search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
28.87k stars 2.32k forks source link

the directory configs/localhost is not empty, refusing to convert it #1463

Closed Aima09 closed 5 years ago

Aima09 commented 5 years ago

Describe the bug

fatal: [localhost]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "msg": "the directory configs/localhost is not empty, refusing to convert it", "owner": "root", "path": "configs/localhost", " size": 4096, "state": "directory", "uid": 0}

To Reproduce

Steps to reproduce the behavior:

  1. git clone https://github.com/trailofbits/algo

  2. cd algo

  3. sudo apt-get update && sudo apt-get install \ build-essential \ libssl-dev \ libffi-dev \ python-dev \ python-pip \ python-setuptools \ python-virtualenv -y

  4. vim config.cfg

  5. ./algo

Expected behavior

expect to installation successful Additional context

Add any other context about the problem here. 1.fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: con figs/localhost/wireguard//.pki//private/linford"}

2.then execute with troubleshooting.md : sudo rm -rf /etc/wireguard/*.lock

Full log

(env) root@linford-ubuntu-s-1vcpu-1gb-sgp1-01:/algo# ./algo

PLAY [localhost] **********************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Ensure the requirements installed] **********************************************************************************************************************************************************************************
ok: [localhost]

TASK [Verify Ansible meets Algo VPN requirements.] ************************************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

PLAY [Ask user for the input] *********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Vultr
    5. Microsoft Azure
    6. Google Compute Engine
    7. Scaleway
    8. OpenStack (DreamCompute optimised)
    9. Install to existing Ubuntu 18.04 or 19.04 server (Advanced)

Enter the number of your desired provider
:

TASK [Cloud prompt] *******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] ***************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:

TASK [Cellular On Demand prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:

TASK [Wi-Fi On Demand prompt] *********************************************************************************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:

TASK [Trusted Wi-Fi networks prompt] **************************************************************************************************************************************************************************************
ok: [localhost]
[Compatible ciphers prompt]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:

TASK [Compatible ciphers prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Retain the CA key prompt]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:

TASK [Retain the CA key prompt] *******************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to install an ad blocking DNS resolver on this VPN server?
[y/N]
:

TASK [DNS adblocking prompt] **********************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:

TASK [SSH tunneling prompt] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] ***************************************************************************************************************************************************************************************
ok: [localhost]

PLAY [Provision the server] ***********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 18.04.2 LTS (Virtualized: kvm)
Created from git fork. Last commit: 2d04f65 Update CHANGELOG.md
Python 2.7.15rc1
Runtime variables:
    algo_provider "local"
    algo_ondemand_cellular "True"
    algo_ondemand_wifi "True"
    algo_ondemand_wifi_exclude "VFAtTElOS181R19FODA1LFRQLUxJTktfRTgwNSxUbWFsbFJvdXRlcl8zMTkw"
    algo_windows "True"
    algo_local_dns "True"
    algo_ssh_tunneling "True"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] *********************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Install the requirements] *******************************************************************************************************************************************************************************************
ok: [localhost -> localhost]
[local : pause]
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:

TASK [local : pause] ******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] **********************************************************************************************************************************************************************************************
ok: [localhost]
[local : pause]
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[localhost]
:

TASK [local : pause] ******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] **********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set subjectAltName as afact] ****************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Add the server to an inventory group] *******************************************************************************************************************************************************************************
changed: [localhost]

TASK [debug] **************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "localhost"
}
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)

TASK [A short pause, in order to be sure the instance is ready] ***********************************************************************************************************************************************************
ok: [localhost]

PLAY [Configure the server and install required software] *****************************************************************************************************************************************************************

TASK [common : Check the system] ******************************************************************************************************************************************************************************************
ok: [localhost]
included: /algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] **********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Install unattended-upgrades] *******************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Configure unattended-upgrades] *****************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Periodic upgrades configured] ******************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Unattended reboots configured] *****************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] ****************************************************************************************************************************************************************************
ok: [localhost] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'})
ok: [localhost] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})

TASK [common : Loopback for services configured] **************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : systemd services enabled and started] **********************************************************************************************************************************************************************
ok: [localhost] => (item=systemd-networkd)
ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] ************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Set fact if apparmor enabled] ******************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Generate password for the CA key] **************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [common : Generate p12 export password] ******************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [common : Define facts] **********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Set facts] *************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Set IPv6 support as a fact] ********************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Check size of MTU] *****************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Set OS specific facts] *************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Install tools] *********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Install headers] *******************************************************************************************************************************************************************************************
ok: [localhost]
included: /algo/roles/common/tasks/iptables.yml for localhost

TASK [common : Iptables configured] ***************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u'rules.v4.j2'})

TASK [common : Iptables configured] ***************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u'rules.v6.j2'})

TASK [common : Sysctl tuning] *********************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
ok: [localhost] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
ok: [localhost] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
included: /algo/roles/dns_encryption/tasks/ubuntu.yml for localhost

TASK [dns_encryption : Add the repository] ********************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Install dnscrypt-proxy] ****************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Configure unattended-upgrades] *********************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Ubuntu | Unbound profile for apparmor configured] **************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ***********************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ***********************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Ubuntu | Add custom requirements to successfully start the unit] ***********************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : dnscrypt-proxy ip-blacklist configured] ************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : dnscrypt-proxy configured] *************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : dnscrypt-proxy enabled and started] ****************************************************************************************************************************************************************
ok: [localhost]
 [WARNING]: flush_handlers task does not support when conditional

TASK [dns_adblocking : Dnsmasq installed] *********************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : The dnsmasq directory created] *********************************************************************************************************************************************************************
ok: [localhost]
included: /algo/roles/dns_adblocking/tasks/ubuntu.yml for localhost

TASK [dns_adblocking : Ubuntu | Dnsmasq profile for apparmor configured] **************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Ubuntu | Enforce the dnsmasq AppArmor policy] ******************************************************************************************************************************************************
changed: [localhost]

TASK [dns_adblocking : Ubuntu | Ensure that the dnsmasq service directory exist] ******************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ****************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Dnsmasq configured] ********************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Adblock script created] ****************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Adblock script added to cron] **********************************************************************************************************************************************************************
changed: [localhost]

TASK [dns_adblocking : Update adblock hosts] ******************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Dnsmasq enabled and started] ***********************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : Ensure the required directories exist] ******************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=private)
changed: [localhost -> localhost] => (item=public)
included: /algo/roles/wireguard/tasks/ubuntu.yml for localhost

TASK [wireguard : WireGuard repository configured] ************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : WireGuard installed] ************************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : WireGuard reload-module-on-update] **********************************************************************************************************************************************************************
changed: [localhost]

TASK [wireguard : Configure unattended-upgrades] **************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : Set OS specific facts] **********************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : Generate private keys] **********************************************************************************************************************************************************************************
changed: [localhost] => (item=linford)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)
changed: [localhost] => (item=localhost)

TASK [wireguard : Save private keys] **************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [wireguard : Touch the lock file] ************************************************************************************************************************************************************************************
changed: [localhost] => (item=linford)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)
changed: [localhost] => (item=localhost)

TASK [wireguard : Generate public keys] ***********************************************************************************************************************************************************************************
ok: [localhost] => (item=linford)
ok: [localhost] => (item=laptop)
ok: [localhost] => (item=desktop)
ok: [localhost] => (item=localhost)

TASK [wireguard : Save public keys] ***************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [wireguard : WireGuard user list updated] ****************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [wireguard : set_fact] ***********************************************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [wireguard : WireGuard users config generated] ***********************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=[0, u'linford'])
changed: [localhost -> localhost] => (item=[1, u'laptop'])
changed: [localhost -> localhost] => (item=[2, u'desktop'])

TASK [wireguard : Generate QR codes] **************************************************************************************************************************************************************************************
ok: [localhost -> localhost] => (item=[0, u'linford'])
ok: [localhost -> localhost] => (item=[1, u'laptop'])
ok: [localhost -> localhost] => (item=[2, u'desktop'])

TASK [wireguard : WireGuard configured] ***********************************************************************************************************************************************************************************
changed: [localhost]

TASK [wireguard : WireGuard enabled and started] **************************************************************************************************************************************************************************
ok: [localhost]

RUNNING HANDLER [wireguard : restart wireguard] ***************************************************************************************************************************************************************************
changed: [localhost]
included: /algo/roles/strongswan/tasks/ubuntu.yml for localhost

TASK [strongswan : Set OS specific facts] *********************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Install strongSwan] ***************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Charon profile for apparmor configured] *******************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Enforcing ipsec with apparmor] ****************************************************************************************************************************************************************
ok: [localhost] => (item=/usr/lib/ipsec/charon)
ok: [localhost] => (item=/usr/lib/ipsec/lookip)
ok: [localhost] => (item=/usr/lib/ipsec/stroke)

TASK [strongswan : Ubuntu | Enable services] ******************************************************************************************************************************************************************************
ok: [localhost] => (item=apparmor)
ok: [localhost] => (item=strongswan)
ok: [localhost] => (item=netfilter-persistent)

TASK [strongswan : Ubuntu | Ensure that the strongswan service directory exist] *******************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ********************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ensure that the strongswan user exist] *****************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Install strongSwan] ************************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Setup the config files from our templates] *************************************************************************************************************************************************************
ok: [localhost] => (item={u'dest': u'strongswan.conf', u'src': u'strongswan.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
ok: [localhost] => (item={u'dest': u'ipsec.conf', u'src': u'ipsec.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
ok: [localhost] => (item={u'dest': u'ipsec.secrets', u'src': u'ipsec.secrets.j2', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
ok: [localhost] => (item={u'dest': u'strongswan.d/charon.conf', u'src': u'charon.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})

TASK [strongswan : Get loaded plugins] ************************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Disable unneeded plugins] ******************************************************************************************************************************************************************************
ok: [localhost] => (item=rc2)
ok: [localhost] => (item=aesni)
ok: [localhost] => (item=xauth-generic)
ok: [localhost] => (item=resolve)
ok: [localhost] => (item=connmark)
ok: [localhost] => (item=eap-mschapv2)
ok: [localhost] => (item=sha1)
ok: [localhost] => (item=agent)
ok: [localhost] => (item=md4)
ok: [localhost] => (item=bypass-lan)
ok: [localhost] => (item=mgf1)
ok: [localhost] => (item=fips-prf)
ok: [localhost] => (item=attr)
ok: [localhost] => (item=constraints)
ok: [localhost] => (item=pkcs1)
ok: [localhost] => (item=updown)
ok: [localhost] => (item=md5)
ok: [localhost] => (item=dnskey)
ok: [localhost] => (item=sshkey)
ok: [localhost] => (item=xcbc)
ok: [localhost] => (item=counters)
ok: [localhost] => (item=gmp)

TASK [strongswan : Ensure that required plugins are enabled] **************************************************************************************************************************************************************
ok: [localhost] => (item=hmac)
ok: [localhost] => (item=pubkey)
ok: [localhost] => (item=pem)
ok: [localhost] => (item=pkcs7)
ok: [localhost] => (item=random)
ok: [localhost] => (item=stroke)
ok: [localhost] => (item=pkcs12)
ok: [localhost] => (item=kernel-netlink)
ok: [localhost] => (item=sha2)
ok: [localhost] => (item=aes)
ok: [localhost] => (item=x509)
ok: [localhost] => (item=gcm)
ok: [localhost] => (item=openssl)
ok: [localhost] => (item=revocation)
ok: [localhost] => (item=pgp)
ok: [localhost] => (item=socket-default)
ok: [localhost] => (item=nonce)
ok: [localhost] => (item=pkcs8)

