search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.65k stars 2.31k forks source link

Hetzner’s cx11 server size not available in US locations #14562

Open quinncomendant opened 1 year ago

quinncomendant commented 1 year ago

Describe the bug

Algo fails on Hetzner’s USA locations when using thecx11 server size, which is the default included in Algo’s config.cfg file. The Hetzner Cloud API responds with:

error during placement (resource_unavailable)

This is not necessarily a bug in Algo, since the same error occurs when trying to create a cx11 server using Hetzner's CLI tools.

I asked Hetzner why this error occurs, and they replied:

CX-Servers with INTEL CPU are not offered in our US-Locations.

So, the fix is to update Algo's config.cfg file to use server cpx11 instead of cx11 (cpx11 is the smallest server size that is available in all Hetzner locations; it has 2 vCPUs instead of 1, and costs €3.85 instead of €3.29 per month):

  hetzner:
    server_type: cpx11
    image: ubuntu-20.04

To Reproduce

Steps to reproduce the behavior:

  1. Run ./algo
  2. Select Provider = Hetzner Cloud.
  3. Select a region of ash or hil.
  4. Ansible fails with the error: fatal: [localhost]: FAILED! => {"changed": false, "msg": "error during placement"}.

Expected behavior

Algo's default config should work for all providers and all locations.

Additional context

Here's the full ANSIBLE_VERBOSITY=4 error output to help people find this ticket:


TASK [cloud-hetzner : Create a server...] *******************************************************************************************************************************************
task path: /Users/quinn/src/algo/roles/cloud-hetzner/tasks/main.yml:16
The full traceback is:
  File "/var/folders/sd/sqyq8bqd6bj1vjh9v7f_5ddc0000gp/T/ansible_hcloud_server_payload_gf68n8k7/ansible_hcloud_server_payload.zip/ansible_collections/hetzner/hcloud/plugins/modules/hcloud_server.py", line 438, in _create_server
  File "/Users/quinn/src/algo/.venv/lib/python3.10/site-packages/hcloud/servers/client.py", line 583, in create
    response = self._client.request(url="/servers", method="POST", json=data)
  File "/Users/quinn/src/algo/.venv/lib/python3.10/site-packages/hcloud/hcloud.py", line 242, in request
    self._raise_exception_from_json_content(json_content)
  File "/Users/quinn/src/algo/.venv/lib/python3.10/site-packages/hcloud/hcloud.py", line 206, in _raise_exception_from_json_content
    raise APIException(
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_deprecated_image": false,
            "api_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "backups": null,
            "datacenter": null,
            "delete_protection": null,
            "enable_ipv4": true,
            "enable_ipv6": true,
            "endpoint": "https://api.hetzner.cloud/v1",
            "firewalls": null,
            "force": false,
            "force_upgrade": false,
            "id": null,
            "image": "ubuntu-20.04",
            "ipv4": null,
            "ipv6": null,
            "labels": {
                "Environment": "algo"
            },
            "location": "ash",
            "name": "asdf",
            "placement_group": null,
            "rebuild_protection": null,
            "rescue_mode": null,
            "server_type": "cx11",
            "ssh_keys": [
                "(REDACTED)"
            ],
            "state": "present",
            "upgrade_disk": false,
            "user_data": "#cloud-config\noutput: {all: '| tee -a /var/log/cloud-init-output.log'}\n\npackage_update: true\npackage_upgrade: true\n\npackages:\n - sudo\n\nusers:\n  - default\n  - name: algo\n    homedir: /home/algo\n    sudo: ALL=(ALL) NOPASSWD:ALL\n    groups: adm,netdev\n    shell: /bin/bash\n    lock_passwd: true\n    ssh_authorized_keys:\n      - \"(REDACTED)\"\n\nwrite_files:\n  - path: /etc/ssh/sshd_config\n    content: |\n      Port 4160\n      AllowGroups algo\n      PermitRootLogin no\n      PasswordAuthentication no\n      ChallengeResponseAuthentication no\n      UsePAM yes\n      X11Forwarding yes\n      PrintMotd no\n      AcceptEnv LANG LC_*\n      Subsystem\tsftp\t/usr/lib/openssh/sftp-server\n\n\nruncmd:\n  - set -x\n  - ufw --force reset\n  - sudo apt-get remove -y --purge sshguard || true\n  - systemctl restart sshd.service\n",
            "volumes": null
        }
    },
    "msg": "error during placement"
}```
quinncomendant commented 1 year ago

Does anyone ever experience a problem, research it for an hour, find the cause, then go to GitHub to report the issue but then discover that you already created a ticket five months earlier for exactly that issue with exactly the same solution?

Because I just did that. 🤦‍♂️