trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.92k stars 2.32k forks source link

Failed to fetch dnscrypt-proxy #14474

Closed Wikwoj0512 closed 2 years ago

Wikwoj0512 commented 2 years ago

I am trying to install Algo on Debian 11 using ubuntu install on my VPS server. Everything works just fine untill it tries to install dnscrypt-proxy.

It tries to fetch it from http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu bullseye Release although it is not available under this url.

I have installed it manually and it did work without a problem, but it still fails to install it via the Algo installer what fails the whole installation.

Is there a way to just skip the automated installation of dnscrypt-proxy and just install it manually?

Expected behavior

After the manual installation i expected the installer to just skip it's installation and proceed.

Additional context

I tried to edit packages.list file, but id didn't change anything

Full log

PLAY [localhost] ****

TASK [Gathering Facts] ** ok: [localhost]

TASK [Playbook dir stat] **** ok: [localhost]

TASK [Ensure Ansible is not being run in a world writable directory] **** ok: [localhost] => { "changed": false, "msg": "All assertions passed" } [WARNING]: The value '' is not a valid IP address or network, passing this value to ipaddr filter might result in breaking change in future.

TASK [Ensure the requirements installed] **** ok: [localhost]

TASK [Set required ansible version as a fact] *** ok: [localhost] => (item=ansible-core==2.12.3)

TASK [Verify Python meets Algo VPN requirements] **** ok: [localhost] => { "changed": false, "msg": "All assertions passed" }

TASK [Verify Ansible meets Algo VPN requirements] *** ok: [localhost] => { "changed": false, "msg": "All assertions passed" } [WARNING]: Found variable using reserved name: no_log

PLAY [Ask user for the input] ***

TASK [Gathering Facts] ** ok: [localhost] [Cloud prompt] What provider would you like to use?

  1. DigitalOcean
  2. Amazon Lightsail
  3. Amazon EC2
  4. Microsoft Azure
  5. Google Compute Engine
  6. Hetzner Cloud
  7. Vultr
  8. Scaleway
  9. OpenStack (DreamCompute optimised)
  10. CloudStack (Exoscale optimised)
  11. Linode
  12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)

Enter the number of your desired provider : 12^M TASK [Cloud prompt] ***** ok: [localhost]

TASK [Set facts based on the input] * ok: [localhost] [Cellular On Demand prompt] Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks? [y/N] : y^M TASK [Cellular On Demand prompt] **** ok: [localhost] [Wi-Fi On Demand prompt] Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi? [y/N] : y^M TASK [Wi-Fi On Demand prompt] *** ok: [localhost] [Trusted Wi-Fi networks prompt] List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand" (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi) : ^M TASK [Trusted Wi-Fi networks prompt] **** ok: [localhost] [Retain the PKI prompt] Do you want to retain the keys (PKI)? (required to add users in the future, but less secure) [y/N] : y^M TASK [Retain the PKI prompt] **** ok: [localhost] [DNS adblocking prompt] Do you want to enable DNS ad blocking on this VPN server? [y/N] : n^M TASK [DNS adblocking prompt] **** ok: [localhost] [SSH tunneling prompt] Do you want each user to have their own account for SSH tunneling? [y/N] : y^M TASK [SSH tunneling prompt] ***** ok: [localhost]

TASK [Set facts based on the input] ***** ok: [localhost]

PLAY [Provision the server] *****

TASK [Gathering Facts] ** ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Debian GNU/Linux 11 (bullseye) (Virtualized: vmware) Created from git clone. Last commit: 8b05cda Fix OS Name for Vultr (#14458) Python 3.9.2 Runtime variables: algo_provider "local" algo_ondemand_cellular "True" algo_ondemand_wifi "True" algo_ondemand_wifi_exclude "X251bGw=" algo_dns_adblocking "False" algo_ssh_tunneling "True" wireguard_enabled "True" dns_encryption "True"

TASK [Display the invocation environment] *** changed: [localhost]