TASK [strongswan : Set subjectAltName as a fact] **************************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [strongswan : debug] *************************************************************************************************************************************************************************************************
ok: [localhost -> localhost] => {
    "subjectAltName": "DNS:localhost,IP:2400:6180:0:d0::2e1:b001"
}

TASK [strongswan : Ensure the pki directories exist] **********************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=ecparams)
changed: [localhost -> localhost] => (item=certs)
changed: [localhost -> localhost] => (item=crl)
changed: [localhost -> localhost] => (item=newcerts)
changed: [localhost -> localhost] => (item=private)
changed: [localhost -> localhost] => (item=public)
changed: [localhost -> localhost] => (item=reqs)

TASK [strongswan : Ensure the config directories exist] *******************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=apple)
changed: [localhost -> localhost] => (item=windows)
changed: [localhost -> localhost] => (item=manual)

TASK [strongswan : Ensure the files exist] ********************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=.rnd)
changed: [localhost -> localhost] => (item=private/.rnd)
changed: [localhost -> localhost] => (item=index.txt)
changed: [localhost -> localhost] => (item=index.txt.attr)
changed: [localhost -> localhost] => (item=serial)

TASK [strongswan : Generate the openssl server configs] *******************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the CA pair] *************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Copy the CA certificate] *******************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Generate the serial number] ****************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the server pair] *********************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the client's pair] *******************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build openssh public keys] *****************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client's p12] ********************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client's p12 with the CA cert included] ******************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Copy the p12 certificates] *****************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Get active users] **************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Copy the keys to the strongswan directory] *************************************************************************************************************************************************************
changed: [localhost] => (item={u'dest': u'cacerts/ca.crt', u'src': u'cacert.pem', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'certs/localhost.crt', u'src': u'certs/localhost.crt', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'private/localhost.key', u'src': u'private/localhost.key', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})

