Closed Ali-dono closed 2 years ago
I can recreate this error if I use a DigitalOcean Personal Access Token without Write permission. Make sure your Token has both Read and Write permission. See DigitalOcean cloud setup.
I can recreate this error if I use a DigitalOcean Personal Access Token without Write permission. Make sure your Token has both Read and Write permission. See DigitalOcean cloud setup.
in the digitalocean cloud setup the steps said this "On the Tokens/Keys tab, select Generate New Token. A dialog will pop up. In that dialog, give your new token a name, and make sure Write is checked off. Click the Generate Token button when you are ready."
Is it the phrase "checked off" that's confusing? It is intended to mean "checked", not "unchecked".
Is it the phrase "checked off" that's confusing? It is intended to mean "checked", not "unchecked".
well, the screenshot has the box checked but i thought it was a mistake and i followed what was written, i'm editting the token now and checking if the error still exist, thanks a lot
I now get a new error :
TASK [strongswan : Build the client's pair] ************************************
failed: [45.55.57.199 -> localhost] (item=mi 10t) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:mi 10t@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -keyout private/mi 10t.key -out reqs/mi 10t.req -nodes -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=mi 10t\" -batch && openssl ca -utf8 -in reqs/mi 10t.req -out certs/mi 10t.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:mi 10t@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -days 3650 -batch -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=mi 10t\" && touch certs/mi 10t_crt_generated\n", "delta": "0:00:00.013103", "end": "2021-11-26 21:57:10.753380", "item": "mi 10t", "msg": "non-zero return code", "rc": 1, "start": "2021-11-26 21:57:10.740277", "stderr": "req: Use -help for summary.", "stderr_lines": ["req: Use -help for summary."], "stdout": "", "stdout_lines": []}
failed: [45.55.57.199 -> localhost] (item=my pc) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:my pc@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -keyout private/my pc.key -out reqs/my pc.req -nodes -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=my pc\" -batch && openssl ca -utf8 -in reqs/my pc.req -out certs/my pc.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:my pc@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -days 3650 -batch -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=my pc\" && touch certs/my pc_crt_generated\n", "delta": "0:00:00.015487", "end": "2021-11-26 21:57:11.046869", "item": "my pc", "msg": "non-zero return code", "rc": 1, "start": "2021-11-26 21:57:11.031382", "stderr": "req: Use -help for summary.", "stderr_lines": ["req: Use -help for summary."], "stdout": "", "stdout_lines": []}
failed: [45.55.57.199 -> localhost] (item=laptop koki) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:laptop koki@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -keyout private/laptop koki.key -out reqs/laptop koki.req -nodes -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=laptop koki\" -batch && openssl ca -utf8 -in reqs/laptop koki.req -out certs/laptop koki.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:laptop koki@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -days 3650 -batch -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=laptop koki\" && touch certs/laptop koki_crt_generated\n", "delta": "0:00:00.014182", "end": "2021-11-26 21:57:11.316205", "item": "laptop koki", "msg": "non-zero return code", "rc": 1, "start": "2021-11-26 21:57:11.302023", "stderr": "req: Use -help for summary.", "stderr_lines": ["req: Use -help for summary."], "stdout": "", "stdout_lines": []}
failed: [45.55.57.199 -> localhost] (item=laptop yusef) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:laptop yusef@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -keyout private/laptop yusef.key -out reqs/laptop yusef.req -nodes -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=laptop yusef\" -batch && openssl ca -utf8 -in reqs/laptop yusef.req -out certs/laptop yusef.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:laptop yusef@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -days 3650 -batch -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=laptop yusef\" && touch certs/laptop yusef_crt_generated\n", "delta": "0:00:00.013901", "end": "2021-11-26 21:57:11.593274", "item": "laptop yusef", "msg": "non-zero return code", "rc": 1, "start": "2021-11-26 21:57:11.579373", "stderr": "req: Use -help for summary.", "stderr_lines": ["req: Use -help for summary."], "stdout": "", "stdout_lines": []}
TASK [Fail the installation] ***************************************************
fatal: [45.55.57.199]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP *********************************************************************
45.55.57.199 : ok=93 changed=56 unreachable=0 failed=1 skipped=12 rescued=1 ignored=0
localhost : ok=39 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0
Full log
./algo
-bash: ./algo: Is a directory
root@ubuntu-vpn-ny:~# cd al
-bash: cd: al: No such file or directory
root@ubuntu-vpn-ny:~# cd algo/
root@ubuntu-vpn-ny:~/algo# ./algo
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [Playbook dir stat] *******************************************************
ok: [localhost]
TASK [Ensure Ansible is not being run in a world writable directory] ***********
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: The value '' is not a valid IP address or network, passing this
value to ipaddr filter might result in breaking change in future.
