search

trailofbits / algo

Set up a personal VPN in the cloud
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/
GNU Affero General Public License v3.0
29.02k stars 2.33k forks source link

Local install fails: the 'file' lookup had an issue #14637

Open sundowndev opened 1 year ago

sundowndev commented 1 year ago

Describe the bug

Hi, after running local install on ubuntu 23 with default settings it fails with error : 

TASK [wireguard : Generate public keys] *****************************************************************
fatal: [localhost]: FAILED! => {"msg": "The 'file' lookup had an issue accessing the file 'configs/x.x.x.x/wireguard//.pki//private/phone'. file not found, use -vvvvv to see paths searched"}

Expected behavior

Algovpn to install as usual.

Additional context

N/A

Full log

(.env) ubuntu@d2-2-sgp1:~/algo$ ./algo

PLAY [localhost] ****************************************************************************************

TASK [Gathering Facts] **********************************************************************************
ok: [localhost]

TASK [Playbook dir stat] ********************************************************************************
ok: [localhost]

TASK [Ensure Ansible is not being run in a world writable directory] ************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from 
ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
[WARNING]: The value '' is not a valid IP address or network, passing this value to ipaddr filter might
result in breaking change in future.

TASK [Ensure the requirements installed] ****************************************************************
ok: [localhost]

TASK [Set required ansible version as a fact] ***********************************************************
ok: [localhost] => (item=ansible==6.1.0)

TASK [Just get the list from default pip] ***************************************************************
ok: [localhost]

TASK [Verify Python meets Algo VPN requirements] ********************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verify Ansible meets Algo VPN requirements] *******************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log

PLAY [Ask user for the input] ***************************************************************************

TASK [Gathering Facts] **********************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Microsoft Azure
    5. Google Compute Engine
    6. Hetzner Cloud
    7. Vultr
    8. Scaleway
    9. OpenStack (DreamCompute optimised)
    10. CloudStack (Exoscale optimised)
    11. Linode
    12. Install to existing Ubuntu latest LTS server (for more advanced users)

Enter the number of your desired provider
:
12^M
TASK [Cloud prompt] *************************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *********************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
^M
TASK [Cellular On Demand prompt] ************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
^M
TASK [Wi-Fi On Demand prompt] ***************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
^M
TASK [Retain the PKI prompt] ****************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
y^M
TASK [DNS adblocking prompt] ****************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
^M
TASK [SSH tunneling prompt] *****************************************************************************
ok: [localhost]

TASK [Set facts based on the input] *********************************************************************
ok: [localhost]

PLAY [Provision the server] *****************************************************************************

TASK [Gathering Facts] **********************************************************************************
ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 23.04 (Virtualized: kvm)
Created from git clone. Last commit: 1cf3d8d Add CODEOWNERS file (#14599)
Python 3.11.4
Runtime variables:
    algo_provider "local"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "False"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_dns_adblocking "True"
    algo_ssh_tunneling "False"
    wireguard_enabled "True"
    dns_encryption "True"

TASK [Display the invocation environment] ***************************************************************
changed: [localhost]

TASK [Install the requirements] *************************************************************************
ok: [localhost]

TASK [Include a provisioning role] **********************************************************************
[local : pause]
https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...:
^M
TASK [local : pause] ************************************************************************************
ok: [localhost] => (item=https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...)
[local : pause]
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:
^M
TASK [local : pause] ************************************************************************************
ok: [localhost]

TASK [local : Set the facts] ****************************************************************************
ok: [localhost]
[local : pause]
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[localhost]
:
x.x.x.x^M
TASK [local : pause] ************************************************************************************
ok: [localhost]

TASK [local : Set the facts] ****************************************************************************
ok: [localhost]

TASK [Set subjectAltName as a fact] *********************************************************************
ok: [localhost]

TASK [Add the server to an inventory group] *************************************************************
changed: [localhost]

TASK [Linux | set OS specific facts] ********************************************************************
ok: [localhost]

TASK [Set config paths as facts] ************************************************************************
ok: [localhost]

TASK [Update config paths] ******************************************************************************
changed: [localhost]

TASK [debug] ********************************************************************************************
ok: [localhost] => {
    "IP_subject_alt_name": "x.x.x.x"
}
[WARNING]: Reset is not implemented for this connection

TASK [Wait 600 seconds for target connection to become reachable/usable] ********************************
ok: [localhost] => (item=localhost)

PLAY [Configure the server and install required software] ***********************************************

TASK [common : Check the system] ************************************************************************
ok: [localhost]

TASK [common : include_tasks] ***************************************************************************
included: /home/ubuntu/algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] ****************************************************************************
ok: [localhost]

TASK [common : Install unattended-upgrades] *************************************************************
ok: [localhost]

TASK [common : Configure unattended-upgrades] ***********************************************************
ok: [localhost]

TASK [common : Periodic upgrades configured] ************************************************************
ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] **********************************************************
ok: [localhost] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'})
ok: [localhost] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Ensure fallback resolvers are set] *******************************************************
ok: [localhost]
[DEPRECATION WARNING]: Use 'ansible.utils.ipmath' module instead. This feature will be removed from 
ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.