TASK [strongswan : Register p12 PayloadContent] ***************************************************************************************************************************************************************************
ok: [localhost -> localhost] => (item=linford)
ok: [localhost -> localhost] => (item=laptop)
ok: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Set facts for mobileconfigs] ***************************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [strongswan : Build the mobileconfigs] *******************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [strongswan : Build the client ipsec config file] ********************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client ipsec secret file] ********************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the windows client powershell script] ************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=[u'linford', {'_ansible_parsed': True, 'stderr_lines': [], u'changed': False, u'stdout': u'MIIEhQIBAzCCBEsGCSqGSIb3DQEHAaCCBDwEggQ4MIIENDCCAtcGCSqGSIb3DQEHBqCCAsgwggLE\nAgEAMII    CvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIYQ7FjHJz+lACAggAgIICkDsuOVjS\n/TxTSiaRvPKYI6pG/uKBpkm6iKAbTAJDvz10i9uabuRXuUSCBu9y3Isu3du265DivFBT865m8aXC\n905Rt2ksR4CYl8N9hbQfNrvciesJDUlUp+UczyesruHcom+PhadgDC6yxD3lXvAob+ZULh    8pgIwg\n7D/Ct+Few8OvWsEB6gp/O4maQt1z+AlEkVd+jCpIG2yDhm8+3Lv5Rey+oyPqEU5wwgi5i/oM+AsM\njdzfOJeIB+YgY47VI4pdD4/4eN45U6DEHpjZohEcAlWjpAs8fb+90dZ9pgxQBEQ26VN54Me6BbF3\nZheaB736SL4qn76EVleaLkIXSv7qgJVzcIaP4fX2rc6vMFz5IDTrtIw    tmsQgAVnXsMQU6ZiWnsYt\nsXO4OOEm+ZrkosJ8Ng5e+AcROuilrQpmd8qWkZ7lJNJlRWV1f016zZvPqXEZvJKVCcn2ykJhs4/s\ntFGrR4A8E/q1r0lrbfmXKaQvIelgWMERiLXlk7YUyySxkk2mN9ZoHZ0glCcbX5GIHx8blvv98DZS\n60uWOZVyYOxoV85oX6y7GIpxWZ9EeXZWv/bCLcoZ    nk3373xTX3QkOqp7mDRUAsMvOn/aUx+okbH0\n+0Nb3GozoNhBY7QV/e2oriziTm7Qndml5cl+Mz7lPz0r2ftHY4PUXIVo8/JzY13Uz3D1yb0D4gxx\nEoubgMvmHrWQzGur4zpCdri7frd1gzzVRqdpj7WjCvlfpAaZj7P5apm9m+XHfL6AhWux+lUTN+PT\nZH3fKGY6uIm9rHNml2DA9aTvr    KUd4y3/ov0GU2cmZwuQZRdZQCU11Yb7U9umtTPLOPcdsgSsYIUw\ntTZdl+eNd+VZ38v+MXUZrl7HhV0bLgBdMIIBVQYJKoZIhvcNAQcBoIIBRgSCAUIwggE+MIIBOgYL\nKoZIhvcNAQwKAQKggeQwgeEwHAYKKoZIhvcNAQwBAzAOBAgQs2PRSqKwBwICCAAEgcBoNqew5vk7\n8u/0znpxxz    tBjM/qqFmlA3pSj7EtBQlqt63U+3DWd/YWEo/aLpJXKhFkOWlHDtdp+Ub5Zki21p8j\nAb2cOgUfjs7+phEa2OBxN7pemQQ+6ubWECYRs0KBfJt4mXI4f9L2MpI+k0v/h/rYfPXuAUxofHNY\ncqCERCmW3b0ObhP1BWaFAhXH1yDHVt/Ll66LOAuIZYs51fqhBWCaM3sdxzAyqnd1XflqAvTzg    m0l\nLbXksMjdV4AhOQITBe8xRDAdBgkqhkiG9w0BCRQxEB4OAGwAaQBuAGYAbwByAGQwIwYJKoZIhvcN\nAQkVMRYEFCmJwYES20eIeqjpWU0ef9yf8LAjMDEwITAJBgUrDgMCGgUABBTxAOCAUUabaTLlG6dN\nfrFpfAipJgQIgfZk0hoCotACAggA', '_ansible_delegated_vars':     {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'delta': u'0:00:00.005612', 'stdout_lines': [u'MIIEhQIBAzCCBEsGCSqGSIb3DQEHAaCCBDwEggQ4MIIENDCCAtcGCSqGSIb3DQEHBqCCA    sgwggLE', u'AgEAMIICvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIYQ7FjHJz+lACAggAgIICkDsuOVjS', u'/TxTSiaRvPKYI6pG/uKBpkm6iKAbTAJDvz10i9uabuRXuUSCBu9y3Isu3du265DivFBT865m8aXC', u'905Rt2ksR4CYl8N9hbQfNrvciesJDUlUp+UczyesruHco    m+PhadgDC6yxD3lXvAob+ZULh8pgIwg', u'7D/Ct+Few8OvWsEB6gp/O4maQt1z+AlEkVd+jCpIG2yDhm8+3Lv5Rey+oyPqEU5wwgi5i/oM+AsM', u'jdzfOJeIB+YgY47VI4pdD4/4eN45U6DEHpjZohEcAlWjpAs8fb+90dZ9pgxQBEQ26VN54Me6BbF3', u'ZheaB736SL4qn76EVleaL    kIXSv7qgJVzcIaP4fX2rc6vMFz5IDTrtIwtmsQgAVnXsMQU6ZiWnsYt', u'sXO4OOEm+ZrkosJ8Ng5e+AcROuilrQpmd8qWkZ7lJNJlRWV1f016zZvPqXEZvJKVCcn2ykJhs4/s', u'tFGrR4A8E/q1r0lrbfmXKaQvIelgWMERiLXlk7YUyySxkk2mN9ZoHZ0glCcbX5GIHx8blvv98DZS',     u'60uWOZVyYOxoV85oX6y7GIpxWZ9EeXZWv/bCLcoZnk3373xTX3QkOqp7mDRUAsMvOn/aUx+okbH0', u'+0Nb3GozoNhBY7QV/e2oriziTm7Qndml5cl+Mz7lPz0r2ftHY4PUXIVo8/JzY13Uz3D1yb0D4gxx', u'EoubgMvmHrWQzGur4zpCdri7frd1gzzVRqdpj7WjCvlfpAaZj7P5ap    m9m+XHfL6AhWux+lUTN+PT', u'ZH3fKGY6uIm9rHNml2DA9aTvrKUd4y3/ov0GU2cmZwuQZRdZQCU11Yb7U9umtTPLOPcdsgSsYIUw', u'tTZdl+eNd+VZ38v+MXUZrl7HhV0bLgBdMIIBVQYJKoZIhvcNAQcBoIIBRgSCAUIwggE+MIIBOgYL', u'KoZIhvcNAQwKAQKggeQwgeEwHAYKKo    ZIhvcNAQwBAzAOBAgQs2PRSqKwBwICCAAEgcBoNqew5vk7', u'8u/0znpxxztBjM/qqFmlA3pSj7EtBQlqt63U+3DWd/YWEo/aLpJXKhFkOWlHDtdp+Ub5Zki21p8j', u'Ab2cOgUfjs7+phEa2OBxN7pemQQ+6ubWECYRs0KBfJt4mXI4f9L2MpI+k0v/h/rYfPXuAUxofHNY', u'cqCERC    mW3b0ObhP1BWaFAhXH1yDHVt/Ll66LOAuIZYs51fqhBWCaM3sdxzAyqnd1XflqAvTzgm0l', u'LbXksMjdV4AhOQITBe8xRDAdBgkqhkiG9w0BCRQxEB4OAGwAaQBuAGYAbwByAGQwIwYJKoZIhvcN', u'AQkVMRYEFCmJwYES20eIeqjpWU0ef9yf8LAjMDEwITAJBgUrDgMCGgUABBTxAOC    AUUabaTLlG6dN', u'frFpfAipJgQIgfZk0hoCotACAggA'], '_ansible_item_label': u'linford', u'end': u'2019-06-01 06:35:41.276975', '_ansible_no_log': False, u'start': u'2019-06-01 06:35:41.271363', 'failed': False, u'cmd': u's    et -o pipefail\n cat private/linford.p12 |\n base64', 'item': u'linford', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'creates': None, u'executable': u'bash', u'_uses_shell': True, u'_raw_params': u'set     -o pipefail\n cat private/linford.p12 |\n base64', u'removes': None, u'argv': None, u'warn': True, u'chdir': u'configs/localhost/ipsec//.pki/', u'stdin': None}}, '_ansible_ignore_errors': None}])
changed: [localhost -> localhost] => (item=[u'laptop', {'_ansible_parsed': True, 'stderr_lines': [], u'changed': False, u'stdout': u'MIIEewIBAzCCBEEGCSqGSIb3DQEHAaCCBDIEggQuMIIEKjCCAs8GCSqGSIb3DQEHBqCCAsAwggK8\nAgEAMIIC    tQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIJ2qsVheeJXwCAggAgIICiLNywoiY\nQPD9E2qWEC7/+OslOKW5LV42f0vA8dvG47CB0nY2b4RA+Rr7EUqqSXIw6altvgqp3WCTex0ZfGa5\nKAUarFWkWvraMmof1x6WWq635q6HI5GQpVjOk6kEBtxOJOjSFd5+RooH9ImTbiGVOLFutdJ    ENqD/\nu/e1BH1uhFkbaxtmyBOweHsbcYaIgF28UBCdVurn3q9YTwk+hoopZxmJKTwFNo003auvILUYp5Iw\n6GzBnZrhoY2hSPJboIYsKzPaDWV5oAcyCVAbKTdGczibmRLinWwbZ4sQs8xzN8mHZSjNXRXuIfug\nbTWfD2Z766vGzeG13rdLwFKLyDKUAzbVPcwGFqNMO1zjnvYI1DDSGCgg    ddgolrqPRa21P4U5gX1I\nyZTO1roDrH39Jw+q3PYa9h3HmRZuOhNPNMoDZQrNmUVg9tHYSa3EiUpR1+MYzf9kTBl64pE1Ni0t\no5pUbSghUEGygPBXhfnCaRg402X0/Xlck9iClwyDYsFn2tOUJ/kqdQ5rKpYrhfNYYCPx1TYFOnnR\nec1OFCnWUbIXxRxzi8qKDLkErBuLc1JWMF0L98k6j    IdQh0T/xlNvN+T8JGjviysE7alZWAN6Y+RQ\nC0+7DjyHG/jEod0kNhNgreBoERtApHf8fC0IXPpnh7TJz3IYKXiep/6cG1b51tmpRPpvGOu+BGwE\ndtH2K6nT9WZ52EFgiv+fiOEBC8D3LYV02dNeMFU7J3m2SQA1Iy2O3By+0+5zKh1XZKXozyef71hn\nmGlnsGiQWinPYKkE7BNMtgaYp2    Z4ViVPO26bidjk7PtCuBocaP3FzdaRtQAhKujcB3dMxRfeXNgh\nNhUuGkTh+ZfDZ1dH7G/LfjCCAVMGCSqGSIb3DQEHAaCCAUQEggFAMIIBPDCCATgGCyqGSIb3DQEM\nCgECoIHkMIHhMBwGCiqGSIb3DQEMAQMwDgQI+oPUZEpPY5ICAggABIHAypTx9b6VaIlggjxbjo5l\nRL7r0+VZuhI    74c9ElO+FY7nj0BcTpquAlukBcNbsbY2JZzejuHpE1PkdYmOVetBNrd/GswabNpQ3\nrO+Jzfjs27LLrjPMg+3uZB/73GA+YwT/8y/SXgcYtietxmr07KS3AshU4z8P0++YkTWNA1pAMQmr\nJUoBfaMNtyuCpxOrqPv3My94wJ+91whwZ1okkLTfRJbCIWpq67Lg21Mmwe449o6RvkHYgc7sF3    Qp\nnDV6/hYpMUIwGwYJKoZIhvcNAQkUMQ4eDABsAGEAcAB0AG8AcDAjBgkqhkiG9w0BCRUxFgQUK8z2\nqTgyuzm2RsC5vF+meYHKFBAwMTAhMAkGBSsOAwIaBQAEFJqmvK7PsLDVQbNPsPeHlVKyjqnlBAie\ns5TFGiy8vQICCAA=', '_ansible_delegated_vars': {'ansible_del    egated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'delta': u'0:00:00.005506', 'stdout_lines': [u'MIIEewIBAzCCBEEGCSqGSIb3DQEHAaCCBDIEggQuMIIEKjCCAs8GCSqGSIb3DQEHBqCCAsAwggK8', u'A    gEAMIICtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIJ2qsVheeJXwCAggAgIICiLNywoiY', u'QPD9E2qWEC7/+OslOKW5LV42f0vA8dvG47CB0nY2b4RA+Rr7EUqqSXIw6altvgqp3WCTex0ZfGa5', u'KAUarFWkWvraMmof1x6WWq635q6HI5GQpVjOk6kEBtxOJOjSFd5+RooH9I    mTbiGVOLFutdJENqD/', u'u/e1BH1uhFkbaxtmyBOweHsbcYaIgF28UBCdVurn3q9YTwk+hoopZxmJKTwFNo003auvILUYp5Iw', u'6GzBnZrhoY2hSPJboIYsKzPaDWV5oAcyCVAbKTdGczibmRLinWwbZ4sQs8xzN8mHZSjNXRXuIfug', u'bTWfD2Z766vGzeG13rdLwFKLyDKUAzbVPc    wGFqNMO1zjnvYI1DDSGCggddgolrqPRa21P4U5gX1I', u'yZTO1roDrH39Jw+q3PYa9h3HmRZuOhNPNMoDZQrNmUVg9tHYSa3EiUpR1+MYzf9kTBl64pE1Ni0t', u'o5pUbSghUEGygPBXhfnCaRg402X0/Xlck9iClwyDYsFn2tOUJ/kqdQ5rKpYrhfNYYCPx1TYFOnnR', u'ec1OFCnWUb    IXxRxzi8qKDLkErBuLc1JWMF0L98k6jIdQh0T/xlNvN+T8JGjviysE7alZWAN6Y+RQ', u'C0+7DjyHG/jEod0kNhNgreBoERtApHf8fC0IXPpnh7TJz3IYKXiep/6cG1b51tmpRPpvGOu+BGwE', u'dtH2K6nT9WZ52EFgiv+fiOEBC8D3LYV02dNeMFU7J3m2SQA1Iy2O3By+0+5zKh1XZKX    ozyef71hn', u'mGlnsGiQWinPYKkE7BNMtgaYp2Z4ViVPO26bidjk7PtCuBocaP3FzdaRtQAhKujcB3dMxRfeXNgh', u'NhUuGkTh+ZfDZ1dH7G/LfjCCAVMGCSqGSIb3DQEHAaCCAUQEggFAMIIBPDCCATgGCyqGSIb3DQEM', u'CgECoIHkMIHhMBwGCiqGSIb3DQEMAQMwDgQI+oPUZEp    PY5ICAggABIHAypTx9b6VaIlggjxbjo5l', u'RL7r0+VZuhI74c9ElO+FY7nj0BcTpquAlukBcNbsbY2JZzejuHpE1PkdYmOVetBNrd/GswabNpQ3', u'rO+Jzfjs27LLrjPMg+3uZB/73GA+YwT/8y/SXgcYtietxmr07KS3AshU4z8P0++YkTWNA1pAMQmr', u'JUoBfaMNtyuCpxOrqPv    3My94wJ+91whwZ1okkLTfRJbCIWpq67Lg21Mmwe449o6RvkHYgc7sF3Qp', u'nDV6/hYpMUIwGwYJKoZIhvcNAQkUMQ4eDABsAGEAcAB0AG8AcDAjBgkqhkiG9w0BCRUxFgQUK8z2', u'qTgyuzm2RsC5vF+meYHKFBAwMTAhMAkGBSsOAwIaBQAEFJqmvK7PsLDVQbNPsPeHlVKyjqnlBAie    ', u's5TFGiy8vQICCAA='], '_ansible_item_label': u'laptop', u'end': u'2019-06-01 06:35:41.504951', '_ansible_no_log': False, u'start': u'2019-06-01 06:35:41.499445', 'failed': False, u'cmd': u'set -o pipefail\n cat priva    te/laptop.p12 |\n base64', 'item': u'laptop', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'creates': None, u'executable': u'bash', u'_uses_shell': True, u'_raw_params': u'set -o pipefail\n cat private/la    ptop.p12 |\n base64', u'removes': None, u'argv': None, u'warn': True, u'chdir': u'configs/localhost/ipsec//.pki/', u'stdin': None}}, '_ansible_ignore_errors': None}])
changed: [localhost -> localhost] => (item=[u'desktop', {'_ansible_parsed': True, 'stderr_lines': [], u'changed': False, u'stdout': u'MIIEhQIBAzCCBEsGCSqGSIb3DQEHAaCCBDwEggQ4MIIENDCCAtcGCSqGSIb3DQEHBqCCAsgwggLE\nAgEAMII    CvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI6a6WMAaPynICAggAgIICkPixWFoG\nTtQhhXqQdTgoYP3pXfy2uH//xcsLFnCTHGK7eBmPAYsJS8HqF2uGmdQcCeD+zPqXcbjdMcdfKRk2\nYJHqITfehfiTEqIf+tTmuwzhif3Ss8GLt8/XIKZQYci3vuHLTg1VUez0u4fp8iEDwhAR0l    D15kvs\nEFzCq7Ox/97L8Q7gw+eraNClGmRtKr/zZnQ5UFg+aEkQyw2Q0oo3yf7MKgFYdok5r1bhGKJQo/i5\nwEBRULwLug2CfPzKTwvdJyN02laQF+rGEfKu9hH/loWjTcvvNenXxXz/7fXQwrBCVjxR20/wpesS\nYuRzovhVAvcdKHWmGKZBLmM9x+LTbQdhnAjOzPen/jJ8+d2z+zNKCX1    FzNhN8/1OQz7bOlQdsrHN\n5Tnk0RCvpuLikoicPYhvo4UuJeMmxpX5JYQNJNK2IoZiNNs2fI8zbC4Ty0jHuBtjxkLdtMuHFkvN\n5ZeduSBKC9tGig109RCVB9s1yF3GuQr6p21uFqg6hfC7VmCfxI99EGLqTeEaXmHXd0O+F39I1zkO\nYelD/cV6OnxfV8x+AsI4VQ9vB0VlAkVxRsRKC+rh    XFtyNgu2Az9ubCxk3twG9sk+aCVdJjpv8omc\nzHcjKdEx4VlDWgmwh9cg3Jzn5wFVd1wYOek5rkf4zTvqxbruvHa9o1Q+vjRs/Z7DwuFJiCnyeTiz\n4MSq/Ow8dSaJOBXeCLMtGlv/3Odn3OHHCJL11wzgFEbY8lY44SYnhufCqk0Vzbt8Ack6OEjtQ5qY\nE9ph+NWtCVa7Lg9Be8Vb7f0QL    aZU2dmRQ8LFGP0N55HHoo8izVHjdc9tqpcOAdnyNTDNB7nGUhW8\n1fzYpTTuNajFQ+GvVPPqeJtGeZtnG04wMIIBVQYJKoZIhvcNAQcBoIIBRgSCAUIwggE+MIIBOgYL\nKoZIhvcNAQwKAQKggeQwgeEwHAYKKoZIhvcNAQwBAzAOBAjT6Uc/BJl8FwICCAAEgcDzvYPPzygq\nECBQivU3gv    VEv0Ymu/9vPMHEwl20WFLiSR7vQa5HkozhpN5B370t2pOAeGUmIz195wvRYU3iBMlJ\nhgQ/A0aubMnOu9+ggw/RKmUQX7KXyxNtB9EjbAWm0T2PitGDE6bqr/DWE0y0ItBonNa5OUvt+Ex6\nlBgMR9W5I8+if5fV4X01hsWLtg3Z4Qe9RGQzcWg6j1SGmLqKMnkIN1kXq/czXZjYclomGHoU6    XDx\nOZ00xYL3oj0NbLwfy8ExRDAdBgkqhkiG9w0BCRQxEB4OAGQAZQBzAGsAdABvAHAwIwYJKoZIhvcN\nAQkVMRYEFL6UEs3lfoxK5T6cyzbSpKj/+yeEMDEwITAJBgUrDgMCGgUABBQzmdPY5CHKt4POysFy\niz6dySuLbQQIXNpSXRCOl3oCAggA', '_ansible_delegated_vars':     {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'delta': u'0:00:00.005436', 'stdout_lines': [u'MIIEhQIBAzCCBEsGCSqGSIb3DQEHAaCCBDwEggQ4MIIENDCCAtcGCSqGSIb3DQEHBqCCA    sgwggLE', u'AgEAMIICvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI6a6WMAaPynICAggAgIICkPixWFoG', u'TtQhhXqQdTgoYP3pXfy2uH//xcsLFnCTHGK7eBmPAYsJS8HqF2uGmdQcCeD+zPqXcbjdMcdfKRk2', u'YJHqITfehfiTEqIf+tTmuwzhif3Ss8GLt8/XIKZQYci3v    uHLTg1VUez0u4fp8iEDwhAR0lD15kvs', u'EFzCq7Ox/97L8Q7gw+eraNClGmRtKr/zZnQ5UFg+aEkQyw2Q0oo3yf7MKgFYdok5r1bhGKJQo/i5', u'wEBRULwLug2CfPzKTwvdJyN02laQF+rGEfKu9hH/loWjTcvvNenXxXz/7fXQwrBCVjxR20/wpesS', u'YuRzovhVAvcdKHWmGKZBL    mM9x+LTbQdhnAjOzPen/jJ8+d2z+zNKCX1FzNhN8/1OQz7bOlQdsrHN', u'5Tnk0RCvpuLikoicPYhvo4UuJeMmxpX5JYQNJNK2IoZiNNs2fI8zbC4Ty0jHuBtjxkLdtMuHFkvN', u'5ZeduSBKC9tGig109RCVB9s1yF3GuQr6p21uFqg6hfC7VmCfxI99EGLqTeEaXmHXd0O+F39I1zkO',     u'YelD/cV6OnxfV8x+AsI4VQ9vB0VlAkVxRsRKC+rhXFtyNgu2Az9ubCxk3twG9sk+aCVdJjpv8omc', u'zHcjKdEx4VlDWgmwh9cg3Jzn5wFVd1wYOek5rkf4zTvqxbruvHa9o1Q+vjRs/Z7DwuFJiCnyeTiz', u'4MSq/Ow8dSaJOBXeCLMtGlv/3Odn3OHHCJL11wzgFEbY8lY44SYnhu    fCqk0Vzbt8Ack6OEjtQ5qY', u'E9ph+NWtCVa7Lg9Be8Vb7f0QLaZU2dmRQ8LFGP0N55HHoo8izVHjdc9tqpcOAdnyNTDNB7nGUhW8', u'1fzYpTTuNajFQ+GvVPPqeJtGeZtnG04wMIIBVQYJKoZIhvcNAQcBoIIBRgSCAUIwggE+MIIBOgYL', u'KoZIhvcNAQwKAQKggeQwgeEwHAYKKo    ZIhvcNAQwBAzAOBAjT6Uc/BJl8FwICCAAEgcDzvYPPzygq', u'ECBQivU3gvVEv0Ymu/9vPMHEwl20WFLiSR7vQa5HkozhpN5B370t2pOAeGUmIz195wvRYU3iBMlJ', u'hgQ/A0aubMnOu9+ggw/RKmUQX7KXyxNtB9EjbAWm0T2PitGDE6bqr/DWE0y0ItBonNa5OUvt+Ex6', u'lBgMR9    W5I8+if5fV4X01hsWLtg3Z4Qe9RGQzcWg6j1SGmLqKMnkIN1kXq/czXZjYclomGHoU6XDx', u'OZ00xYL3oj0NbLwfy8ExRDAdBgkqhkiG9w0BCRQxEB4OAGQAZQBzAGsAdABvAHAwIwYJKoZIhvcN', u'AQkVMRYEFL6UEs3lfoxK5T6cyzbSpKj/+yeEMDEwITAJBgUrDgMCGgUABBQzmdP    Y5CHKt4POysFy', u'iz6dySuLbQQIXNpSXRCOl3oCAggA'], '_ansible_item_label': u'desktop', u'end': u'2019-06-01 06:35:41.727495', '_ansible_no_log': False, u'start': u'2019-06-01 06:35:41.722059', 'failed': False, u'cmd': u's    et -o pipefail\n cat private/desktop.p12 |\n base64', 'item': u'desktop', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'creates': None, u'executable': u'bash', u'_uses_shell': True, u'_raw_params': u'set     -o pipefail\n cat private/desktop.p12 |\n base64', u'removes': None, u'argv': None, u'warn': True, u'chdir': u'configs/localhost/ipsec//.pki/', u'stdin': None}}, '_ansible_ignore_errors': None}])