TASK [Ensure the requirements installed] ***************************************
ok: [localhost]
TASK [Set required ansible version as a fact] **********************************
ok: [localhost] => (item=ansible-core==2.11.3)
TASK [Verify Python meets Algo VPN requirements] *******************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Verify Ansible meets Algo VPN requirements] ******************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log
PLAY [Ask user for the input] **************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Hetzner Cloud
7. Vultr
8. Scaleway
9. OpenStack (DreamCompute optimised)
10. CloudStack (Exoscale optimised)
11. Linode
12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
Enter the number of your desired provider
:
1^M
TASK [Cloud prompt] ************************************************************
ok: [localhost]
TASK [Set facts based on the input] ********************************************
ok: [localhost]
[VPN server name prompt]
Name the vpn server
[algo]
:
^M
TASK [VPN server name prompt] **************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
n^M
TASK [Cellular On Demand prompt] ***********************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
n^M
TASK [Wi-Fi On Demand prompt] **************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
y^M
TASK [Retain the PKI prompt] ***************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
y^M
TASK [DNS adblocking prompt] ***************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
y^M
TASK [SSH tunneling prompt] ****************************************************
ok: [localhost]
TASK [Set facts based on the input] ********************************************
ok: [localhost]
PLAY [Provision the server] ****************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
--> Please include the following block of text when reporting issues:
Algo running on: Ubuntu 20.04.3 LTS (Virtualized: kvm)
Created from git clone. Last commit: de1e909 Update cloud-linode.md (#14348)
Python 3.8.10
Runtime variables:
algo_provider "digitalocean"
algo_ondemand_cellular "False"
algo_ondemand_wifi "False"
algo_ondemand_wifi_exclude "X251bGw="
algo_dns_adblocking "True"
algo_ssh_tunneling "True"
wireguard_enabled "True"
dns_encryption "True"
TASK [Display the invocation environment] **************************************
changed: [localhost -> localhost]
TASK [Install the requirements] ************************************************
ok: [localhost -> localhost]
TASK [Generate the SSH private key] ********************************************
ok: [localhost]
TASK [Generate the SSH public key] *********************************************
ok: [localhost]
TASK [Copy the private SSH key to /tmp] ****************************************
ok: [localhost -> localhost]
TASK [Include a provisioning role] *********************************************
[cloud-digitalocean : pause]
Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens):
(output is hidden):
TASK [cloud-digitalocean : pause] **********************************************
ok: [localhost]
TASK [cloud-digitalocean : Set the token as a fact] ****************************
ok: [localhost]
TASK [cloud-digitalocean : Get regions] ****************************************
ok: [localhost]
TASK [cloud-digitalocean : Set facts about the regions] ************************
ok: [localhost]
TASK [cloud-digitalocean : Set default region] *********************************
ok: [localhost]
[cloud-digitalocean : pause]
What region should the server be located in?