TASK [common : Loopback for services configured] ********************************************************
ok: [localhost]

TASK [common : systemd services enabled and started] ****************************************************
ok: [localhost] => (item=systemd-networkd)
ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] ******************************************************************
ok: [localhost]

TASK [common : Set fact if apparmor enabled] ************************************************************
ok: [localhost]

TASK [common : Define facts] ****************************************************************************
ok: [localhost]

TASK [common : Set facts] *******************************************************************************
ok: [localhost]

TASK [common : Set IPv6 support as a fact] **************************************************************
ok: [localhost]

TASK [common : Check size of MTU] ***********************************************************************
ok: [localhost]

TASK [common : Set OS specific facts] *******************************************************************
ok: [localhost]

TASK [common : Install tools] ***************************************************************************
ok: [localhost]

TASK [common : include_tasks] ***************************************************************************
included: /home/ubuntu/algo/roles/common/tasks/iptables.yml for localhost
[DEPRECATION WARNING]: Use 'ansible.utils.ipmath' module instead. This feature will be removed from 
ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.

TASK [common : Iptables configured] *********************************************************************
ok: [localhost] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from 
ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Use 'ansible.utils.next_nth_usable' module instead. This feature will be removed 
from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Use 'ansible.utils.ipmath' module instead. This feature will be removed from 
ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.

TASK [common : Iptables configured] *********************************************************************
ok: [localhost] => (item={'src': 'rules.v6.j2', 'dest': '/etc/iptables/rules.v6'})

TASK [common : Sysctl tuning] ***************************************************************************
ok: [localhost] => (item={'item': 'net.ipv4.ip_forward', 'value': 1})
ok: [localhost] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})
ok: [localhost] => (item={'item': 'net.ipv6.conf.all.forwarding', 'value': 1})

TASK [dns : Include tasks for Ubuntu] *******************************************************************
included: /home/ubuntu/algo/roles/dns/tasks/ubuntu.yml for localhost

TASK [dns : Install dnscrypt-proxy] *********************************************************************
ok: [localhost]

TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] **************************************
ok: [localhost]

TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ****************************************
ok: [localhost]

TASK [dns : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ****************************
ok: [localhost]

TASK [dns : Ubuntu | Add custom requirements to successfully start the unit] ****************************
ok: [localhost]

TASK [dns : dnscrypt-proxy ip-blacklist configured] *****************************************************
ok: [localhost]
[DEPRECATION WARNING]: Use 'ansible.utils.ipmath' module instead. This feature will be removed from 
ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.

TASK [dns : dnscrypt-proxy configured] ******************************************************************
changed: [localhost]

TASK [dns : Adblock script created] *********************************************************************
ok: [localhost]

TASK [dns : Adblock script added to cron] ***************************************************************
changed: [localhost]

TASK [dns : Update adblock hosts] ***********************************************************************
ok: [localhost]
[WARNING]: flush_handlers task does not support when conditional

RUNNING HANDLER [dns : restart dnscrypt-proxy] **********************************************************
changed: [localhost]

TASK [dns : dnscrypt-proxy enabled and started] *********************************************************
ok: [localhost]

TASK [wireguard : Ensure the required directories exist] ************************************************
changed: [localhost] => (item=configs/x.x.x.x/wireguard//.pki//preshared)
changed: [localhost] => (item=configs/x.x.x.x/wireguard//.pki//private)
changed: [localhost] => (item=configs/x.x.x.x/wireguard//.pki//public)
changed: [localhost] => (item=configs/x.x.x.x/wireguard//apple/ios)
changed: [localhost] => (item=configs/x.x.x.x/wireguard//apple/macos)

TASK [wireguard : Include tasks for Ubuntu] *************************************************************
included: /home/ubuntu/algo/roles/wireguard/tasks/ubuntu.yml for localhost

TASK [wireguard : WireGuard installed] ******************************************************************
ok: [localhost]

TASK [wireguard : Set OS specific facts] ****************************************************************
ok: [localhost]

TASK [wireguard : Generate private keys] ****************************************************************
ok: [localhost] => (item=phone)
ok: [localhost] => (item=laptop)
ok: [localhost] => (item=desktop)
ok: [localhost] => (item=x.x.x.x)

TASK [wireguard : Generate preshared keys] **************************************************************
ok: [localhost] => (item=phone)
ok: [localhost] => (item=laptop)
ok: [localhost] => (item=desktop)
ok: [localhost] => (item=x.x.x.x)

TASK [wireguard : Generate public keys] *****************************************************************
fatal: [localhost]: FAILED! => {"msg": "The 'file' lookup had an issue accessing the file 'configs/x.x.x.x/wireguard//.pki//private/phone'. file not found, use -vvvvv to see paths searched"}

TASK [include_tasks] ************************************************************************************
included: /home/ubuntu/algo/playbooks/rescue.yml for localhost

TASK [debug] ********************************************************************************************
ok: [localhost] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}

TASK [Fail the installation] ****************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP **********************************************************************************************
localhost                  : ok=75   changed=7    unreachable=0    failed=1    skipped=32   rescued=1    ignored=0

Thanks for the help!

talvind commented 1 year ago

exactly the same behaviour I've got when try to install from my macos 13.4 to Ubuntu 22.04 I found that installation failed when try to write out key missing files expected to exists. But I don't understand the reason why this files missed

juju4 commented 1 year ago

on my side, the path exists an no lookup error. are you using ansible version and others from algo requirements.txt? what subfolders do you have in configs?

sundowndev commented 1 year ago

I ended up installing on cloud instead. I'll let @talvind lead this issue, otherwise feel free to close.

d1monch1k commented 10 months ago

same error

yeameen commented 4 months ago

I am getting the same error while trying to install locally.