Installation failure "Deploy from script or cloud-init", Hostinger VPS Ubuntu 22.04 x64

[thonerohh]

curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x

• set -ex
• METHOD=cloud
• ONDEMAND_CELLULAR=false
• ONDEMAND_WIFI=false
• ONDEMAND_WIFI_EXCLUDE=_null
• STORE_PKI=false
• DNS_ADBLOCKING=false
• SSH_TUNNELING=false
• ENDPOINT=localhost
• USERS=user1
• REPO_SLUG=trailofbits/algo
• REPO_BRANCH=master
• EXTRA_VARS=placeholder=null
• ANSIBLE_EXTRA_ARGS=
• cd /opt/
• test cloud = cloud
• publicIpFromMetadata
• grep DigitalOcean
• curl -s http://169.254.169.254/metadata/v1/vendor-data ++ curl -s http://169.254.169.254/latest/meta-data/services/domain
• test '' = amazonaws.com
• host -t A -W 10 metadata.google.internal 127.0.0.53 ++ curl -s -H Metadata:true 'http://169.254.169.254/metadata/instance/compute/publisher/?api-version=2017-04-02&format=text'
• test '' = Canonical
• echo localhost
• grep -oE '\b([0-9]{1,3}.){3}[0-9]{1,3}\b'
• publicIpFromInterface
• echo 'Couldn'\''t find a valid ipv4 address, using the first IP found on the interfaces as the endpoint.' Couldn't find a valid ipv4 address, using the first IP found on the interfaces as the endpoint. ++ awk '{print $2}' ++ grep -Eo 'dev .*' ++ ip -4 route list match default
• DEFAULT_INTERFACE=venet0 ++ grep -oE '\b([0-9]{1,3}.){3}[0-9]{1,3}\b' ++ awk '{print $2}' ++ head -n1 ++ grep -w inet ++ ip -4 addr sh dev venet0
• ENDPOINT=127.0.0.1
• export ENDPOINT=127.0.0.1
• ENDPOINT=127.0.0.1
• echo 'Using 127.0.0.1 as the endpoint' Using 127.0.0.1 as the endpoint
• installRequirements
• export DEBIAN_FRONTEND=noninteractive
• DEBIAN_FRONTEND=noninteractive
• apt-get update Hit:1 http://archive.canonical.com/ubuntu jammy InRelease Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease Hit:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease Reading package lists... Done
• apt-get install python3-virtualenv jq -y Reading package lists... Done Building dependency tree... Done Reading state information... Done jq is already the newest version (1.6-2.1ubuntu3). python3-virtualenv is already the newest version (20.13.0+ds-2). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
• deployAlgo
• getAlgo
• '[' '!' -d algo ']'
• cd algo ++ command -v python3
• python3 -m virtualenv --python=/usr/bin/python3 .env created virtual environment CPython3.10.12.final.0-64 in 354ms creator CPython3Posix(dest=/opt/algo/.env, clear=False, no_vcs_ignore=False, global=False) seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv) added seed packages: Jinja2==3.0.3, MarkupSafe==2.1.3, PyYAML==6.0.1, ansible==9.1.0, ansible_core==2.16.2, cffi==1.16.0, cryptography==41.0.7, distlib==0.3.8, filelock==3.13.1, netaddr==0.10.1, packaging==23.2, pip==22.0.2, platformdirs==4.1.0, pyOpenSSL==23.3.0, pycparser==2.21, resolvelib==1.0.1, segno==1.6.0, setuptools==59.6.0, virtualenv==20.25.0, wheel==0.37.1 activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
• . .env/bin/activate ++ '[' .env/bin/activate = bash ']' ++ deactivate nondestructive ++ unset -f pydoc ++ '[' -z '' ']' ++ '[' -z '' ']' ++ hash -r ++ '[' -z '' ']' ++ unset VIRTUAL_ENV ++ '[' '!' nondestructive = nondestructive ']' ++ VIRTUAL_ENV=/opt/algo/.env ++ '[' linux-gnu = cygwin ']' ++ '[' linux-gnu = msys ']' ++ export VIRTUAL_ENV ++ _OLD_VIRTUAL_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ PATH=/opt/algo/.env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ export PATH ++ '[' -z '' ']' ++ '[' -z '' ']' ++ _OLD_VIRTUAL_PS1= ++ '[' x '!=' x ']' +++ basename /opt/algo/.env ++ PS1='(.env) ' ++ export PS1 ++ alias pydoc ++ true ++ hash -r