1. ams2 Amsterdam 2
2. ams3 Amsterdam 3
3. blr1 Bangalore 1
4. fra1 Frankfurt 1
5. lon1 London 1
6. nyc1 New York 1
7. nyc2 New York 2
8. nyc3 New York 3
9. sfo1 San Francisco 1
10. sfo2 San Francisco 2
11. sfo3 San Francisco 3
12. sgp1 Singapore 1
13. tor1 Toronto 1
Enter the number of your desired region
[8]
:
8^M
TASK [cloud-digitalocean : pause] **********************************************
ok: [localhost]
TASK [cloud-digitalocean : Set additional facts] *******************************
ok: [localhost]
TASK [cloud-digitalocean : Upload the SSH key] *********************************
ok: [localhost]
TASK [cloud-digitalocean : Creating a droplet...] ******************************
changed: [localhost]
TASK [cloud-digitalocean : set_fact] *******************************************
ok: [localhost]
TASK [Set subjectAltName as a fact] ********************************************
ok: [localhost]
TASK [Add the server to an inventory group] ************************************
changed: [localhost]
TASK [Additional variables for the server] *************************************
changed: [localhost]
TASK [Wait until SSH becomes ready...] *****************************************
ok: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"IP_subject_alt_name": "45.55.57.199"
}
TASK [Wait 600 seconds for target connection to become reachable/usable] *******
ok: [localhost -> 45.55.57.199] => (item=45.55.57.199)
PLAY [Configure the server and install required software] **********************
TASK [Wait until the cloud-init completed] *************************************
ok: [45.55.57.199]
TASK [Ensure the config directory exists] **************************************
changed: [45.55.57.199 -> localhost]
TASK [Dump the ssh config] *****************************************************
changed: [45.55.57.199 -> localhost]
TASK [common : Check the system] ***********************************************
ok: [45.55.57.199]
TASK [common : include_tasks] **************************************************
included: /root/algo/roles/common/tasks/ubuntu.yml for 45.55.57.199
TASK [common : Gather facts] ***************************************************
ok: [45.55.57.199]
TASK [common : Install software updates] ***************************************
ok: [45.55.57.199]
TASK [common : Check if reboot is required] ************************************
changed: [45.55.57.199]
TASK [common : Reboot] *********************************************************
changed: [45.55.57.199]
TASK [common : Wait until the server becomes ready...] *************************
ok: [45.55.57.199]
TASK [common : Install unattended-upgrades] ************************************
ok: [45.55.57.199]
TASK [common : Configure unattended-upgrades] **********************************
changed: [45.55.57.199]
TASK [common : Periodic upgrades configured] ***********************************
changed: [45.55.57.199]
TASK [common : Disable MOTD on login and SSHD] *********************************
changed: [45.55.57.199] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'})
changed: [45.55.57.199] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})
[WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created
with a mode of 0700, this may cause issues when running as another user. To
avoid this, create the remote_tmp dir with the correct permissions manually
TASK [common : Ensure fallback resolvers are set] ******************************
changed: [45.55.57.199]
TASK [common : Loopback for services configured] *******************************
changed: [45.55.57.199]
TASK [common : systemd services enabled and started] ***************************
ok: [45.55.57.199] => (item=systemd-networkd)
ok: [45.55.57.199] => (item=systemd-resolved)
RUNNING HANDLER [common : restart systemd-networkd] ****************************
changed: [45.55.57.199]
RUNNING HANDLER [common : restart systemd-resolved] ****************************
changed: [45.55.57.199]
TASK [common : Check apparmor support] *****************************************
ok: [45.55.57.199]
TASK [common : Set fact if apparmor enabled] ***********************************
ok: [45.55.57.199]
TASK [common : Define facts] ***************************************************
ok: [45.55.57.199]
TASK [common : Set facts] ******************************************************
ok: [45.55.57.199]
TASK [common : Set IPv6 support as a fact] *************************************
ok: [45.55.57.199]
TASK [common : Check size of MTU] **********************************************
ok: [45.55.57.199]
TASK [common : Set OS specific facts] ******************************************
ok: [45.55.57.199]
