search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.98k stars 2.32k forks source link

TASK [cloud-digitalocean : Get regions] #14221

Closed omrahm closed 3 years ago

omrahm commented 3 years ago

Describe The Bug

I am trying to run algo on a digital ocean droplet, but it is failing due to an error.

To Reproduce

Steps to reproduce the behavior:

  1. Be on 5$ DigitalOcean Droplet (1 GB memory, 1 CPU, 25 GB SSD, 1000 GB Transfer)
  2. Run algo

Expected behavior

Algo starts successfully.

Additional context

The error: 

TASK [cloud-digitalocean : Get regions] ***************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"cf_cache_status": "DYNAMIC", "cf_ray": "6570b343fb99dd97-SIN", "cf_request_id": "0a5a4e5e7e0000dd979b81b000000001", "changed": false, "connection": "close", "content": "400 Bad Request: invalid header value", "content_type": "text/plain; charset=utf-8", "date": "Sat, 29 May 2021 15:19:18 GMT", "elapsed": 0, "expect_ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"", "msg": "Status code was 400 and not [200]: HTTP Error 400: Bad Request: invalid header value", "redirected": false, "server": "cloudflare", "set_cookie": "__cf_bm=59e04400c14f1e999f056749ec3bdb7d82fd9fd1-1622301558-1800-ARMkTBmFHyZlRtGG2xnuQXBknlrGcqxjPQkiU7LoConJRqvBOsoA3GS7ULNpmH3DdA==; path=/; expires=Sat, 29-May-21 15:49:18 GMT; domain=.digitalocean.com; HttpOnly; Secure; SameSite=None", "status": 400, "transfer_encoding": "chunked", "url": "https://api.digitalocean.com/v2/regions"}
included: /root/algo/playbooks/rescue.yml for localhost

Full log

[WARNING]: Could not match supplied host pattern, ignoring: vpn-host

PLAY [localhost] **************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Playbook dir stat] ******************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Ensure Ansible is not being run in a world writable directory] **********************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Ensure the requirements installed] **************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set required ansible version as a fact] *********************************************************************************************************************************************************************
ok: [localhost] => (item=ansible==2.9.7)

TASK [Verify Python meets Algo VPN requirements] ******************************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verify Ansible meets Algo VPN requirements] *****************************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log

PLAY [Ask user for the input] *************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Microsoft Azure
    5. Google Compute Engine
    6. Hetzner Cloud
    7. Vultr
    8. Scaleway
    9. OpenStack (DreamCompute optimised)
    10. CloudStack (Exoscale optimised)
    11. Linode
    12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)

Enter the number of your desired provider
:

TASK [Cloud prompt] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *******************************************************************************************************************************************************************************
ok: [localhost]
[VPN server name prompt]
Name the vpn server
[algo]
:

TASK [VPN server name prompt] *************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:

TASK [Cellular On Demand prompt] **********************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
y^M
TASK [Wi-Fi On Demand prompt] *************************************************************************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:

TASK [Trusted Wi-Fi networks prompt] ******************************************************************************************************************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:

TASK [Retain the PKI prompt] **************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:

TASK [DNS adblocking prompt] **************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:

TASK [SSH tunneling prompt] ***************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *******************************************************************************************************************************************************************************
ok: [localhost]

PLAY [Provision the server] ***************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 20.04.2 LTS (Virtualized: kvm)
Created from git clone. Last commit: 728b8aa Install required version of jinja2 earlier (#14206)
Python 3.8.5
Runtime variables:
    algo_provider "digitalocean"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "True"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_dns_adblocking "False"
    algo_ssh_tunneling "False"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] *************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Install the requirements] ***********************************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [Generate the SSH private key] *******************************************************************************************************************************************************************************
ok: [localhost]

TASK [Generate the SSH public key] ********************************************************************************************************************************************************************************
ok: [localhost]

TASK [Copy the private SSH key to /tmp] ***************************************************************************************************************************************************************************
ok: [localhost -> localhost]
[cloud-digitalocean : pause]
Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens):
 (output is hidden):

TASK [cloud-digitalocean : pause] *********************************************************************************************************************************************************************************
ok: [localhost]

TASK [cloud-digitalocean : Set the token as a fact] ***************************************************************************************************************************************************************
ok: [localhost]

TASK [cloud-digitalocean : Get regions] ***************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"cf_cache_status": "DYNAMIC", "cf_ray": "6570b343fb99dd97-SIN", "cf_request_id": "0a5a4e5e7e0000dd979b81b000000001", "changed": false, "connection": "close", "content": "400 Bad Request: invalid header value", "content_type": "text/plain; charset=utf-8", "date": "Sat, 29 May 2021 15:19:18 GMT", "elapsed": 0, "expect_ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"", "msg": "Status code was 400 and not [200]: HTTP Error 400: Bad Request: invalid header value", "redirected": false, "server": "cloudflare", "set_cookie": "__cf_bm=59e04400c14f1e999f056749ec3bdb7d82fd9fd1-1622301558-1800-ARMkTBmFHyZlRtGG2xnuQXBknlrGcqxjPQkiU7LoConJRqvBOsoA3GS7ULNpmH3DdA==; path=/; expires=Sat, 29-May-21 15:49:18 GMT; domain=.digitalocean.com; HttpOnly; Secure; SameSite=None", "status": 400, "transfer_encoding": "chunked", "url": "https://api.digitalocean.com/v2/regions"}
included: /root/algo/playbooks/rescue.yml for localhost

TASK [debug] ******************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [Fail the installation] **************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP ********************************************************************************************************************************************************************************************************
localhost                  : ok=28   changed=1    unreachable=0    failed=1    skipped=0    rescued=1    ignored=0
davidemyers commented 3 years ago

When you choose the option:

1. DigitalOcean

Algo attempts to create the Droplet for you. But if you've already created the Droplet, you should choose the option:

12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
omrahm commented 3 years ago

When you choose the option:

1. DigitalOcean

Algo attempts to create the Droplet for you. But if you've already created the Droplet, you should choose the option:

12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)

@davidemyers Yes, I figured that out as it created another droplet, thanks.

Now, when selecting 12, I get this error:

TASK [Create a symlink if deploying to localhost] **************************************                  fatal: [localhost]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "msg": "the directory configs/localhost is not empty, refusing to convert it", "owner": "root", "path": "configs/localhost", "size": 4096, "state": "directory", "uid": 0}
included: /root/algo/playbooks/rescue.yml for localhost
davidemyers commented 3 years ago

See if this item in the Troubleshooting document helps.

omrahm commented 3 years ago

See if this item in the Troubleshooting document helps.

Thank you, it's working now.