ftao
commented
8 years ago 你跑的哪个playbook , openvpn 部分确实缺少维护。
我的经验基本openvpn 马上会被检测到.
Open alroyso opened 8 years ago
ftao
commented
8 years ago 你跑的哪个playbook , openvpn 部分确实缺少维护。
我的经验基本openvpn 马上会被检测到.
alroyso
commented
8 years ago - openvpn
- nat
- role: ocservvpn.yml 里面的
alroyso
commented
8 years ago 安装OPENVPN的时候 E: 未发现软件包 certified 这个没有找到怎么办呀?
ftao
commented
8 years ago certified 应该是这个role 去安装的, 你看看是否你的系统不支持。 https://github.com/ftao/vpn-deploy-playbook/tree/master/roles/ftao.certified
openvpn 部分好久没动, 我现在也不知道了, 需要有空的的时候重新整理一下了。
alroyso
commented
8 years ago An ansible role to install certified in unbuntu/debian server . 上面写的是支持的,我是debian7.0的系统的,
ftao
commented
8 years ago 你是在跑 openvpn-server.yml 这个playbook 是吧? 目前我这里可用的正常的openvpn 的设置方法是, 手工先将证书生成好, 然后用 openvpn 这个role . 自动化的应该是上次有尝试一些, 但是没有完全完成, 所以可能有各种问题。
配置如下,
openvpn_use_radius: true
openvpn_radius_servers: "{{ radius_servers }}"
openvpn_cred:
ca: "{{ lookup('file', inventory_dir + '/cred/openvpn/ca.crt') }}"
cert: "{{ lookup('file', inventory_dir + '/cred/openvpn/server.crt') }}"
key: "{{ lookup('file', inventory_dir + '/cred/openvpn/server.key') }}"
dh: "{{ lookup('file', inventory_dir + '/cred/openvpn/dh1024.pem') }}"我跑的是openvpn.yml
ftao
commented
8 years ago 我说错了。 openvpn.yml 使用的 role 是 openvpn-server
alroyso
commented
8 years ago 对,在安装的过程中 提示这个 certified 没有找到
alroyso
commented
8 years ago 手动生成证书是怎么生成的啊?
ftao
commented
8 years ago alroyso
commented
8 years ago certified 没有找到 这个我装不上,郁闷啊。 echo "deb http://packages.rcrowley.org $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/rcrowley.list sudo wget -O /etc/apt/trusted.gpg.d/rcrowley.gpg http://packages.rcrowley.org/keyring.gpg 这样了也不行。
alroyso
commented
8 years ago 这个也可以用于OPENVPN?
ftao
commented
8 years ago 现在更新了一下, 现在 openvpn.yml 应该OK了 。 之前似乎没有把 ftao.certified 加入到 openvpn.yml 中了。
https://github.com/ftao/vpn-deploy-playbook/wiki/Setup-OpenVPN-Server
alroyso
commented
8 years ago No package matching 'certified' 我是没有找到这个包 用http://packages.rcrowley.org 也不能安装啊。
ftao
commented
8 years ago 似乎是没有给 最新版本的 debian 打包。 http://packages.rcrowley.org/dists/
alroyso
commented
8 years ago 那我应该怎么去做?
ftao
commented
8 years ago 我的建议是 系统换成 ubuntu 14.04 , 这个项目里面的 role 兼容性最好的系统肯定是 ubuntu 14.04 .
alroyso
commented
8 years ago failed: [vpnsaiweivpn] => {"failed": true} msg: No package matching 'certified' is available
FATAL: all hosts have already failed
ubuntu 14.04 也是报错误
ftao
commented
8 years ago 你去手工改跑一下 apt-get update 一下, 然后再试试?
alroyso
commented
8 years ago 我测试过也不行 这个不能手动去安装吗?
ftao
commented
8 years ago cat /etc/apt/sources.list.d/packages_rcrowley_org.list
结果是什么? 这个文件存在吗?
ftao
commented
8 years ago 自己安装 请看 https://github.com/rcrowley/certified 的README
alroyso
commented
8 years ago TASK: [ftao.certified | install certified] **** failed: [vpnsaiweivpn] => {"failed": true} msg: No package matching 'certified' is available
FATAL: all hosts have already failed -- aborting
PLAY RECAP **** to retry, use: --limit @/root/openvpn.retry
vpnsaiweivpn : ok=10 changed=0 unreachable=0 failed=1
root@nox2008:/home/nox/vpn-deploy-playbook# cat /etc/apt/sources.list.d/packages_rcrowley_org.list deb http://packages.rcrowley.org trusty main root@nox2008:/home/nox/vpn-deploy-playbook#
ftao
commented
8 years ago apt-get update 的输出有没有报错吗?
alroyso
commented
8 years ago 没有的。
ftao
commented
8 years ago 贴一下下面几个命令的输出吧.