TASK [strongswan : Restrict permissions for the local private directories] ************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [strongswan : strongSwan started] ************************************************************************************************************************************************************************************
ok: [localhost]

RUNNING HANDLER [strongswan : restart strongswan] *************************************************************************************************************************************************************************
changed: [localhost]

TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] ***********************************************************************************************************************************************
ok: [localhost]

TASK [ssh_tunneling : Ensure that the algo group exist] *******************************************************************************************************************************************************************
ok: [localhost]

TASK [ssh_tunneling : Ensure that the jail directory exist] ***************************************************************************************************************************************************************
ok: [localhost]

TASK [ssh_tunneling : Ensure that the SSH users exist] ********************************************************************************************************************************************************************
ok: [localhost] => (item=linford)
ok: [localhost] => (item=laptop)
ok: [localhost] => (item=desktop)

TASK [ssh_tunneling : Ensure the config directories exist] ****************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [ssh_tunneling : Check if the private keys exist] ********************************************************************************************************************************************************************
ok: [localhost -> localhost] => (item=linford)
ok: [localhost -> localhost] => (item=laptop)
ok: [localhost -> localhost] => (item=desktop)

TASK [ssh_tunneling : Build ssh private keys] *****************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [ssh_tunneling : Build ssh public keys] ******************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [ssh_tunneling : Build the client ssh config] ************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [ssh_tunneling : The authorized keys file created] *******************************************************************************************************************************************************************
changed: [localhost] => (item=linford)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)

TASK [ssh_tunneling : Get active users] ***********************************************************************************************************************************************************************************
ok: [localhost]

TASK [Dump the configuration] *********************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Create a symlink if deploying to localhost] *************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "msg": "the directory configs/localhost is not empty, refusing to convert it", "owner": "root", "path": "configs/localhost", "    size": 4096, "state": "directory", "uid": 0}
included: /algo/playbooks/rescue.yml for localhost

TASK [debug] **************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [Fail the installation] **********************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP ****************************************************************************************************************************************************************************************************************
localhost                  : ok=146  changed=42   unreachable=0    failed=2
davidemyers commented 5 years ago

Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [localhost] :

It looks like you didn't enter the actual IP address of the server at this prompt.

Aima09 commented 5 years ago

Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [localhost] :

It looks like you didn't enter the actual IP address of the server at this prompt.

I have do it with your suggestion,but there is a new error showed after restart installation:

fatal: [128.199.142.112]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '128.199.142.112' (ECDSA) to the list of known hosts.\r\nroot@128.199.142.112: Permission denied (publickey,password).", "unreachable": true}

and It's not works even if I handler this issue with the one of Troubleshooting case,because of there no any pem file in the configs directory.

root@linford-ubuntu-s-1vcpu-1gb-sgp1-01:~/algo# ./algo

PLAY [localhost] *****************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Ensure the requirements installed] *****************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Verify Ansible meets Algo VPN requirements.] *******************************************************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false, 
    "msg": "All assertions passed"
}

PLAY [Ask user for the input] ****************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Vultr
    5. Microsoft Azure
    6. Google Compute Engine
    7. Scaleway
    8. OpenStack (DreamCompute optimised)
    9. Install to existing Ubuntu 18.04 or 19.04 server (Advanced)

Enter the number of your desired provider
:
9^M
TASK [Cloud prompt] **************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] **********************************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:

TASK [Cellular On Demand prompt] *************************************************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:

TASK [Wi-Fi On Demand prompt] ****************************************************************************************************************************************************************************************************************
ok: [localhost]
[Compatible ciphers prompt]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:
y^M
TASK [Compatible ciphers prompt] *************************************************************************************************************************************************************************************************************
ok: [localhost]
[Retain the CA key prompt]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:

TASK [Retain the CA key prompt] **************************************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to install an ad blocking DNS resolver on this VPN server?
[y/N]
:

TASK [DNS adblocking prompt] *****************************************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:

TASK [SSH tunneling prompt] ******************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] **********************************************************************************************************************************************************************************************************
ok: [localhost]

PLAY [Provision the server] ******************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 18.04.2 LTS (Virtualized: kvm)
Created from git fork. Last commit: 2d04f65 Update CHANGELOG.md
Python 2.7.15rc1
Runtime variables:
    algo_provider "local"
    algo_ondemand_cellular "True"
    algo_ondemand_wifi "False"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_windows "True"
    algo_local_dns "True"
    algo_ssh_tunneling "True"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] ****************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Install the requirements] **************************************************************************************************************************************************************************************************************
ok: [localhost -> localhost]
[local : pause]
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:

TASK [local : pause] *************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] *****************************************************************************************************************************************************************************************************************
ok: [localhost]
[local : pause]
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
[root]
:

TASK [local : pause] *************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] *****************************************************************************************************************************************************************************************************************
ok: [localhost]
[local : pause]
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[128.199.142.112]
:

TASK [local : pause] *************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] *****************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set subjectAltName as afact] ***********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Add the server to an inventory group] **************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [Wait until SSH becomes ready...] *******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [debug] *********************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "128.199.142.112"
}
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)

TASK [A short pause, in order to be sure the instance is ready] ******************************************************************************************************************************************************************************
ok: [localhost]

PLAY [Configure the server and install required software] ************************************************************************************************************************************************************************************

TASK [common : Check the system] *************************************************************************************************************************************************************************************************************
fatal: [128.199.142.112]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '128.199.142.112' (ECDSA) to the list of known hosts.\r\nroot@128.199.142.112: Permission denied (publickey,password).", "unreachable": true}

PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
128.199.142.112            : ok=0    changed=0    unreachable=1    failed=0   
localhost                  : ok=27   changed=2    unreachable=0    failed=0   

root@linford-ubuntu-s-1vcpu-1gb-sgp1-01:~/algo# ls
CHANGELOG.md     Dockerfile  PULL_REQUEST_TEMPLATE.md  algo            algo-showenv.sh  cloud.yml   configs            docs  input.yml   inventory  logo.png  playbooks         roles       tests      venvs
CONTRIBUTING.md  LICENSE     README.md                 algo-docker.sh  ansible.cfg      config.cfg  deploy_client.yml  env   install.sh  library    main.yml  requirements.txt  server.yml  users.yml
root@linford-ubuntu-s-1vcpu-1gb-sgp1-01:~/algo# cd configs
root@linford-ubuntu-s-1vcpu-1gb-sgp1-01:~/algo/configs# ls
root@linford-ubuntu-s-1vcpu-1gb-sgp1-01:~/algo/configs#
davidemyers commented 5 years ago

Enter the IP address of your server: (or use localhost for local installation): [localhost] :

Did you also enter the IP address for this prompt? Because for this one you should accept the default of [localhost]. You need to enter the IP address when prompted for your "public IP address".

Aima09 commented 5 years ago

Enter the IP address of your server: (or use localhost for local installation): [localhost] :

Did you also enter the IP address for this prompt? Because for this one you should accept the default of [localhost]. You need to enter the IP address when prompted for your "public IP address".

