CERTIFICATE_VERIFY_FAILED.

[james-a-roland]

Just tried installing on an Ubuntu instance hosted in Vultr. Seems like my SSL certificate is failing? The API it's trying to hit is public though, so I'm not sure what's going on here. Using Mac OS High Sierra 10.13.6. Also using Homebrew, not Macports as described here

`➜ algo-master cat ~/.vultr.ini [default] key = B-censored-for-privacy-Q ➜ algo-master ./algo [WARNING]: Could not match supplied host pattern, ignoring: vpn-host

PLAY [localhost] ***

TASK [Gathering Facts] ***** ok: [localhost]

TASK [Ensure the requirements installed] *** ok: [localhost]

TASK [Set required ansible version as a fact] ** ok: [localhost] => (item=ansible==2.8.3)

TASK [Verify Python meets Algo VPN requirements] *** ok: [localhost] => { "changed": false, "msg": "All assertions passed" }

TASK [Verify Ansible meets Algo VPN requirements] ** ok: [localhost] => { "changed": false, "msg": "All assertions passed" }

PLAY [Ask user for the input] **

TASK [Gathering Facts] ***** ok: [localhost] [Cloud prompt] What provider would you like to use?

1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Hetzner Cloud
7. Vultr
8. Scaleway
9. OpenStack (DreamCompute optimised)
10. CloudStack (Exoscale optimised)
11. Install to existing Ubuntu 18.04 or 19.04 server (Advanced)

Enter the number of your desired provider :

TASK [Cloud prompt] **** ok: [localhost]

TASK [Set facts based on the input] **** ok: [localhost] [VPN server name prompt] Name the vpn server [algo] :

TASK [VPN server name prompt] ** ok: [localhost] [Cellular On Demand prompt] Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks? [y/N] :

TASK [Cellular On Demand prompt] *** ok: [localhost] [Wi-Fi On Demand prompt] Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi? [y/N] :

TASK [Wi-Fi On Demand prompt] ** ok: [localhost] [Retain the PKI prompt] Do you want to retain the keys (PKI)? (required to add users in the future, but less secure) [y/N] :

TASK [Retain the PKI prompt] *** ok: [localhost] [DNS adblocking prompt] Do you want to enable DNS ad blocking on this VPN server? [y/N] :

TASK [DNS adblocking prompt] *** ok: [localhost] [SSH tunneling prompt] Do you want each user to have their own account for SSH tunneling? [y/N] :

TASK [SSH tunneling prompt] **** ok: [localhost]

TASK [Set facts based on the input] **** ok: [localhost]

PLAY [Provision the server] ****

TASK [Gathering Facts] ***** ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Mac OS X 10.13.6 ZIP file created: Oct 8 23:34:06 2019 Python 3.7.4 Runtime variables: algo_provider "vultr" algo_ondemand_cellular "False" algo_ondemand_wifi "False" algo_ondemand_wifi_exclude "X251bGw=" algo_dns_adblocking "False" algo_ssh_tunneling "False" wireguard_enabled "True" dns_encryption "True"

TASK [Display the invocation environment] ** changed: [localhost -> localhost]

TASK [Install the requirements] **** ok: [localhost -> localhost]

TASK [Generate the SSH private key] **** ok: [localhost]

TASK [Generate the SSH public key] ***** ok: [localhost] [cloud-vultr : pause] Enter the local path to your configuration INI file (https://trailofbits.github.io/algo/cloud-vultr.html): :

TASK [cloud-vultr : pause] ***** ok: [localhost]

TASK [cloud-vultr : Set the token as a fact] *** ok: [localhost]

TASK [cloud-vultr : Get regions] *** fatal: [localhost]: FAILED! => {"changed": false, "content": "", "elapsed": 1, "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)>", "redirected": false, "status": -1, "url": "https://api.vultr.com/v1/regions/list"} included: /Users/jroland/workspace/algo-master/playbooks/rescue.yml for localhost

TASK [debug] *** ok: [localhost] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }

TASK [Fail the installation] *** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP ***** localhost : ok=24 changed=1 unreachable=0 failed=1 skipped=1 rescued=1 ignored=0

➜ algo-master curl https://api.vultr.com/v1/regions/list {"6":{"DCID":"6","name":"Atlanta","country":"US","continent":"North America","state":"GA","ddos_protection":false,"block_storage":false,"regioncode":"ATL"},"2":{"DCID":"2","name":"Chicago","country":"US","continent":"North America","state":"IL","ddos_protection":true,"block_storage":false,"regioncode":"ORD"},"3":{"DCID":"3","name":"Dallas","country":"US","continent":"North America","state":"TX","ddos_protection":true,"block_storage":false,"regioncode":"DFW"},"5":{"DCID":"5","name":"Los Angeles","country":"US","continent":"North America","state":"CA","ddos_protection":true,"block_storage":false,"regioncode":"LAX"},"39":{"DCID":"39","name":"Miami","country":"US","continent":"North America","state":"FL","ddos_protection":true,"block_storage":false,"regioncode":"MIA"},"1":{"DCID":"1","name":"New Jersey","country":"US","continent":"North America","state":"NJ","ddos_protection":true,"block_storage":true,"regioncode":"EWR"},"4":{"DCID":"4","name":"Seattle","country":"US","continent":"North America","state":"WA","ddos_protection":true,"block_storage":false,"regioncode":"SEA"},"12":{"DCID":"12","name":"Silicon Valley","country":"US","continent":"North America","state":"CA","ddos_protection":true,"block_storage":false,"regioncode":"SJC"},"40":{"DCID":"40","name":"Singapore","country":"SG","continent":"Asia","state":"","ddos_protection":false,"block_storage":false,"regioncode":"SGP"},"7":{"DCID":"7","name":"Amsterdam","country":"NL","continent":"Europe","state":"","ddos_protection":true,"block_storage":false,"regioncode":"AMS"},"25":{"DCID":"25","name":"Tokyo","country":"JP","continent":"Asia","state":"","ddos_protection":false,"block_storage":false,"regioncode":"NRT"},"8":{"DCID":"8","name":"London","country":"GB","continent":"Europe","state":"","ddos_protection":true,"block_storage":false,"regioncode":"LHR"},"24":{"DCID":"24","name":"Paris","country":"FR","continent":"Europe","state":"","ddos_protection":true,"block_storage":false,"regioncode":"CDG"},"9":{"DCID":"9","name":"Frankfurt","country":"DE","continent":"Europe","state":"","ddos_protection":true,"block_storage":false,"regioncode":"FRA"},"22":{"DCID":"22","name":"Toronto","country":"CA","continent":"North America","state":"","ddos_protection":false,"block_storage":false,"regioncode":"YTO"},"19":{"DCID":"19","name":"Sydney","country":"AU","continent":"Australia","state":"","ddos_protection":false,"block_storage":false,"regioncode":"SYD"}} `