lsb_release -a
apt-get update
apt-cache search certifiedroot@nox2008:/home/nox/vpn-deploy-playbook# apt-cache search certified libgeronimo-jms-1.1-spec-java - Geronimo API implementation of the JMS 1.1 spec libgeronimo-jta-1.1-spec-java - Geronimo API implementation of the JTA 1.1 spec libgeronimo-jta-1.1-spec-java-doc - Documentation for the JTA 1.1 spec empathy-skype - Skype plugin for libpurple messengers (Empathy-specific files) pidgin-skype - Skype plugin for libpurple messengers (Pidgin-specific files) pidgin-skype-common - Skype plugin for libpurple messengers (common files) pidgin-skype-dbg - Skype plugin for libpurple messengers (debug symbols) acl2-books - Computational Logic for Applicative Common Lisp: compiled libraries acl2-books-certs - Computational Logic for Applicative Common Lisp: library certificates jbossas4 - JBoss Application Server jython - Python seamlessly integrated with Java libctapimkt1 - Read German Krankenversichertenkarte and eGK libctapimkt1-dev - Read German Krankenversichertenkarte and eGK (development) libgeronimo-ejb-3.0-spec-java - Geronimo API implementation of the EJB 3.0 spec libgeronimo-interceptor-3.0-spec-java - Geronimo API implementation of the Interceptor 3.0 spec libgeronimo-j2ee-connector-1.5-spec-java - Geronimo API implementation of the J2EE connector 1.5 spec libgeronimo-jacc-1.1-spec-java - Geronimo API implementation of the JACC 1.1 spec libgeronimo-jpa-3.0-spec-java - Geronimo API implementation of the JPA 3.0 spec libiml-dev - Integer Matrix Library, development files libiml0 - Integer Matrix Library, runtime files libjboss-aspects-java - JBoss Aspects libjboss-classloader-java - JBoss Classloader libjboss-cluster-java - JBoss Cluster libjboss-connector-java - JBoss Connector libjboss-deployers-java - JBoss Deployment Framework libjboss-deployment-java - JBoss Deployment libjboss-ejb3-java - JBoss Enterprise Java Beans (EJB) 3.0 libjboss-ejb3x-java - JBoss Enterprise Java Beans (EJB3X) libjboss-integration-java - JBoss Integration libjboss-j2ee-java - JBoss J2EE core libraries libjboss-jms-java - JBoss Java Message Service (JMS) libjboss-managed-java - JBoss Managed libjboss-management-java - JBoss Management libjboss-messaging-java - JBoss Messaging libjboss-metadata-java - JBoss MetaData Repository libjboss-naming-java - JBoss Naming libjboss-reflect-java - JBoss Reflection api for ClassInfo and BeanInfo abstractions libjboss-security-java - JBoss Security libjboss-server-java - JBoss Server libjboss-system-java - JBoss System libjboss-transaction-java - JBoss Transaction libjboss-vfs-java - JBoss Virtual File System libjboss-webservices-java - JBoss Web Services python-nss - Python bindings for Network Security Services (NSS)
ftao
commented
8 years ago 关键是 apt-get update 的输出。
apt-get update你这个输出肯定是这个仓库并没有起作用。
alroyso
commented
8 years ago root@nox2008:/home/nox/vpn-deploy-playbook# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.2 LTS
Release: 14.04
Codename: trusty
root@nox2008:/home/nox/vpn-deploy-playbook# apt-get update
Hit http://security.ubuntu.com trusty-security InRelease
Ign http://us.archive.ubuntu.com trusty InRelease
Ign http://packages.rcrowley.org trusty InRelease
Hit http://us.archive.ubuntu.com trusty-updates InRelease
Hit http://packages.rcrowley.org trusty Release.gpg
Hit http://security.ubuntu.com trusty-security/main Sources
Hit http://us.archive.ubuntu.com trusty-backports InRelease
Hit http://packages.rcrowley.org trusty Release
Hit http://security.ubuntu.com trusty-security/restricted Sources
Hit http://us.archive.ubuntu.com trusty Release.gpg
Hit http://packages.rcrowley.org trusty/main i386 Packages
Hit http://security.ubuntu.com trusty-security/universe Sources
Hit http://us.archive.ubuntu.com trusty-updates/main Sources
Hit http://security.ubuntu.com trusty-security/multiverse Sources
Hit http://us.archive.ubuntu.com trusty-updates/restricted Sources
Hit http://security.ubuntu.com trusty-security/main i386 Packages
Hit http://us.archive.ubuntu.com trusty-updates/universe Sources
Hit http://security.ubuntu.com trusty-security/restricted i386 Packages
Hit http://us.archive.ubuntu.com trusty-updates/multiverse Sources
Hit http://security.ubuntu.com trusty-security/universe i386 Packages
Hit http://us.archive.ubuntu.com trusty-updates/main i386 Packages