TASK [Install the requirements] ***** ok: [localhost]

TASK [Include a provisioning role] ** [local : pause] https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...: ^M TASK [local : pause] **** ok: [localhost] => (item=https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...) [local : pause] Enter the IP address of your server: (or use localhost for local installation): [localhost] : localhost^M TASK [local : pause] **** ok: [localhost]

TASK [local : Set the facts] **** ok: [localhost] [local : pause] Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [localhost] : domain.net^M TASK [local : pause] **** ok: [localhost]

TASK [local : Set the facts] **** ok: [localhost]

TASK [Set subjectAltName as a fact] ***** ok: [localhost]

TASK [Add the server to an inventory group] ***** changed: [localhost]

TASK [debug] **** ok: [localhost] => { "IP_subject_alt_name": "domain.net" } [WARNING]: Reset is not implemented for this connection

TASK [Wait 600 seconds for target connection to become reachable/usable] **** ok: [localhost] => (item=localhost)

PLAY [Configure the server and install required software] ***

TASK [common : Check the system] **** ok: [localhost]

TASK [common : include_tasks] *** included: /usr/local/algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] **** ok: [localhost]

TASK [common : Install unattended-upgrades] ***** ok: [localhost]

TASK [common : Configure unattended-upgrades] *** ok: [localhost]

TASK [common : Periodic upgrades configured] **** ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] ** ok: [localhost] => (item={'regexp': '^session.optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'}) ok: [localhost] => (item={'regexp': '^session.optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Ensure fallback resolvers are set] *** ok: [localhost]

TASK [common : Loopback for services configured] **** ok: [localhost]

TASK [common : systemd services enabled and started] **** ok: [localhost] => (item=systemd-networkd) ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] ** ok: [localhost]

TASK [common : Set fact if apparmor enabled] **** ok: [localhost]

TASK [common : Define facts] **** ok: [localhost]

TASK [common : Set facts] *** ok: [localhost]

TASK [common : Set IPv6 support as a fact] ** ok: [localhost]

TASK [common : Check size of MTU] *** ok: [localhost]

TASK [common : Set OS specific facts] *** ok: [localhost]

TASK [common : Install tools] *** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: W:The repository 'http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu bullseye Release' does not have a Release file., W:Data from such a repository can't be authenticated and is therefore potentially dangerous to use., W:See apt-secure(8) manpage for repository creation and user configuration details., W:The repository 'http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu kinetic Release' does not have a Release file., W:Data from such a repository can't be authenticated and is therefore potentially dangerous to use., W:See apt-secure(8) manpage for repository creation and user configuration details., E:Failed to fetch http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu/dists/bullseye/main/binary-amd64/Packages 404 Not Found [IP: 91.189.95.85 80], E:Failed to fetch http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu/dists/kinetic/main/binary-amd64/Packages 404 Not Found [IP: 91.189.95.85 80], E:Some index files failed to download. They have been ignored, or old ones used instead."}

TASK [include_tasks] **** included: /usr/local/algo/playbooks/rescue.yml for localhost

TASK [debug] **** ok: [localhost] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }

TASK [Fail the installation] **** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP ** localhost : ok=48 changed=2 unreachable=0 failed=1 skipped=21 rescued=1 ignored=0

juiceofglass commented 2 years ago

I solved this problem by manually overwriting line 6 of file roles/dns/tasks/ubuntu.yml from codename: "{{ ansible_distribution_release }}" to codename: "focal"

szpiegaux commented 2 years ago

@juiceofglass you use Ubuntu? I have the same problem (Debian 11) overwrite this file did not solve

UPD: im reinstall my debian 11 to Ubuntu, all ok. thx

jackivanov commented 2 years ago

We don't support debian as the target system

ronnicek commented 2 years ago

Had the same issue with Ubuntu 20.04, thanks for https://github.com/trailofbits/algo/issues/14474#issuecomment-1140278071, that solved the issue :)