TASK [common : Install tools] **************************************************
changed: [45.55.57.199]
TASK [common : include_tasks] **************************************************
included: /root/algo/roles/common/tasks/iptables.yml for 45.55.57.199
TASK [common : Iptables configured] ********************************************
changed: [45.55.57.199] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})
TASK [common : Iptables configured] ********************************************
changed: [45.55.57.199] => (item={'src': 'rules.v6.j2', 'dest': '/etc/iptables/rules.v6'})
TASK [common : Sysctl tuning] **************************************************
changed: [45.55.57.199] => (item={'item': 'net.ipv4.ip_forward', 'value': 1})
changed: [45.55.57.199] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})
changed: [45.55.57.199] => (item={'item': 'net.ipv6.conf.all.forwarding', 'value': 1})
RUNNING HANDLER [common : restart iptables] ************************************
changed: [45.55.57.199]
TASK [dns : Include tasks for Ubuntu] ******************************************
included: /root/algo/roles/dns/tasks/ubuntu.yml for 45.55.57.199
TASK [dns : Install dnscrypt-proxy] ********************************************
changed: [45.55.57.199]
TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] *************
changed: [45.55.57.199]
TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ***************
ok: [45.55.57.199]
TASK [dns : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ***
changed: [45.55.57.199]
TASK [dns : Ubuntu | Add custom requirements to successfully start the unit] ***
changed: [45.55.57.199]
TASK [dns : dnscrypt-proxy ip-blacklist configured] ****************************
changed: [45.55.57.199]
TASK [dns : dnscrypt-proxy configured] *****************************************
changed: [45.55.57.199]
TASK [dns : Adblock script created] ********************************************
changed: [45.55.57.199]
TASK [dns : Adblock script added to cron] **************************************
changed: [45.55.57.199]
TASK [dns : Update adblock hosts] **********************************************
ok: [45.55.57.199]
[WARNING]: flush_handlers task does not support when conditional
RUNNING HANDLER [dns : restart dnscrypt-proxy] *********************************
changed: [45.55.57.199]
TASK [dns : dnscrypt-proxy enabled and started] ********************************
ok: [45.55.57.199]
TASK [wireguard : Ensure the required directories exist] ***********************
changed: [45.55.57.199 -> localhost] => (item=configs/45.55.57.199/wireguard//.pki//preshared)
changed: [45.55.57.199 -> localhost] => (item=configs/45.55.57.199/wireguard//.pki//private)
changed: [45.55.57.199 -> localhost] => (item=configs/45.55.57.199/wireguard//.pki//public)
changed: [45.55.57.199 -> localhost] => (item=configs/45.55.57.199/wireguard//apple/ios)
changed: [45.55.57.199 -> localhost] => (item=configs/45.55.57.199/wireguard//apple/macos)
TASK [wireguard : Include tasks for Ubuntu] ************************************
included: /root/algo/roles/wireguard/tasks/ubuntu.yml for 45.55.57.199
TASK [wireguard : WireGuard installed] *****************************************
changed: [45.55.57.199]
TASK [wireguard : Set OS specific facts] ***************************************
ok: [45.55.57.199]
TASK [wireguard : Generate private keys] ***************************************
changed: [45.55.57.199] => (item=mi 10t)
changed: [45.55.57.199] => (item=my pc)
changed: [45.55.57.199] => (item=laptop koki)
changed: [45.55.57.199] => (item=laptop yusef)
changed: [45.55.57.199] => (item=45.55.57.199)
TASK [wireguard : Save private keys] *******************************************
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost]
TASK [wireguard : Touch the lock file] *****************************************
changed: [45.55.57.199] => (item=mi 10t)
changed: [45.55.57.199] => (item=my pc)
changed: [45.55.57.199] => (item=laptop koki)
changed: [45.55.57.199] => (item=laptop yusef)
changed: [45.55.57.199] => (item=45.55.57.199)
TASK [wireguard : Generate preshared keys] *************************************
changed: [45.55.57.199] => (item=mi 10t)
changed: [45.55.57.199] => (item=my pc)
changed: [45.55.57.199] => (item=laptop koki)
changed: [45.55.57.199] => (item=laptop yusef)
changed: [45.55.57.199] => (item=45.55.57.199)
TASK [wireguard : Save preshared keys] *****************************************
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost]
TASK [wireguard : Touch the preshared lock file] *******************************
changed: [45.55.57.199] => (item=mi 10t)
changed: [45.55.57.199] => (item=my pc)