Still not works,I totally do those action which you said enter default "localhost " with first step and then enter the IP address with public prompted

going back the first issue:

fatal: [localhost]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "msg": "the directory configs/localhost is not empty, refusing to convert it", "owner": "root", "path": "configs/localhost", "size": 4096, "state": "directory", "uid": 0}

Steps to reproduce the behavior:

1: sudo rm -rf /etc/wireguard/*.lock 2: ./algo

root@linford-ubuntu-s-1vcpu-1gb-sgp1-01:/algo# ./algo

PLAY [localhost] *****************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Ensure the requirements installed] *****************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Verify Ansible meets Algo VPN requirements.] *******************************************************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false, 
    "msg": "All assertions passed"
}

PLAY [Ask user for the input] ****************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Vultr
    5. Microsoft Azure
    6. Google Compute Engine
    7. Scaleway
    8. OpenStack (DreamCompute optimised)
    9. Install to existing Ubuntu 18.04 or 19.04 server (Advanced)

Enter the number of your desired provider
:
9^M
TASK [Cloud prompt] **************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] **********************************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:

TASK [Cellular On Demand prompt] *************************************************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:

TASK [Wi-Fi On Demand prompt] ****************************************************************************************************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:

TASK [Trusted Wi-Fi networks prompt] *********************************************************************************************************************************************************************************************************
ok: [localhost]
[Compatible ciphers prompt]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:

TASK [Compatible ciphers prompt] *************************************************************************************************************************************************************************************************************
ok: [localhost]
[Retain the CA key prompt]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:

TASK [Retain the CA key prompt] **************************************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to install an ad blocking DNS resolver on this VPN server?
[y/N]
:

TASK [DNS adblocking prompt] *****************************************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:

TASK [SSH tunneling prompt] ******************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] **********************************************************************************************************************************************************************************************************
ok: [localhost]

PLAY [Provision the server] ******************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 18.04.2 LTS (Virtualized: kvm)
Created from git fork. Last commit: 2d04f65 Update CHANGELOG.md
Python 2.7.15rc1
Runtime variables:
    algo_provider "local"
    algo_ondemand_cellular "True"
    algo_ondemand_wifi "True"
    algo_ondemand_wifi_exclude "VFAtTElOS181R19FODA1LFRQLUxJTktfRTgwNSxUbWFsbFJvdXRlcl8zMTkw"
    algo_windows "True"
    algo_local_dns "True"
    algo_ssh_tunneling "True"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] ****************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Install the requirements] **************************************************************************************************************************************************************************************************************
ok: [localhost -> localhost]
[local : pause]
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:

TASK [local : pause] *************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] *****************************************************************************************************************************************************************************************************************
ok: [localhost]
[local : pause]
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[localhost]
:

TASK [local : pause] *************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] *****************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Set subjectAltName as afact] ***********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Add the server to an inventory group] **************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [debug] *********************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "128.199.142.112"
}
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)

TASK [A short pause, in order to be sure the instance is ready] ******************************************************************************************************************************************************************************
ok: [localhost]

PLAY [Configure the server and install required software] ************************************************************************************************************************************************************************************

TASK [common : Check the system] *************************************************************************************************************************************************************************************************************
ok: [localhost]
included: /algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] *****************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Install unattended-upgrades] **************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Configure unattended-upgrades] ************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Periodic upgrades configured] *************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Unattended reboots configured] ************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] ***********************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'})
ok: [localhost] => (item={u'regexp': u'^session.*optional.*pam_motd.so.*', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})

TASK [common : Loopback for services configured] *********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : systemd services enabled and started] *****************************************************************************************************************************************************************************************
ok: [localhost] => (item=systemd-networkd)
ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] *******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Set fact if apparmor enabled] *************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Generate password for the CA key] *********************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [common : Generate p12 export password] *************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [common : Define facts] *****************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Set facts] ********************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Set IPv6 support as a fact] ***************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Check size of MTU] ************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Set OS specific facts] ********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Install tools] ****************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [common : Install headers] **************************************************************************************************************************************************************************************************************
ok: [localhost]
included: /algo/roles/common/tasks/iptables.yml for localhost

TASK [common : Iptables configured] **********************************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u'rules.v4.j2'})

TASK [common : Iptables configured] **********************************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u'rules.v6.j2'})

TASK [common : Sysctl tuning] ****************************************************************************************************************************************************************************************************************
ok: [localhost] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
ok: [localhost] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
ok: [localhost] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
included: /algo/roles/dns_encryption/tasks/ubuntu.yml for localhost

TASK [dns_encryption : Add the repository] ***************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Install dnscrypt-proxy] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Configure unattended-upgrades] ****************************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Ubuntu | Unbound profile for apparmor configured] *********************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ******************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ******************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : Ubuntu | Add custom requirements to successfully start the unit] ******************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : dnscrypt-proxy ip-blacklist configured] *******************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : dnscrypt-proxy configured] ********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_encryption : dnscrypt-proxy enabled and started] ***********************************************************************************************************************************************************************************
ok: [localhost]
 [WARNING]: flush_handlers task does not support when conditional

TASK [dns_adblocking : Dnsmasq installed] ****************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : The dnsmasq directory created] ****************************************************************************************************************************************************************************************
ok: [localhost]
included: /algo/roles/dns_adblocking/tasks/ubuntu.yml for localhost

TASK [dns_adblocking : Ubuntu | Dnsmasq profile for apparmor configured] *********************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Ubuntu | Enforce the dnsmasq AppArmor policy] *************************************************************************************************************************************************************************
changed: [localhost]

TASK [dns_adblocking : Ubuntu | Ensure that the dnsmasq service directory exist] *************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ***********************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Dnsmasq configured] ***************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Adblock script created] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Adblock script added to cron] *****************************************************************************************************************************************************************************************
changed: [localhost]

TASK [dns_adblocking : Update adblock hosts] *************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [dns_adblocking : Dnsmasq enabled and started] ******************************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : Ensure the required directories exist] *************************************************************************************************************************************************************************************
ok: [localhost -> localhost] => (item=private)
ok: [localhost -> localhost] => (item=public)
included: /algo/roles/wireguard/tasks/ubuntu.yml for localhost

TASK [wireguard : WireGuard repository configured] *******************************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : WireGuard installed] *******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : WireGuard reload-module-on-update] *****************************************************************************************************************************************************************************************
changed: [localhost]

TASK [wireguard : Configure unattended-upgrades] *********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : Set OS specific facts] *****************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [wireguard : Generate private keys] *****************************************************************************************************************************************************************************************************
changed: [localhost] => (item=linford)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)
changed: [localhost] => (item=128.199.142.112)

TASK [wireguard : Save private keys] *********************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [wireguard : Touch the lock file] *******************************************************************************************************************************************************************************************************
changed: [localhost] => (item=linford)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)
changed: [localhost] => (item=128.199.142.112)

TASK [wireguard : Generate public keys] ******************************************************************************************************************************************************************************************************
ok: [localhost] => (item=linford)
ok: [localhost] => (item=laptop)
ok: [localhost] => (item=desktop)
ok: [localhost] => (item=128.199.142.112)

TASK [wireguard : Save public keys] **********************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [wireguard : WireGuard user list updated] ***********************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [wireguard : set_fact] ******************************************************************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [wireguard : WireGuard users config generated] ******************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=[0, u'linford'])
changed: [localhost -> localhost] => (item=[1, u'laptop'])
changed: [localhost -> localhost] => (item=[2, u'desktop'])

TASK [wireguard : Generate QR codes] *********************************************************************************************************************************************************************************************************
ok: [localhost -> localhost] => (item=[0, u'linford'])
ok: [localhost -> localhost] => (item=[1, u'laptop'])
ok: [localhost -> localhost] => (item=[2, u'desktop'])

TASK [wireguard : WireGuard configured] ******************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [wireguard : WireGuard enabled and started] *********************************************************************************************************************************************************************************************
ok: [localhost]

RUNNING HANDLER [wireguard : restart wireguard] **********************************************************************************************************************************************************************************************
changed: [localhost]
included: /algo/roles/strongswan/tasks/ubuntu.yml for localhost

TASK [strongswan : Set OS specific facts] ****************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Install strongSwan] **********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Charon profile for apparmor configured] **************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Enforcing ipsec with apparmor] ***********************************************************************************************************************************************************************************
ok: [localhost] => (item=/usr/lib/ipsec/charon)
ok: [localhost] => (item=/usr/lib/ipsec/lookip)
ok: [localhost] => (item=/usr/lib/ipsec/stroke)

TASK [strongswan : Ubuntu | Enable services] *************************************************************************************************************************************************************************************************
ok: [localhost] => (item=apparmor)
ok: [localhost] => (item=strongswan)
ok: [localhost] => (item=netfilter-persistent)

TASK [strongswan : Ubuntu | Ensure that the strongswan service directory exist] **************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ***************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Ensure that the strongswan user exist] ************************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Install strongSwan] *******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Setup the config files from our templates] ********************************************************************************************************************************************************************************
ok: [localhost] => (item={u'dest': u'strongswan.conf', u'src': u'strongswan.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [localhost] => (item={u'dest': u'ipsec.conf', u'src': u'ipsec.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [localhost] => (item={u'dest': u'ipsec.secrets', u'src': u'ipsec.secrets.j2', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
ok: [localhost] => (item={u'dest': u'strongswan.d/charon.conf', u'src': u'charon.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})

TASK [strongswan : Get loaded plugins] *******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [strongswan : Disable unneeded plugins] *************************************************************************************************************************************************************************************************
ok: [localhost] => (item=rc2)
ok: [localhost] => (item=aesni)
ok: [localhost] => (item=xauth-generic)
ok: [localhost] => (item=resolve)
ok: [localhost] => (item=connmark)
ok: [localhost] => (item=eap-mschapv2)
ok: [localhost] => (item=sha1)
ok: [localhost] => (item=agent)
ok: [localhost] => (item=md4)
ok: [localhost] => (item=bypass-lan)
ok: [localhost] => (item=mgf1)
ok: [localhost] => (item=fips-prf)
ok: [localhost] => (item=attr)
ok: [localhost] => (item=constraints)
ok: [localhost] => (item=pkcs1)
ok: [localhost] => (item=updown)
ok: [localhost] => (item=md5)
ok: [localhost] => (item=dnskey)
ok: [localhost] => (item=sshkey)
ok: [localhost] => (item=xcbc)
ok: [localhost] => (item=counters)
ok: [localhost] => (item=gmp)

TASK [strongswan : Ensure that required plugins are enabled] *********************************************************************************************************************************************************************************
ok: [localhost] => (item=hmac)
ok: [localhost] => (item=pubkey)
ok: [localhost] => (item=pem)
ok: [localhost] => (item=pkcs7)
ok: [localhost] => (item=random)
ok: [localhost] => (item=stroke)
ok: [localhost] => (item=pkcs12)
ok: [localhost] => (item=kernel-netlink)
ok: [localhost] => (item=sha2)
ok: [localhost] => (item=aes)
ok: [localhost] => (item=x509)
ok: [localhost] => (item=gcm)
ok: [localhost] => (item=openssl)
ok: [localhost] => (item=revocation)
ok: [localhost] => (item=pgp)
ok: [localhost] => (item=socket-default)
ok: [localhost] => (item=nonce)
ok: [localhost] => (item=pkcs8)

TASK [strongswan : Set subjectAltName as a fact] *********************************************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [strongswan : debug] ********************************************************************************************************************************************************************************************************************
ok: [localhost -> localhost] => {
    "subjectAltName": "IP:128.199.142.112,IP:2400:6180:0:d0::2e1:b001"
}

TASK [strongswan : Ensure the pki directories exist] *****************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=ecparams)
changed: [localhost -> localhost] => (item=certs)
changed: [localhost -> localhost] => (item=crl)
changed: [localhost -> localhost] => (item=newcerts)
changed: [localhost -> localhost] => (item=private)
changed: [localhost -> localhost] => (item=public)
changed: [localhost -> localhost] => (item=reqs)

TASK [strongswan : Ensure the config directories exist] **************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=apple)
changed: [localhost -> localhost] => (item=windows)
changed: [localhost -> localhost] => (item=manual)

TASK [strongswan : Ensure the files exist] ***************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=.rnd)
changed: [localhost -> localhost] => (item=private/.rnd)
changed: [localhost -> localhost] => (item=index.txt)
changed: [localhost -> localhost] => (item=index.txt.attr)
changed: [localhost -> localhost] => (item=serial)

