeykstop]

Just ran through a fresh install (and multiple install playbook runs afterward) on nuc10/nuc8, did not observe this error.

[eloquence]

Hardware: 2014 Mac Minis Server OS: Ubuntu 20.04 Scenario: Fresh install Commit: 372952c71aa7fd75de297185e9eb0bb135cd89f8 (tip of release/1.8.1)

The [prepare-servers: Install python and packages required by installer] step completed without issues on app and mon. Will post any other findings from quick testing on main issue.

[eloquence]

Closing for now due to failure to reproduce, will re-open if we observe again during next QA cycle or before then.