changed: [45.55.57.199] => (item=laptop koki)
changed: [45.55.57.199] => (item=laptop yusef)
changed: [45.55.57.199] => (item=45.55.57.199)
TASK [wireguard : Generate public keys] ****************************************
ok: [45.55.57.199] => (item=mi 10t)
ok: [45.55.57.199] => (item=my pc)
ok: [45.55.57.199] => (item=laptop koki)
ok: [45.55.57.199] => (item=laptop yusef)
ok: [45.55.57.199] => (item=45.55.57.199)
TASK [wireguard : Save public keys] ********************************************
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost] => (item=None)
changed: [45.55.57.199 -> localhost]
TASK [wireguard : WireGuard user list updated] *********************************
changed: [45.55.57.199 -> localhost] => (item=mi 10t)
changed: [45.55.57.199 -> localhost] => (item=my pc)
changed: [45.55.57.199 -> localhost] => (item=laptop koki)
changed: [45.55.57.199 -> localhost] => (item=laptop yusef)
TASK [wireguard : set_fact] ****************************************************
ok: [45.55.57.199 -> localhost]
TASK [wireguard : WireGuard users config generated] ****************************
changed: [45.55.57.199 -> localhost] => (item=[0, 'mi 10t'])
changed: [45.55.57.199 -> localhost] => (item=[1, 'my pc'])
changed: [45.55.57.199 -> localhost] => (item=[2, 'laptop koki'])
changed: [45.55.57.199 -> localhost] => (item=[3, 'laptop yusef'])
TASK [wireguard : include_tasks] ***********************************************
included: /root/algo/roles/wireguard/tasks/mobileconfig.yml for 45.55.57.199 => (item=ios)
included: /root/algo/roles/wireguard/tasks/mobileconfig.yml for 45.55.57.199 => (item=macos)
TASK [wireguard : WireGuard apple mobileconfig generated] **********************
changed: [45.55.57.199 -> localhost] => (item=[0, 'mi 10t'])
changed: [45.55.57.199 -> localhost] => (item=[1, 'my pc'])
changed: [45.55.57.199 -> localhost] => (item=[2, 'laptop koki'])
changed: [45.55.57.199 -> localhost] => (item=[3, 'laptop yusef'])
TASK [wireguard : WireGuard apple mobileconfig generated] **********************
changed: [45.55.57.199 -> localhost] => (item=[0, 'mi 10t'])
changed: [45.55.57.199 -> localhost] => (item=[1, 'my pc'])
changed: [45.55.57.199 -> localhost] => (item=[2, 'laptop koki'])
changed: [45.55.57.199 -> localhost] => (item=[3, 'laptop yusef'])
TASK [wireguard : Generate QR codes] *******************************************
ok: [45.55.57.199 -> localhost] => (item=[0, 'mi 10t'])
ok: [45.55.57.199 -> localhost] => (item=[1, 'my pc'])
ok: [45.55.57.199 -> localhost] => (item=[2, 'laptop koki'])
ok: [45.55.57.199 -> localhost] => (item=[3, 'laptop yusef'])
TASK [wireguard : WireGuard configured] ****************************************
changed: [45.55.57.199]
TASK [wireguard : WireGuard enabled and started] *******************************
changed: [45.55.57.199]
RUNNING HANDLER [wireguard : restart wireguard] ********************************
changed: [45.55.57.199]
TASK [strongswan : include_tasks] **********************************************
included: /root/algo/roles/strongswan/tasks/ubuntu.yml for 45.55.57.199
TASK [strongswan : Set OS specific facts] **************************************
ok: [45.55.57.199]
TASK [strongswan : Ubuntu | Install strongSwan] ********************************
changed: [45.55.57.199]
TASK [strongswan : Ubuntu | Charon profile for apparmor configured] ************
changed: [45.55.57.199]
TASK [strongswan : Ubuntu | Enforcing ipsec with apparmor] *********************
ok: [45.55.57.199] => (item=/usr/lib/ipsec/charon)
ok: [45.55.57.199] => (item=/usr/lib/ipsec/lookip)
ok: [45.55.57.199] => (item=/usr/lib/ipsec/stroke)
TASK [strongswan : Ubuntu | Enable services] ***********************************
ok: [45.55.57.199] => (item=apparmor)
ok: [45.55.57.199] => (item=strongswan-starter)
ok: [45.55.57.199] => (item=netfilter-persistent)
TASK [strongswan : Ubuntu | Ensure that the strongswan service directory exists] ***
changed: [45.55.57.199]
TASK [strongswan : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ***
changed: [45.55.57.199]
TASK [strongswan : Ensure that the strongswan user exists] *********************
ok: [45.55.57.199]
TASK [strongswan : Install strongSwan] *****************************************
ok: [45.55.57.199]
TASK [strongswan : Setup the config files from our templates] ******************
changed: [45.55.57.199] => (item={'src': 'strongswan.conf.j2', 'dest': 'strongswan.conf', 'owner': 'root', 'group': 'root', 'mode': '0644'})
changed: [45.55.57.199] => (item={'src': 'ipsec.conf.j2', 'dest': 'ipsec.conf', 'owner': 'root', 'group': 'root', 'mode': '0644'})
changed: [45.55.57.199] => (item={'src': 'ipsec.secrets.j2', 'dest': 'ipsec.secrets', 'owner': 'strongswan', 'group': 'root', 'mode': '0600'})