• python3 -m pip install -U pip virtualenv Requirement already satisfied: pip in ./.env/lib/python3.10/site-packages (22.0.2) Collecting pip Using cached pip-23.3.2-py3-none-any.whl (2.1 MB) Requirement already satisfied: virtualenv in ./.env/lib/python3.10/site-packages (20.25.0) Requirement already satisfied: platformdirs<5,>=3.9.1 in ./.env/lib/python3.10/site-packages (from virtualenv) (4.1.0) Requirement already satisfied: distlib<1,>=0.3.7 in ./.env/lib/python3.10/site-packages (from virtualenv) (0.3.8) Requirement already satisfied: filelock<4,>=3.12.2 in ./.env/lib/python3.10/site-packages (from virtualenv) (3.13.1) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 22.0.2 Uninstalling pip-22.0.2: Successfully uninstalled pip-22.0.2 Successfully installed pip-23.3.2
• python3 -m pip install -r requirements.txt Requirement already satisfied: ansible==9.1.0 in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 1)) (9.1.0) Requirement already satisfied: jinja2~=3.0.3 in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 2)) (3.0.3) Requirement already satisfied: netaddr in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 3)) (0.10.1) Requirement already satisfied: ansible-core~=2.16.1 in ./.env/lib/python3.10/site-packages (from ansible==9.1.0->-r requirements.txt (line 1)) (2.16.2) Requirement already satisfied: MarkupSafe>=2.0 in ./.env/lib/python3.10/site-packages (from jinja2~=3.0.3->-r requirements.txt (line 2)) (2.1.3) Requirement already satisfied: PyYAML>=5.1 in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (6.0.1) Requirement already satisfied: cryptography in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (41.0.7) Requirement already satisfied: packaging in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (23.2) Requirement already satisfied: resolvelib<1.1.0,>=0.5.3 in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (1.0.1) Requirement already satisfied: cffi>=1.12 in ./.env/lib/python3.10/site-packages (from cryptography->ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (1.16.0) Requirement already satisfied: pycparser in ./.env/lib/python3.10/site-packages (from cffi>=1.12->cryptography->ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (2.21)
• cd /opt/algo
• . .env/bin/activate ++ '[' .env/bin/activate = bash ']' ++ deactivate nondestructive ++ unset -f pydoc ++ '[' -z _ ']' ++ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ export PATH ++ unset _OLD_VIRTUALPATH ++ '[' -z '' ']' ++ hash -r ++ '[' -z ']' ++ PS1= ++ export PS1 ++ unset _OLD_VIRTUAL_PS1 ++ unset VIRTUAL_ENV ++ '[' '!' nondestructive = nondestructive ']' ++ VIRTUAL_ENV=/opt/algo/.env ++ '[' linux-gnu = cygwin ']' ++ '[' linux-gnu = msys ']' ++ export VIRTUAL_ENV ++ _OLD_VIRTUAL_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ PATH=/opt/algo/.env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ export PATH ++ '[' -z '' ']' ++ '[' -z '' ']' ++ _OLD_VIRTUAL_PS1= ++ '[' x '!=' x ']' +++ basename /opt/algo/.env ++ PS1='(.env) ' ++ export PS1 ++ alias pydoc ++ true ++ hash -r
• export HOME=/root
• HOME=/root
• export ANSIBLE_LOCAL_TEMP=/root/.ansible/tmp
• ANSIBLE_LOCAL_TEMP=/root/.ansible/tmp
• export ANSIBLE_REMOTE_TEMP=/root/.ansible/tmp
• ANSIBLE_REMOTE_TEMP=/root/.ansible/tmp
• tee /var/log/algo.log ++ jq -Rc 'split(",")' ++ echo user1
• ansible-playbook main.yml -e provider=local -e ondemand_cellular=false -e ondemand_wifi=false -e ondemand_wifi_exclude=_null -e store_pki=false -e dns_adblocking=false -e ssh_tunneling=false -e endpoint=127.0.0.1 -e 'users=["user1"]' -e server=localhost -e ssh_user=root -e placeholder=null --skip-tags debug

