Deployment on GCE cannot config server

paul-ada commented 1 year ago

I cannot deploy algo on a Google Compute Engine instance. After running the ./algo script, the instance is created but there is an issue when it reaches the 'configure the server and install required software' step and it just hangs forever.

Details

I have installed all required dependencies on a system with macOS Monterey 12.6 and have created a new GCP project with the needed access/IAM policies as outlined from the cloud gce doc.

When I run ./algo -e "provider=gce" -e "gce_credentials_file=$(pwd)/configs/gce.json"
I can see that a VM instance gets created in my GCP web Console but the script remains hanging at the PLAY [Configure the server and install required software] *** step and the deployment never completes.

Here are the config variables used:

--> Please include the following block of text when reporting issues:

Algo running on: macOS 12.6
Created from git clone. Last commit: 651f949 Update cloud-hetzner.md (#14450)
Python 3.10.6
Runtime variables:
    algo_provider "gce"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "True"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_dns_adblocking "False"
    algo_ssh_tunneling "False"
    wireguard_enabled "True"
    dns_encryption "True"

paul-ada commented 1 year ago

Full log


$ ./algo -e "provider=gce" -e "gce_credentials_file=$(pwd)/configs/gce.json"

PLAY [localhost] *************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************
ok: [localhost]

TASK [Playbook dir stat] *****************************************************************************************************************************
ok: [localhost]

TASK [Ensure Ansible is not being run in a world writable directory] *********************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: The value '' is not a valid IP address or network, passing this value to ipaddr filter might result in breaking change in future.

TASK [Ensure the requirements installed] *************************************************************************************************************
ok: [localhost]

TASK [Set required ansible version as a fact] ********************************************************************************************************
ok: [localhost] => (item=ansible==6.1.0)

TASK [Just get the list from default pip] ************************************************************************************************************
ok: [localhost]

TASK [Verify Python meets Algo VPN requirements] *****************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verify Ansible meets Algo VPN requirements] ****************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log

PLAY [Ask user for the input] ************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] ******************************************************************************************************************
ok: [localhost]
[VPN server name prompt]
Name the vpn server
[algo]
:
algo-t^M
TASK [VPN server name prompt] ************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
N^M
TASK [Cellular On Demand prompt] *********************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
y^M
TASK [Wi-Fi On Demand prompt] ************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:
^M
TASK [Trusted Wi-Fi networks prompt] *****************************************************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
N^M
TASK [Retain the PKI prompt] *************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
N^M
TASK [DNS adblocking prompt] *************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
N^M
TASK [SSH tunneling prompt] **************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] ******************************************************************************************************************
ok: [localhost]

PLAY [Provision the server] **************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: macOS 12.6
Created from git clone. Last commit: 651f949 Update cloud-hetzner.md (#14450)
Python 3.10.6
Runtime variables:
    algo_provider "gce"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "True"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_dns_adblocking "False"
    algo_ssh_tunneling "False"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] ************************************************************************************************************
changed: [localhost]

TASK [Install the requirements] **********************************************************************************************************************
ok: [localhost]

TASK [Generate the SSH private key] ******************************************************************************************************************
changed: [localhost]

TASK [Generate the SSH public key] *******************************************************************************************************************
changed: [localhost]

TASK [Copy the private SSH key to /tmp] **************************************************************************************************************
changed: [localhost]

TASK [Include a provisioning role] *******************************************************************************************************************

TASK [cloud-gce : Install requirements] **************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : set_fact] **************************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : set_fact] **************************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : set_fact] **************************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : Get regions] ***********************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : Set facts about the regions] *******************************************************************************************************
ok: [localhost]

TASK [cloud-gce : Set facts about the default region] ************************************************************************************************
ok: [localhost]
[cloud-gce : pause]
What region should the server be located in?
(https://cloud.google.com/compute/docs/regions-zones/#locations)
    1. asia-east1
    2. asia-east2
    3. asia-northeast1
    4. asia-northeast2
    5. asia-northeast3
    6. asia-south1
    7. asia-south2
    8. asia-southeast1
    9. asia-southeast2
    10. australia-southeast1
    11. australia-southeast2
    12. europe-central2
    13. europe-north1
    14. europe-southwest1
    15. europe-west1
    16. europe-west2
    17. europe-west3
    18. europe-west4
    19. europe-west6
    20. europe-west8
    21. europe-west9
    22. me-west1
    23. northamerica-northeast1
    24. northamerica-northeast2
    25. southamerica-east1
    26. southamerica-west1
    27. us-central1
    28. us-east1
    29. us-east4
    30. us-east5
    31. us-south1
    32. us-west1
    33. us-west2
    34. us-west3
    35. us-west4

Enter the number of your desired region
[28]
:
15^M
TASK [cloud-gce : pause] *****************************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : Set region as a fact] **************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : Get zones] *************************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : Set random available zone as a fact] ***********************************************************************************************
ok: [localhost]

TASK [cloud-gce : Network configured] ****************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : Firewall configured] ***************************************************************************************************************
ok: [localhost]

TASK [cloud-gce : Instance created] ******************************************************************************************************************
changed: [localhost]

TASK [cloud-gce : set_fact] **************************************************************************************************************************
ok: [localhost]

TASK [Set subjectAltName as a fact] ******************************************************************************************************************
ok: [localhost]

TASK [Add the server to an inventory group] **********************************************************************************************************
changed: [localhost]

TASK [Additional variables for the server] ***********************************************************************************************************
changed: [localhost]

TASK [Wait until SSH becomes ready...] ***************************************************************************************************************
ok: [localhost]

TASK [MacOS | set OS specific facts] *****************************************************************************************************************
ok: [localhost]

TASK [MacOS | mount a ram disk] **********************************************************************************************************************
changed: [localhost]

TASK [Set config paths as facts] *********************************************************************************************************************
ok: [localhost]

TASK [Update config paths] ***************************************************************************************************************************
changed: [localhost]

TASK [debug] *****************************************************************************************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "34.79.92.162"
}

TASK [Wait 600 seconds for target connection to become reachable/usable] *****************************************************************************
ok: [localhost -> 34.79.92.162] => (item=34.79.92.162)

PLAY [Configure the server and install required software] ********************************************************************************************

rvignacio commented 1 year ago

penultimonkey commented 1 year ago

Also looks similar to my own #14554 -- immediately previous to this. Glad you posted! I hadn't seen your issue. For my case it's not clear the timeout change you did would work though -- stalling in a different spot. Waiting three weeks hasn't helped either...

trailofbits / algo

Deployment on GCE cannot config server #14555