TASK [strongswan : Generate the openssl server configs] **************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the CA pair] ********************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Copy the CA certificate] **************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Generate the serial number] ***********************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the server pair] ****************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Build the client's pair] **************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build openssh public keys] ************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client's p12] ***************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client's p12 with the CA cert included] *************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Copy the p12 certificates] ************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Get active users] *********************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [strongswan : Copy the keys to the strongswan directory] ********************************************************************************************************************************************************************************
changed: [localhost] => (item={u'dest': u'cacerts/ca.crt', u'src': u'cacert.pem', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'certs/128.199.142.112.crt', u'src': u'certs/128.199.142.112.crt', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'private/128.199.142.112.key', u'src': u'private/128.199.142.112.key', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})

TASK [strongswan : Register p12 PayloadContent] **********************************************************************************************************************************************************************************************
ok: [localhost -> localhost] => (item=linford)
ok: [localhost -> localhost] => (item=laptop)
ok: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Set facts for mobileconfigs] **********************************************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [strongswan : Build the mobileconfigs] **************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [strongswan : Build the client ipsec config file] ***************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the client ipsec secret file] ***************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [strongswan : Build the windows client powershell script] *******************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=[u'linford', {'_ansible_parsed': True, 'stderr_lines': [], u'changed': False, u'stdout': u'MIIEjQIBAzCCBFMGCSqGSIb3DQEHAaCCBEQEggRAMIIEPDCCAt8GCSqGSIb3DQEHBqCCAtAwggLM\nAgEAMIICxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIQbmoFlJ1xPUCAggAgIICmMrZcH6y\n72GW2BU5SDgkcIPfcBGgd7umwLttRElREdJ/8An289JAuwjWUBLMXMH0SOSaxWK7EmSNtRkzXcIj\npTgX5NQ/89Z7m0HcELsvLgSDVO2UISEmHWgKpHuFSjEITjljdLMsPHER+yFt7vD156oCNMvsHBUl\nzc1IxinZf3+kfScvPAxuccBCfdhJaqRUmdd9ylGHHXs+f6PPXVW0w+fMgTXHUJKbz9cgwlIQXM59\nVqH5S2fXkGAe3mdy3xOjvmjsyRXIOJD4zNjt3MXtJ50wNjzUIfIH7pFkT4PFjZ033fon4fxW4OTP\nQivEfAGjbsYv4FrZMQPOyKbdW858+asmm2eQ48q9rfrvZREu/+ZIG4DSW22fn2+Az4H6+k5Mjcn+\nYaNc9jRMKZ+6vfEHQbQ7s0m3Jrm+inoxDijJEBOkE9rXBKn4WKWJDX69OHsHXrp9XDjSbyfVeN6O\nHjpFWrdt19RR6CxLwh3IPVCFJMlanaSl5yMNU6nU/eGwzUovJrMb6zk4z0/N/j0uGtn9RhvMXOzO\nW3N+S85BojHyCxXDzY9Bpx95MM2w61m6M5IVHTR6PK7UzlY//z5HfGE7pLvUM+BsElHZj7XD7I+I\neOQFC4OZPvluduGMvVwdkDN3GjHCguUv05cDbgY3UHxZnhJcmECRQcJXY31mc2pa5jtvcxzAt3Xg\nDTJtfJC+zR3qmz/AIT+kCqUPxsRV6BMbMuMvNhtLmeI+VU4E5LKhvyPHLgwcHRVBOZhlzbQVmfxv\nWPUa+j94nujd0/GuZ4niydvWL7d1xm2goRqIH5axIVobwpPstW7KRXGEaU+9Esaj1nQChcg9azUI\nPHZRIfsADSPlYBWTA1ivoD7qRHzdAolxU/O2dvXR0uMwggFVBgkqhkiG9w0BBwGgggFGBIIBQjCC\nAT4wggE6BgsqhkiG9w0BDAoBAqCB5DCB4TAcBgoqhkiG9w0BDAEDMA4ECKGPWMm0N3j1AgIIAASB\nwF7btC2wo/+ZTl0VRrlwlI4MVqc87/a+WIulP8OmwrHcWZ0lR2iFFdJ+nR6DijnGPyYtkWdfllw6\nfK7g+QpojWOhkBVD5fp99dnp+GxeLIk6P3aYjkyX7953x4ybXQTFyHjBZe4O3uLlO60q9TIWbcb5\nJVBSkQYhFEjcthC9dCGmXAU1tl1kAMqBkNBsjKoRe8yPcBfXDilIZnYWuqJPE7P1erjy1HRfZTfg\nutE7/wGty7jawreYGso2eKxj34g3NjFEMB0GCSqGSIb3DQEJFDEQHg4AbABpAG4AZgBvAHIAZDAj\nBgkqhkiG9w0BCRUxFgQUc0emaQW6gDJLXN3fMx3GmO5njFgwMTAhMAkGBSsOAwIaBQAEFAfOPjzg\nwSclPCBuaqviDb7CuQnpBAiz4Uy/511dbwICCAA=', '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'delta': u'0:00:00.006005', 'stdout_lines': [u'MIIEjQIBAzCCBFMGCSqGSIb3DQEHAaCCBEQEggRAMIIEPDCCAt8GCSqGSIb3DQEHBqCCAtAwggLM', u'AgEAMIICxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIQbmoFlJ1xPUCAggAgIICmMrZcH6y', u'72GW2BU5SDgkcIPfcBGgd7umwLttRElREdJ/8An289JAuwjWUBLMXMH0SOSaxWK7EmSNtRkzXcIj', u'pTgX5NQ/89Z7m0HcELsvLgSDVO2UISEmHWgKpHuFSjEITjljdLMsPHER+yFt7vD156oCNMvsHBUl', u'zc1IxinZf3+kfScvPAxuccBCfdhJaqRUmdd9ylGHHXs+f6PPXVW0w+fMgTXHUJKbz9cgwlIQXM59', u'VqH5S2fXkGAe3mdy3xOjvmjsyRXIOJD4zNjt3MXtJ50wNjzUIfIH7pFkT4PFjZ033fon4fxW4OTP', u'QivEfAGjbsYv4FrZMQPOyKbdW858+asmm2eQ48q9rfrvZREu/+ZIG4DSW22fn2+Az4H6+k5Mjcn+', u'YaNc9jRMKZ+6vfEHQbQ7s0m3Jrm+inoxDijJEBOkE9rXBKn4WKWJDX69OHsHXrp9XDjSbyfVeN6O', u'HjpFWrdt19RR6CxLwh3IPVCFJMlanaSl5yMNU6nU/eGwzUovJrMb6zk4z0/N/j0uGtn9RhvMXOzO', u'W3N+S85BojHyCxXDzY9Bpx95MM2w61m6M5IVHTR6PK7UzlY//z5HfGE7pLvUM+BsElHZj7XD7I+I', u'eOQFC4OZPvluduGMvVwdkDN3GjHCguUv05cDbgY3UHxZnhJcmECRQcJXY31mc2pa5jtvcxzAt3Xg', u'DTJtfJC+zR3qmz/AIT+kCqUPxsRV6BMbMuMvNhtLmeI+VU4E5LKhvyPHLgwcHRVBOZhlzbQVmfxv', u'WPUa+j94nujd0/GuZ4niydvWL7d1xm2goRqIH5axIVobwpPstW7KRXGEaU+9Esaj1nQChcg9azUI', u'PHZRIfsADSPlYBWTA1ivoD7qRHzdAolxU/O2dvXR0uMwggFVBgkqhkiG9w0BBwGgggFGBIIBQjCC', u'AT4wggE6BgsqhkiG9w0BDAoBAqCB5DCB4TAcBgoqhkiG9w0BDAEDMA4ECKGPWMm0N3j1AgIIAASB', u'wF7btC2wo/+ZTl0VRrlwlI4MVqc87/a+WIulP8OmwrHcWZ0lR2iFFdJ+nR6DijnGPyYtkWdfllw6', u'fK7g+QpojWOhkBVD5fp99dnp+GxeLIk6P3aYjkyX7953x4ybXQTFyHjBZe4O3uLlO60q9TIWbcb5', u'JVBSkQYhFEjcthC9dCGmXAU1tl1kAMqBkNBsjKoRe8yPcBfXDilIZnYWuqJPE7P1erjy1HRfZTfg', u'utE7/wGty7jawreYGso2eKxj34g3NjFEMB0GCSqGSIb3DQEJFDEQHg4AbABpAG4AZgBvAHIAZDAj', u'BgkqhkiG9w0BCRUxFgQUc0emaQW6gDJLXN3fMx3GmO5njFgwMTAhMAkGBSsOAwIaBQAEFAfOPjzg', u'wSclPCBuaqviDb7CuQnpBAiz4Uy/511dbwICCAA='], '_ansible_item_label': u'linford', u'end': u'2019-06-01 17:05:42.240763', '_ansible_no_log': False, u'start': u'2019-06-01 17:05:42.234758', 'failed': False, u'cmd': u'set -o pipefail\n cat private/linford.p12 |\n base64', 'item': u'linford', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'creates': None, u'executable': u'bash', u'_uses_shell': True, u'_raw_params': u'set -o pipefail\n cat private/linford.p12 |\n base64', u'removes': None, u'argv': None, u'warn': True, u'chdir': u'configs/128.199.142.112/ipsec//.pki/', u'stdin': None}}, '_ansible_ignore_errors': None}])