PLAY [localhost] ***

TASK [Gathering Facts] ***** ok: [localhost]

TASK [Playbook dir stat] *** ok: [localhost]

TASK [Ensure Ansible is not being run in a world writable directory] *** ok: [localhost] => { "changed": false, "msg": "All assertions passed" } [DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [WARNING]: The value '' is not a valid IP address or network, passing this value to ipaddr filter might result in breaking change in future.

TASK [Ensure the requirements installed] *** ok: [localhost]

TASK [Set required ansible version as a fact] ** ok: [localhost] => (item=ansible==9.1.0)

TASK [Just get the list from default pip] ** ok: [localhost]

TASK [Verify Python meets Algo VPN requirements] *** ok: [localhost] => { "changed": false, "msg": "All assertions passed" } [WARNING]: Found variable using reserved name: no_log

TASK [Verify Ansible meets Algo VPN requirements] ** ok: [localhost] => { "changed": false, "msg": "All assertions passed" }

PLAY [Ask user for the input] **

TASK [Gathering Facts] ***** ok: [localhost]

TASK [Set facts based on the input] **** ok: [localhost]

TASK [Set facts based on the input] **** ok: [localhost]

PLAY [Provision the server] ****

TASK [Gathering Facts] ***** ok: [localhost]

TASK [Install the requirements] **** ok: [localhost]

TASK [Include a provisioning role] ***** [WARNING]: Not waiting for response to prompt as stdin is not interactive

TASK [local : pause] *** ok: [localhost] => (item=https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...)

TASK [local : Set the facts] *** ok: [localhost]

TASK [local : Set the facts] *** ok: [localhost]

TASK [Set subjectAltName as a fact] **** ok: [localhost]

TASK [Add the server to an inventory group] **** changed: [localhost]

TASK [Linux | set OS specific facts] *** ok: [localhost]

TASK [Set config paths as facts] *** ok: [localhost]

TASK [Update config paths] ***** changed: [localhost]

TASK [debug] *** ok: [localhost] => { "IP_subject_alt_name": "127.0.0.1" } [WARNING]: Reset is not implemented for this connection

TASK [Wait 600 seconds for target connection to become reachable/usable] *** ok: [localhost] => (item=localhost)

PLAY [Configure the server and install required software] **

TASK [common : Check the system] *** ok: [localhost]

TASK [common : include_tasks] ** included: /opt/algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] *** ok: [localhost]

TASK [common : Install unattended-upgrades] **** ok: [localhost]

TASK [common : Configure unattended-upgrades] ** ok: [localhost]

TASK [common : Periodic upgrades configured] *** ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] ***** ok: [localhost] => (item={'regexp': '^session.optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'}) ok: [localhost] => (item={'regexp': '^session.optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Ensure fallback resolvers are set] ** ok: [localhost] [DEPRECATION WARNING]: Use 'ansible.utils.ipmath' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

TASK [common : Loopback for services configured] *** ok: [localhost]

TASK [common : systemd services enabled and started] *** ok: [localhost] => (item=systemd-networkd) ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] ***** fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["apparmor_status"], "delta": "0:00:00.003685", "end": "2024-01-16 08:48:22.799598", "msg": "non-zero return code", "rc": 1, "start": "2024-01-16 08:48:22.795913", "stderr": "apparmor not present.", "stderr_lines": ["apparmor not present."], "stdout": "", "stdout_lines": []} ...ignoring

TASK [common : Define facts] *** ok: [localhost]

TASK [common : Set facts] ** ok: [localhost]

TASK [common : Set IPv6 support as a fact] ***** ok: [localhost]

TASK [common : Check size of MTU] ** ok: [localhost]

TASK [common : Set OS specific facts] ** ok: [localhost]

TASK [common : Install tools] ** ok: [localhost]

TASK [common : include_tasks] ** included: /opt/algo/roles/common/tasks/iptables.yml for localhost

TASK [common : Iptables configured] **** ok: [localhost] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})

TASK [common : Sysctl tuning] ** ok: [localhost] => (item={'item': 'net.ipv4.ip_forward', 'value': 1}) ok: [localhost] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})

TASK [dns : Include tasks for Ubuntu] ** included: /opt/algo/roles/dns/tasks/ubuntu.yml for localhost

TASK [dns : Install dnscrypt-proxy] **** ok: [localhost]

TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] ***** ok: [localhost]

TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] *** fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["aa-enforce", "usr.bin.dnscrypt-proxy"], "delta": "0:00:00.207941", "end": "2024-01-16 08:48:28.741736", "msg": "non-zero return code", "rc": 1, "start": "2024-01-16 08:48:28.533795", "stderr": "\nERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)\nWarning: unable to find a suitable fs in /proc/mounts, is it mounted?\nUse --subdomainfs to override.", "stderr_lines": ["", "ERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)", "Warning: unable to find a suitable fs in /proc/mounts, is it mounted?", "Use --subdomainfs to override."], "stdout": "Setting /etc/apparmor.d/usr.bin.dnscrypt-proxy to enforce mode.", "stdout_lines": ["Setting /etc/apparmor.d/usr.bin.dnscrypt-proxy to enforce mode."]}

TASK [include_tasks] *** included: /opt/algo/playbooks/rescue.yml for localhost

TASK [debug] *** ok: [localhost] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }

TASK [Fail the installation] *** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP ***** localhost : ok=48 changed=2 unreachable=0 failed=1 skipped=34 rescued=1 ignored=1