changed: [45.55.57.199] => (item={'src': 'charon.conf.j2', 'dest': 'strongswan.d/charon.conf', 'owner': 'root', 'group': 'root', 'mode': '0644'})
TASK [strongswan : Get loaded plugins] *****************************************
ok: [45.55.57.199]
TASK [strongswan : Disable unneeded plugins] ***********************************
changed: [45.55.57.199] => (item=eap-mschapv2)
changed: [45.55.57.199] => (item=dnskey)
changed: [45.55.57.199] => (item=md5)
changed: [45.55.57.199] => (item=xcbc)
changed: [45.55.57.199] => (item=sha1)
changed: [45.55.57.199] => (item=agent)
changed: [45.55.57.199] => (item=attr)
changed: [45.55.57.199] => (item=aesni)
changed: [45.55.57.199] => (item=connmark)
changed: [45.55.57.199] => (item=drbg)
changed: [45.55.57.199] => (item=updown)
changed: [45.55.57.199] => (item=sshkey)
changed: [45.55.57.199] => (item=gmp)
changed: [45.55.57.199] => (item=counters)
changed: [45.55.57.199] => (item=bypass-lan)
changed: [45.55.57.199] => (item=mgf1)
changed: [45.55.57.199] => (item=fips-prf)
changed: [45.55.57.199] => (item=constraints)
changed: [45.55.57.199] => (item=xauth-generic)
changed: [45.55.57.199] => (item=resolve)
changed: [45.55.57.199] => (item=pkcs1)
changed: [45.55.57.199] => (item=rc2)
TASK [strongswan : Ensure that required plugins are enabled] *******************
changed: [45.55.57.199] => (item=revocation)
changed: [45.55.57.199] => (item=pkcs8)
changed: [45.55.57.199] => (item=gcm)
changed: [45.55.57.199] => (item=nonce)
changed: [45.55.57.199] => (item=hmac)
changed: [45.55.57.199] => (item=openssl)
changed: [45.55.57.199] => (item=kernel-netlink)
changed: [45.55.57.199] => (item=socket-default)
changed: [45.55.57.199] => (item=pkcs12)
changed: [45.55.57.199] => (item=sha2)
changed: [45.55.57.199] => (item=stroke)
changed: [45.55.57.199] => (item=aes)
changed: [45.55.57.199] => (item=random)
changed: [45.55.57.199] => (item=pubkey)
changed: [45.55.57.199] => (item=pgp)
changed: [45.55.57.199] => (item=pem)
changed: [45.55.57.199] => (item=pkcs7)
changed: [45.55.57.199] => (item=x509)
TASK [strongswan : debug] ******************************************************
ok: [45.55.57.199 -> localhost] => {
"subjectAltName": "IP:45.55.57.199,IP:2604:a880:800:10::72a:5001"
}
TASK [strongswan : Ensure the pki directories exist] ***************************
changed: [45.55.57.199 -> localhost] => (item=ecparams)
changed: [45.55.57.199 -> localhost] => (item=certs)
changed: [45.55.57.199 -> localhost] => (item=crl)
changed: [45.55.57.199 -> localhost] => (item=newcerts)
changed: [45.55.57.199 -> localhost] => (item=private)
changed: [45.55.57.199 -> localhost] => (item=public)
changed: [45.55.57.199 -> localhost] => (item=reqs)
TASK [strongswan : Ensure the config directories exist] ************************
changed: [45.55.57.199 -> localhost] => (item=apple)
changed: [45.55.57.199 -> localhost] => (item=manual)
TASK [strongswan : Ensure the files exist] *************************************
changed: [45.55.57.199 -> localhost] => (item=.rnd)
changed: [45.55.57.199 -> localhost] => (item=private/.rnd)
changed: [45.55.57.199 -> localhost] => (item=index.txt)
changed: [45.55.57.199 -> localhost] => (item=index.txt.attr)
changed: [45.55.57.199 -> localhost] => (item=serial)
TASK [strongswan : Generate the openssl server configs] ************************
changed: [45.55.57.199 -> localhost]
TASK [strongswan : Build the CA pair] ******************************************
changed: [45.55.57.199 -> localhost]
TASK [strongswan : Copy the CA certificate] ************************************
changed: [45.55.57.199 -> localhost]
TASK [strongswan : Generate the serial number] *********************************
changed: [45.55.57.199 -> localhost]
TASK [strongswan : Build the server pair] **************************************
changed: [45.55.57.199 -> localhost]
TASK [strongswan : Build the client's pair] ************************************
failed: [45.55.57.199 -> localhost] (item=mi 10t) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:mi 10t@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -keyout private/mi 10t.key -out reqs/mi 10t.req -nodes -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=mi 10t\" -batch && openssl ca -utf8 -in reqs/mi 10t.req -out certs/mi 10t.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:mi 10t@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -days 3650 -batch -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=mi 10t\" && touch certs/mi 10t_crt_generated\n", "delta": "0:00:00.013103", "end": "2021-11-26 21:57:10.753380", "item": "mi 10t", "msg": "non-zero return code", "rc": 1, "start": "2021-11-26 21:57:10.740277", "stderr": "req: Use -help for summary.", "stderr_lines": ["req: Use -help for summary."], "stdout": "", "stdout_lines": []}