changed: [localhost -> localhost] => (item=[u'laptop', {'_ansible_parsed': True, 'stderr_lines': [], u'changed': False, u'stdout': u'MIIEiwIBAzCCBFEGCSqGSIb3DQEHAaCCBEIEggQ+MIIEOjCCAt8GCSqGSIb3DQEHBqCCAtAwggLM\nAgEAMIICxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI6kyZqJDs2BACAggAgIICmOYXQn0n\ndf2KibCU2aq+61Riljd53RX1TVMsCbCsbXqHtCsLaNwuPNtz2EMclPCwIBIjt1IpP/GQVsX2Mdcs\nnRWAzJqmEXla4chnd6LZMLkRoSfA8VcfspU9VzHcDBxhf8F1yVS6s8JgWqEMpKkMex5yYltFbW2q\nPUeegSv0BAujioClDhD73lfnc7hkfkW4DjAdAkxqed12OPbYJPQG5TVGIhlSh9YJj0FFmBsYt0oi\nq1TMlSqVjsgAI8FV6txjEevpOaIbqZ1BrdCfUgGA5H39DnbEow8BMnJTZ/T6sWlAu7OzfFlcJkaY\nJgpGTXwurHpObZy9modpQJgxgKGo4uFgvoweJMEotT4PCkXD8dThNhc8lpZozq0vgoGb6cvQepci\n43u5UHB5LWEgDsn5CB7Tk6pObF+UdCIgo+cF3hwruM9Rfi1Q4u+gNl45KQXAUfY2cXnme3Lf2tJE\nsFWH0j6bAMDLL6XT0F58q39MOlpEjYjRMu86ZuIeKlwhtW5d1yxZTMetwls7vH78E0NAR38/C6YB\ntod/Xg4NB84h+y//MYOTxHEr7vLKq8od7Ae/nQW0twsHK0hdIHzV9gelinPQvqMitjwJlRcrUUmX\nI4hB6XJx9OaXISqDOdR0q2m0Sd2KoMUAfk2lvjzL7DMLOWUgfBDlnhzepyg/MLgS9o250SIAM1AP\ncfTlJOuDAjrY6JnZ9SUwtYBTpZxe2TNKciAINw21koA4Mewo38v29KQElHXbGSG0GithnPe6MTz5\n52cSkYq4LBQFoeQ4PPo6enAMSaTmASKTGF7+87lYrOV91+HLGUUozzp25syz2nEMJq0Mhws3pBrh\nQKfGO/o/+vckCb6ZpQiL9WQBPeJpVZJrBJicLZAghWUwggFTBgkqhkiG9w0BBwGgggFEBIIBQDCC\nATwwggE4BgsqhkiG9w0BDAoBAqCB5DCB4TAcBgoqhkiG9w0BDAEDMA4ECINf2WUszwN5AgIIAASB\nwNZtBxaZJYM1eT6P5XCkX5enDixWQ1GzGNbNce75jNoiz56lv5DTi4gn7+pQ+e8L50mYBOQjxgUJ\nZfwrWAf7epzJbgG8R1HNwoeLN+ujCXy8i1oL6+S2NRJ7fT9MqRjNOe87+0T8P2fE5L+/R94oPesn\n58PWpsFX/z8P2j2Mdnwv7P/dE7Ezh9VT9nxnTFzqa2fJxeRkF7X4rK86To7cGhC/QVgyCM3lkVop\nv0KZoLC5PNK5r4MdJTbOudHi0tMK7zFCMBsGCSqGSIb3DQEJFDEOHgwAbABhAHAAdABvAHAwIwYJ\nKoZIhvcNAQkVMRYEFGLZMsQZWtyQYWZKmQ/pfEJYfhi8MDEwITAJBgUrDgMCGgUABBRv1bgOfPDF\nxbTF8gqFqacaeRW+ZwQI1x/RGzEyavACAggA', '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'delta': u'0:00:00.005743', 'stdout_lines': [u'MIIEiwIBAzCCBFEGCSqGSIb3DQEHAaCCBEIEggQ+MIIEOjCCAt8GCSqGSIb3DQEHBqCCAtAwggLM', u'AgEAMIICxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI6kyZqJDs2BACAggAgIICmOYXQn0n', u'df2KibCU2aq+61Riljd53RX1TVMsCbCsbXqHtCsLaNwuPNtz2EMclPCwIBIjt1IpP/GQVsX2Mdcs', u'nRWAzJqmEXla4chnd6LZMLkRoSfA8VcfspU9VzHcDBxhf8F1yVS6s8JgWqEMpKkMex5yYltFbW2q', u'PUeegSv0BAujioClDhD73lfnc7hkfkW4DjAdAkxqed12OPbYJPQG5TVGIhlSh9YJj0FFmBsYt0oi', u'q1TMlSqVjsgAI8FV6txjEevpOaIbqZ1BrdCfUgGA5H39DnbEow8BMnJTZ/T6sWlAu7OzfFlcJkaY', u'JgpGTXwurHpObZy9modpQJgxgKGo4uFgvoweJMEotT4PCkXD8dThNhc8lpZozq0vgoGb6cvQepci', u'43u5UHB5LWEgDsn5CB7Tk6pObF+UdCIgo+cF3hwruM9Rfi1Q4u+gNl45KQXAUfY2cXnme3Lf2tJE', u'sFWH0j6bAMDLL6XT0F58q39MOlpEjYjRMu86ZuIeKlwhtW5d1yxZTMetwls7vH78E0NAR38/C6YB', u'tod/Xg4NB84h+y//MYOTxHEr7vLKq8od7Ae/nQW0twsHK0hdIHzV9gelinPQvqMitjwJlRcrUUmX', u'I4hB6XJx9OaXISqDOdR0q2m0Sd2KoMUAfk2lvjzL7DMLOWUgfBDlnhzepyg/MLgS9o250SIAM1AP', u'cfTlJOuDAjrY6JnZ9SUwtYBTpZxe2TNKciAINw21koA4Mewo38v29KQElHXbGSG0GithnPe6MTz5', u'52cSkYq4LBQFoeQ4PPo6enAMSaTmASKTGF7+87lYrOV91+HLGUUozzp25syz2nEMJq0Mhws3pBrh', u'QKfGO/o/+vckCb6ZpQiL9WQBPeJpVZJrBJicLZAghWUwggFTBgkqhkiG9w0BBwGgggFEBIIBQDCC', u'ATwwggE4BgsqhkiG9w0BDAoBAqCB5DCB4TAcBgoqhkiG9w0BDAEDMA4ECINf2WUszwN5AgIIAASB', u'wNZtBxaZJYM1eT6P5XCkX5enDixWQ1GzGNbNce75jNoiz56lv5DTi4gn7+pQ+e8L50mYBOQjxgUJ', u'ZfwrWAf7epzJbgG8R1HNwoeLN+ujCXy8i1oL6+S2NRJ7fT9MqRjNOe87+0T8P2fE5L+/R94oPesn', u'58PWpsFX/z8P2j2Mdnwv7P/dE7Ezh9VT9nxnTFzqa2fJxeRkF7X4rK86To7cGhC/QVgyCM3lkVop', u'v0KZoLC5PNK5r4MdJTbOudHi0tMK7zFCMBsGCSqGSIb3DQEJFDEOHgwAbABhAHAAdABvAHAwIwYJ', u'KoZIhvcNAQkVMRYEFGLZMsQZWtyQYWZKmQ/pfEJYfhi8MDEwITAJBgUrDgMCGgUABBRv1bgOfPDF', u'xbTF8gqFqacaeRW+ZwQI1x/RGzEyavACAggA'], '_ansible_item_label': u'laptop', u'end': u'2019-06-01 17:05:42.467179', '_ansible_no_log': False, u'start': u'2019-06-01 17:05:42.461436', 'failed': False, u'cmd': u'set -o pipefail\n cat private/laptop.p12 |\n base64', 'item': u'laptop', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'creates': None, u'executable': u'bash', u'_uses_shell': True, u'_raw_params': u'set -o pipefail\n cat private/laptop.p12 |\n base64', u'removes': None, u'argv': None, u'warn': True, u'chdir': u'configs/128.199.142.112/ipsec//.pki/', u'stdin': None}}, '_ansible_ignore_errors': None}])
changed: [localhost -> localhost] => (item=[u'desktop', {'_ansible_parsed': True, 'stderr_lines': [], u'changed': False, u'stdout': u'MIIEjQIBAzCCBFMGCSqGSIb3DQEHAaCCBEQEggRAMIIEPDCCAt8GCSqGSIb3DQEHBqCCAtAwggLM\nAgEAMIICxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIf1gLeznC+ucCAggAgIICmBzQ0Q7Q\nJh3r0aJAR9E5ztTKLDU1Lv39vb8iuKDOh4s/55NLNIflMUMfBI/joI9EAspe4sQeOXJ/PJquiB28\nDh7/mx1r+tD6007jryY1W0DBUEytZ8it8Kf4npiPWr7qpTAUpZ3ylbGA/dIo/XwsCEyUKj7kPo4e\nhAzXT/7KKRKnsz0eBCfY7RLnR1FlTpv5Z7wOVmnWSZs/Ka/DCapzQCkjN4rzanUFh+XIBP1Wt6nP\n6peZgyG9744QkGuPs6OgYtKAdY0z0OfxUHImveeT2FgC3Q/7/tZNnbOB52TvdQWhNlNX5M2wHa+3\nZWBoi6jEHEm+2u4PV6A7vCrTjUYy3nrH2SFMbXJq0UnpQ5wfVJL+ElMHc+IHOUyfSIOpF7Nhfvym\nGAEI5WIRBb9lbj44X++rm5JkK/vnaPg+9yPWB+RxuHasxPM/Bn10lcpvEJlCJlaA9ENja4/XRdSt\nCHsoJq8dMEESa3qjQEqtHBdxEPsWTwBPoXrVdBjvNEg/kWuXY6zTq14rRi1AXp0ocTcuBKN9PgPZ\nwgRGuG+cnyS5aMYiTNT0HWUVAGTZ76giiHmuQX+mwhoClNhHWUPocKnPv4H0kO7GxyAeMdveRF1p\nIcKzaMH8MsNuXUrnjTYNXE4oMpSiIMs+fRBwJ/i/JQQQaThsYDiWlJ7Biz8BoPwB3Ha1IHIEJ741\nwBSslCgodBVC+08B1guGDOTZblEf8MmJLhq7eBFOSVFvhFv3gzugKDavBgM3G5lMy+O0c8h8DHg8\nGfA8KWc59cvCOHNw4V9VNeKPnM2GANQC49q+Duw14wTeNioAcKcI/h1bMGlUj9AgKmopepZP7JCz\nNHXyVfhYkgikQWt66nXjJ083h9ebUrpvmZcyyM1nOSEwggFVBgkqhkiG9w0BBwGgggFGBIIBQjCC\nAT4wggE6BgsqhkiG9w0BDAoBAqCB5DCB4TAcBgoqhkiG9w0BDAEDMA4ECNyt1/yMQ+p0AgIIAASB\nwHVUhbOFWRzjbi8LAvSUpr9+bzE+2G4/W7ZoXpDXZjfw7cWrwWXYVt8NddQtMKL95kJxrlwrp+SN\nw6Vsp8B1WsXVpULGODdtFsc6MQSniAYCyiLTMK0EsnLDre06LeCck1dB1ey5jpl+Tlz5GKnAdi3e\nhVtZHKxG0vr1ejLpOtn6UzNeNdUpLB5YYJkwfAUP88T1uDsQA9Mre3AU4R6/kHEtjdJGzNpbO2qJ\nrndxogf/0I5cjeL7BnV49Cr7ScwNujFEMB0GCSqGSIb3DQEJFDEQHg4AZABlAHMAawB0AG8AcDAj\nBgkqhkiG9w0BCRUxFgQUbP6XbEDSc081X8mp3/0JecW97YwwMTAhMAkGBSsOAwIaBQAEFLczAtk9\npjvFTWNXzBZsPNTZ2KvfBAgMctjgZS4zMwICCAA=', '_ansible_delegated_vars': {'ansible_delegated_host': u'localhost', 'ansible_host': u'localhost'}, '_ansible_item_result': True, u'delta': u'0:00:00.005779', 'stdout_lines': [u'MIIEjQIBAzCCBFMGCSqGSIb3DQEHAaCCBEQEggRAMIIEPDCCAt8GCSqGSIb3DQEHBqCCAtAwggLM', u'AgEAMIICxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIf1gLeznC+ucCAggAgIICmBzQ0Q7Q', u'Jh3r0aJAR9E5ztTKLDU1Lv39vb8iuKDOh4s/55NLNIflMUMfBI/joI9EAspe4sQeOXJ/PJquiB28', u'Dh7/mx1r+tD6007jryY1W0DBUEytZ8it8Kf4npiPWr7qpTAUpZ3ylbGA/dIo/XwsCEyUKj7kPo4e', u'hAzXT/7KKRKnsz0eBCfY7RLnR1FlTpv5Z7wOVmnWSZs/Ka/DCapzQCkjN4rzanUFh+XIBP1Wt6nP', u'6peZgyG9744QkGuPs6OgYtKAdY0z0OfxUHImveeT2FgC3Q/7/tZNnbOB52TvdQWhNlNX5M2wHa+3', u'ZWBoi6jEHEm+2u4PV6A7vCrTjUYy3nrH2SFMbXJq0UnpQ5wfVJL+ElMHc+IHOUyfSIOpF7Nhfvym', u'GAEI5WIRBb9lbj44X++rm5JkK/vnaPg+9yPWB+RxuHasxPM/Bn10lcpvEJlCJlaA9ENja4/XRdSt', u'CHsoJq8dMEESa3qjQEqtHBdxEPsWTwBPoXrVdBjvNEg/kWuXY6zTq14rRi1AXp0ocTcuBKN9PgPZ', u'wgRGuG+cnyS5aMYiTNT0HWUVAGTZ76giiHmuQX+mwhoClNhHWUPocKnPv4H0kO7GxyAeMdveRF1p', u'IcKzaMH8MsNuXUrnjTYNXE4oMpSiIMs+fRBwJ/i/JQQQaThsYDiWlJ7Biz8BoPwB3Ha1IHIEJ741', u'wBSslCgodBVC+08B1guGDOTZblEf8MmJLhq7eBFOSVFvhFv3gzugKDavBgM3G5lMy+O0c8h8DHg8', u'GfA8KWc59cvCOHNw4V9VNeKPnM2GANQC49q+Duw14wTeNioAcKcI/h1bMGlUj9AgKmopepZP7JCz', u'NHXyVfhYkgikQWt66nXjJ083h9ebUrpvmZcyyM1nOSEwggFVBgkqhkiG9w0BBwGgggFGBIIBQjCC', u'AT4wggE6BgsqhkiG9w0BDAoBAqCB5DCB4TAcBgoqhkiG9w0BDAEDMA4ECNyt1/yMQ+p0AgIIAASB', u'wHVUhbOFWRzjbi8LAvSUpr9+bzE+2G4/W7ZoXpDXZjfw7cWrwWXYVt8NddQtMKL95kJxrlwrp+SN', u'w6Vsp8B1WsXVpULGODdtFsc6MQSniAYCyiLTMK0EsnLDre06LeCck1dB1ey5jpl+Tlz5GKnAdi3e', u'hVtZHKxG0vr1ejLpOtn6UzNeNdUpLB5YYJkwfAUP88T1uDsQA9Mre3AU4R6/kHEtjdJGzNpbO2qJ', u'rndxogf/0I5cjeL7BnV49Cr7ScwNujFEMB0GCSqGSIb3DQEJFDEQHg4AZABlAHMAawB0AG8AcDAj', u'BgkqhkiG9w0BCRUxFgQUbP6XbEDSc081X8mp3/0JecW97YwwMTAhMAkGBSsOAwIaBQAEFLczAtk9', u'pjvFTWNXzBZsPNTZ2KvfBAgMctjgZS4zMwICCAA='], '_ansible_item_label': u'desktop', u'end': u'2019-06-01 17:05:42.689813', '_ansible_no_log': False, u'start': u'2019-06-01 17:05:42.684034', 'failed': False, u'cmd': u'set -o pipefail\n cat private/desktop.p12 |\n base64', 'item': u'desktop', u'stderr': u'', u'rc': 0, u'invocation': {u'module_args': {u'creates': None, u'executable': u'bash', u'_uses_shell': True, u'_raw_params': u'set -o pipefail\n cat private/desktop.p12 |\n base64', u'removes': None, u'argv': None, u'warn': True, u'chdir': u'configs/128.199.142.112/ipsec//.pki/', u'stdin': None}}, '_ansible_ignore_errors': None}])