Hit http://security.ubuntu.com trusty-security/multiverse i386 Packages
Hit http://us.archive.ubuntu.com trusty-updates/restricted i386 Packages
Hit http://security.ubuntu.com trusty-security/main Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/universe i386 Packages
Hit http://security.ubuntu.com trusty-security/multiverse Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/multiverse i386 Packages
Hit http://security.ubuntu.com trusty-security/restricted Translation-en
Ign http://packages.rcrowley.org trusty/main Translation-en_US
Hit http://us.archive.ubuntu.com trusty-updates/main Translation-en
Hit http://security.ubuntu.com trusty-security/universe Translation-en
Ign http://packages.rcrowley.org trusty/main Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/multiverse Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/restricted Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/universe Translation-en
Hit http://us.archive.ubuntu.com trusty-backports/main Sources
Hit http://us.archive.ubuntu.com trusty-backports/restricted Sources
Hit http://us.archive.ubuntu.com trusty-backports/universe Sources
Hit http://us.archive.ubuntu.com trusty-backports/multiverse Sources
Hit http://us.archive.ubuntu.com trusty-backports/main i386 Packages
Hit http://us.archive.ubuntu.com trusty-backports/restricted i386 Packages
Hit http://us.archive.ubuntu.com trusty-backports/universe i386 Packages
Hit http://us.archive.ubuntu.com trusty-backports/multiverse i386 Packages
Hit http://us.archive.ubuntu.com trusty-backports/main Translation-en
Hit http://us.archive.ubuntu.com trusty-backports/multiverse Translation-en
Hit http://us.archive.ubuntu.com trusty-backports/restricted Translation-en
Hit http://us.archive.ubuntu.com trusty-backports/universe Translation-en
Hit http://us.archive.ubuntu.com trusty Release
Hit http://us.archive.ubuntu.com trusty/main Sources
Hit http://us.archive.ubuntu.com trusty/restricted Sources
Hit http://us.archive.ubuntu.com trusty/universe Sources
Hit http://us.archive.ubuntu.com trusty/multiverse Sources
Hit http://us.archive.ubuntu.com trusty/main i386 Packages
Hit http://us.archive.ubuntu.com trusty/restricted i386 Packages
Hit http://us.archive.ubuntu.com trusty/universe i386 Packages
Hit http://us.archive.ubuntu.com trusty/multiverse i386 Packages
Hit http://us.archive.ubuntu.com trusty/main Translation-en
Hit http://us.archive.ubuntu.com trusty/multiverse Translation-en
Hit http://us.archive.ubuntu.com trusty/restricted Translation-en
Hit http://us.archive.ubuntu.com trusty/universe Translation-en
Ign http://us.archive.ubuntu.com trusty/main Translation-en_US
Ign http://us.archive.ubuntu.com trusty/multiverse Translation-en_US
Ign http://us.archive.ubuntu.com trusty/restricted Translation-en_US
Ign http://us.archive.ubuntu.com trusty/universe Translation-en_US
Reading package lists... Done
ftao
commented
8 years ago 明白了, 你的系统是32 位的。 http://packages.rcrowley.org/ 只提供了 64 位架构的。 你把系统改成 64位应该就好了。
alroyso
commented
8 years ago 那debian 的系统应该也是可以的吧。
ftao
commented
8 years ago debian 7 wheezy 64 位应该是可以的。
http://packages.rcrowley.org/dists/wheezy/main/binary-amd64/Packages
alroyso
commented
8 years ago root@cqwl:~/vpn-deploy-playbook# ansible-playbook openvpn.yml -l openvpn ERROR! The requested action was not found in configured module paths. Additionally, core modules are missing. If this is a checkout, run 'git submodule update --init --recursive' to correct this problem.
The error appears to have been in '/root/vpn-deploy-playbook/roles/ftao.certified/tasks/main.yml': line 3, column 3, but may be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
alroyso
commented
8 years ago 这是64 位系统上面的
ftao
commented
8 years ago Additionally, core modules are missing
感觉你ansible 没有装好啊。
pip install -U ansible 重装一下吧。 或者你看一下 ansible 的文档是否还要什么依赖包。
fatal: [vpn.saiweivpn.com] => {'msg': "AnsibleError: Failed to template {{ lookup('file', inventory_dir + '/cred/openvpn/server.key') }}: could not locate file in lookup: /root/vpn-deploy-playbook/cred/openvpn/server.key", 'failed': True} fatal: [vpn.saiweivpn.com] => {'msg': 'One or more items failed.', 'failed': True, 'changed': False, 'results': [{'msg': "AnsibleError: Failed to template {{ lookup('file', inventory_dir + '/cred/openvpn/server.key') }}: could not locate file in lookup: /root/vpn-deploy-playbook/cred/openvpn/server.key", 'failed': True}]}