failed: [45.55.57.199 -> localhost] (item=my pc) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:my pc@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -keyout private/my pc.key -out reqs/my pc.req -nodes -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=my pc\" -batch && openssl ca -utf8 -in reqs/my pc.req -out certs/my pc.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:my pc@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -days 3650 -batch -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=my pc\" && touch certs/my pc_crt_generated\n", "delta": "0:00:00.015487", "end": "2021-11-26 21:57:11.046869", "item": "my pc", "msg": "non-zero return code", "rc": 1, "start": "2021-11-26 21:57:11.031382", "stderr": "req: Use -help for summary.", "stderr_lines": ["req: Use -help for summary."], "stdout": "", "stdout_lines": []}
failed: [45.55.57.199 -> localhost] (item=laptop koki) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:laptop koki@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -keyout private/laptop koki.key -out reqs/laptop koki.req -nodes -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=laptop koki\" -batch && openssl ca -utf8 -in reqs/laptop koki.req -out certs/laptop koki.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:laptop koki@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -days 3650 -batch -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=laptop koki\" && touch certs/laptop koki_crt_generated\n", "delta": "0:00:00.014182", "end": "2021-11-26 21:57:11.316205", "item": "laptop koki", "msg": "non-zero return code", "rc": 1, "start": "2021-11-26 21:57:11.302023", "stderr": "req: Use -help for summary.", "stderr_lines": ["req: Use -help for summary."], "stdout": "", "stdout_lines": []}
failed: [45.55.57.199 -> localhost] (item=laptop yusef) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:laptop yusef@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -keyout private/laptop yusef.key -out reqs/laptop yusef.req -nodes -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=laptop yusef\" -batch && openssl ca -utf8 -in reqs/laptop yusef.req -out certs/laptop yusef.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:laptop yusef@2b9d4e15-3934-5ba4-8c27-3b0015ffdccc.algo\")) -days 3650 -batch -passin pass:\"hsNUiJcqqc_uJvWx\" -subj \"/CN=laptop yusef\" && touch certs/laptop yusef_crt_generated\n", "delta": "0:00:00.013901", "end": "2021-11-26 21:57:11.593274", "item": "laptop yusef", "msg": "non-zero return code", "rc": 1, "start": "2021-11-26 21:57:11.579373", "stderr": "req: Use -help for summary.", "stderr_lines": ["req: Use -help for summary."], "stdout": "", "stdout_lines": []}
TASK [include_tasks] ***********************************************************
included: /root/algo/playbooks/rescue.yml for 45.55.57.199
TASK [debug] *******************************************************************
ok: [45.55.57.199] => {
"fail_hint": [
"Sorry, but something went wrong!",
"Please check the troubleshooting guide.",
"https://trailofbits.github.io/algo/troubleshooting.html"
]
}
TASK [Fail the installation] ***************************************************
fatal: [45.55.57.199]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP *********************************************************************
45.55.57.199 : ok=93 changed=56 unreachable=0 failed=1 skipped=12 rescued=1 ignored=0
localhost : ok=39 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0
You can't have spaces in user names.
You can't have spaces in user names.
still getting the same error, so i removed some users and kept one, still the same error
here is the config txt
# This is the list of users to generate.
# Every device must have a unique user.
# You can add up to 65,534 new users over the lifetime of an AlgoVPN.
# User names with leading 0's or containing only numbers should be escaped in d>
# Email addresses are not allowed.
users:
- mypc
### Review these options BEFORE you run Algo, as they are very difficult/imposs>
is the space between " - " and the word count as space?
I tried writing in many different ways and still getting the same error.. not sure what i'm doing wrong
I'm not sure what's wrong either. Maybe start with a fresh copy of Algo and see if you can deploy with the default users.
Describe the bug
new unmodified Ubuntu 20.04 version:
install from windows 10 the error i get is
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Algo installed successfully
Full log