TASK [strongswan : Restrict permissions for the local private directories] *******************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [strongswan : strongSwan started] *******************************************************************************************************************************************************************************************************
ok: [localhost]

RUNNING HANDLER [strongswan : restart strongswan] ********************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] ******************************************************************************************************************************************************************
ok: [localhost]

TASK [ssh_tunneling : Ensure that the algo group exist] **************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ssh_tunneling : Ensure that the jail directory exist] **********************************************************************************************************************************************************************************
ok: [localhost]

TASK [ssh_tunneling : Ensure that the SSH users exist] ***************************************************************************************************************************************************************************************
ok: [localhost] => (item=linford)
ok: [localhost] => (item=laptop)
ok: [localhost] => (item=desktop)

TASK [ssh_tunneling : Ensure the config directories exist] ***********************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [ssh_tunneling : Check if the private keys exist] ***************************************************************************************************************************************************************************************
ok: [localhost -> localhost] => (item=linford)
ok: [localhost -> localhost] => (item=laptop)
ok: [localhost -> localhost] => (item=desktop)

TASK [ssh_tunneling : Build ssh private keys] ************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [ssh_tunneling : Build ssh public keys] *************************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost -> localhost] => (item=None)
changed: [localhost]

TASK [ssh_tunneling : Build the client ssh config] *******************************************************************************************************************************************************************************************
changed: [localhost -> localhost] => (item=linford)
changed: [localhost -> localhost] => (item=laptop)
changed: [localhost -> localhost] => (item=desktop)

TASK [ssh_tunneling : The authorized keys file created] **************************************************************************************************************************************************************************************
changed: [localhost] => (item=linford)
changed: [localhost] => (item=laptop)
changed: [localhost] => (item=desktop)

TASK [ssh_tunneling : Get active users] ******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Dump the configuration] ****************************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]

TASK [Create a symlink if deploying to localhost] ********************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "msg": "the directory configs/localhost is not empty, refusing to convert it", "owner": "root", "path": "configs/localhost", "size": 4096, "state": "directory", "uid": 0}
included: /algo/playbooks/rescue.yml for localhost

TASK [debug] *********************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "fail_hint": [
        "Sorry, but something went wrong!", 
        "Please check the troubleshooting guide.", 
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [Fail the installation] *****************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
localhost                  : ok=146  changed=42   unreachable=0    failed=2   

root@linford-ubuntu-s-1vcpu-1gb-sgp1-01:/algo#
TC1977 commented 5 years ago

I wonder if you’re not installing on top of failed installs and getting errors from that. (Algo expects to install onto a clean server that doesn’t already have WireGuard or strongSwan installed.) Try rm-r configs/localhost and removing the lock files again, then rerun Algo.

Aima09 commented 5 years ago

I wonder if you’re not installing on top of failed installs and getting errors from that. (Algo expects to install onto a clean server that doesn’t already have WireGuard or strongSwan installed.) Try rm-r configs/localhost and removing the lock files again, then rerun Algo.

The configs directory was already cleaned and empty in the above case.But it's still not works for me.

TC1977 commented 5 years ago

Ok, so I fired up a Lightsail Ubuntu 18.04 instance, ran a local install with all default options (N), then re-installed locally with all options (Y) like you had, and both installs went without errors. Not that this helps you.

Do you mind running it again with ./algo -vvv please?

TC1977 commented 5 years ago

Also, just checking but did you run 

python -m virtualenv --python=`which python2` env &&
    source env/bin/activate &&
    python -m pip install -U pip virtualenv &&
    python -m pip install -r requirements.txt

? Because I didn't see you list that step up top.

Aima09 commented 5 years ago

Ok, so I fired up a Lightsail Ubuntu 18.04 instance, ran a local install with all default options (N), then re-installed locally with all options (Y) like you had, and both installs went without errors. Not that this helps you.

Do you mind running it again with ./algo -vvv please?

Yes,My VPS was DigitalOcean and same as Ubuntu 18.04 .And it's looks working when running with './algo -vvv'.There are a lot of log output in my terminal.The final output statement was:

ok: [localhost] => { "msg": [ [ "\"# Congratulations! #\"", "\"# Your Algo server is running. #\"", "\"# Config files and certificates are in the ./configs/ directory. #\"", "\"# Go to https://whoer.net/ after connecting #\"", "\"# and ensure that all your t

so it's very confusing me what the problem is.

Aima09 commented 5 years ago

Also, just checking but did you run

python -m virtualenv --python=`which python2` env &&
    source env/bin/activate &&
    python -m pip install -U pip virtualenv &&
    python -m pip install -r requirements.txt

? Because I didn't see you list that step up top.

Yes,I did it since I post the first case.Thank you very much!

TC1977 commented 5 years ago

It sounds like there's no problem anymore. 😅 Congrats!

steuck13 commented 4 years ago

Greetings, I did the same, followed all the install instructions and I keep getting this error on Ubuntu Server 18.04. Im running it on a VirtualBox VM.

TC1977 commented 4 years ago

Greetings, I did the same, followed all the install instructions and I keep getting this error on Ubuntu Server 18.04. Im running it on a VirtualBox VM.

Did you rm -r configs/localhost from the algo directory and then re-run it with ./algo -vvv?

mikossheev commented 4 years ago

Hello! I am struggling with the same issue. Ubuntu 18, freshly installed. What I did straight after install:

sudo apt install git sudo apt-get install build-essential libssl-dev libffi-dev python-dev python-pip python-setuptools python-virtualenv -y git clone https://github.com/trailofbits/algo.git cd ./algo python3 -m virtualenv --python="$(command -v python3)" .env &&

source .env/bin/activate && python3 -m pip install -U pip virtualenv && python3 -m pip install -r requirements.txt ./algo -vvv

config.cfg is default

Here is what I choose during the deploy:

[Cloud prompt] What provider would you like to use?

  1. DigitalOcean
  2. Amazon Lightsail
  3. Amazon EC2
  4. Microsoft Azure
  5. Google Compute Engine
  6. Hetzner Cloud
  7. Vultr
  8. Scaleway
  9. OpenStack (DreamCompute optimised)
  10. CloudStack (Exoscale optimised)
  11. Install to existing Ubuntu 18.04 or 19.10 server (for more advanced users)

Enter the number of your desired provider : 11

[Cellular On Demand prompt] Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks? [y/N] : n

[Wi-Fi On Demand prompt] Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi? [y/N] : n

[Retain the PKI prompt] Do you want to retain the keys (PKI)? (required to add users in the future, but less secure) [y/N] : y

[DNS adblocking prompt] Do you want to enable DNS ad blocking on this VPN server? [y/N] : n

[SSH tunneling prompt] Do you want each user to have their own account for SSH tunneling? [y/N] : n

Enter the IP address of your server: (or use localhost for local installation): [localhost] : (Skipped, using default value)

Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [localhost] : (Skipped, using default value)`

Here is what I got at the end: ASK [Create a symlink if deploying to localhost] *************************************************************************************************************************************** task path: /root/algo/server.yml:97 fatal: [localhost]: FAILED! => { "changed": false, "gid": 0, "group": "root", "invocation": { "module_args": { "_diff_peek": null, "_original_basename": null, "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "backup": null, "content": null, "delimiter": null, "dest": "configs/localhost", "directory_mode": null, "follow": true, "force": true, "group": null, "mode": null, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "configs/localhost", "recurse": false, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "localhost", "state": "link", "unsafe_writes": null } }, "mode": "0755", "msg": "the directory configs/localhost is not empty, refusing to convert it", "owner": "root", "path": "configs/localhost", "size": 4096, "state": "directory", "uid": 0 } Read vars_file 'config.cfg' Read vars_file 'config.cfg' included: /root/algo/playbooks/rescue.yml for localhost Read vars_file 'config.cfg' Read vars_file 'config.cfg'

Full log attached: algo.log

I've already did a couple of tries, with different parameters, different configs, tried cleaning everything. But this run is as clean as it can be.

P.S. Already tried rm -r configs/localhost, it didn't help.

mikossheev commented 4 years ago

Update: Fixed by answering to this question:

Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[localhost]
:

with actual IP instead of localhost

TC1977 commented 4 years ago

This has come up before. Does it make sense to have a default option which can break the install? Would it make more sense to at least put [xxx.xxx.xxx.xxx] instead of [localhost] so people are triggered to put in an IP address?

EmirVildanov commented 2 years ago

Personally for me it was crashing when I was "Entering the public IP address or domain name of your server" I copy-pasted the IP from my desktop and inserted it into the terminal with Ctrl + Shift + V The result was ^M<_copied IP_>. So actual IP wasn't read because it was pasted after ^M