[davidemyers]

I can't reproduce the issue on Mojave. I'm just guessing here, but is the file /usr/local/etc/openssl@1.1/cert.pem present and recent?

[jackivanov]

1545 might be related

[james-a-roland]

Thanks for the quick response @davidemyers and @jackivanov. Currently not seeing a cert.pem file

➜  etc pwd           
/usr/local/etc
➜  etc ls | grep openssl
openssl
➜  etc cd openssl
➜  openssl tree .
.
├── cert.pem
├── misc
│   ├── CA.pl
│   ├── CA.pl.default
│   ├── CA.sh
│   ├── c_hash
│   ├── c_info
│   ├── c_issuer
│   ├── c_name
│   └── tsget
├── openssl.cnf
└── openssl.cnf.default

1 directory, 11 files

[davidemyers]

It looks like the file is there, but not where it resides on Mojave. Please post the output of the following commands:

brew deps python3

ls -l /usr/local/etc/openssl/cert.pem 

[james-a-roland]

➜  algo-master brew deps python3
gdbm
openssl
readline
sqlite
xz
➜  algo-master ls -l /usr/local/etc/openssl/cert.pem 
-rw-r--r--  1 jroland  admin  2053 10 14 20:37 /usr/local/etc/openssl/cert.pem
➜  algo-master 

[james-a-roland]

Just followed Stackoverflow. Ran openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 then took the generated cert.pem/key.pem files and moved them over to usr/local/etc/openssl. However the error is the same.

Alternatively, seems there's an option to set validate_certs=False. Do you know which YAML config I'd have to change for this?

[davidemyers]

I think that cert.pem file is a concatenation of root certificates. Mine is much larger than yours and contains 172 certs. Running brew info openssl displays:

A CA file has been bootstrapped using certificates from the SystemRoots
keychain.

and I'm assuming that's what this cert.pem file is. I think you just trashed yours.

Maybe try brew reinstall openssl?

[james-a-roland]

Just gave that a shot - seems like the error is the same unfortunately. Adding the verbose logs just for context. @davidemyers are you aware of which config needs to be changed to set validate_certs=False? Seems like the flag is in a lot of files across the repo.

➜  algo-master ./algo -vvv
ansible-playbook 2.8.3
  config file = /Users/jroland/workspace/algo-master/ansible.cfg
  configured module search path = ['/Users/jroland/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible
  executable location = /Users/jroland/workspace/algo-master/.env/bin/ansible-playbook
  python version = 3.7.4 (v3.7.4:e09359112e, Jul  8 2019, 14:54:52) [Clang 6.0 (clang-600.0.57)]
Using /Users/jroland/workspace/algo-master/ansible.cfg as config file
host_list declined parsing /Users/jroland/workspace/algo-master/inventory as it did not pass it's verify_file() method
auto declined parsing /Users/jroland/workspace/algo-master/inventory as it did not pass it's verify_file() method
Parsed /Users/jroland/workspace/algo-master/inventory inventory source with ini plugin
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/playbooks/cloud-pre.yml
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/playbooks/cloud-post.yml
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/playbooks/tmpfs/main.yml
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/playbooks/tmpfs/macos.yml
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/playbooks/tmpfs/linux.yml
Read vars_file 'config.cfg'
 [WARNING]: Could not match supplied host pattern, ignoring: vpn-host

Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/roles/dns/tasks/dns_adblocking.yml
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/roles/wireguard/tasks/keys.yml
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/roles/strongswan/tasks/ipsec_configuration.yml
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/roles/strongswan/tasks/openssl.yml
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/roles/strongswan/tasks/distribute_keys.yml
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/roles/strongswan/tasks/client_configs.yml
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/playbooks/tmpfs/umount.yml
Read vars_file 'config.cfg'

PLAYBOOK: main.yml *****************************************************************************************************************************************************************************************
4 plays in main.yml

PLAY [localhost] *******************************************************************************************************************************************************************************************
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: jroland
<localhost> EXEC /bin/sh -c 'echo ~jroland && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059082.2566872-180706698406922 `" && echo ansible-tmp-1571059082.2566872-180706698406922="` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059082.2566872-180706698406922 `" ) && sleep 0'
Using module file /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible/modules/system/setup.py
<localhost> PUT /Users/jroland/.ansible/tmp/ansible-local-1910nwfto4yb/tmpisfcort1 TO /Users/jroland/.ansible/tmp/ansible-tmp-1571059082.2566872-180706698406922/AnsiballZ_setup.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/jroland/.ansible/tmp/ansible-tmp-1571059082.2566872-180706698406922/ /Users/jroland/.ansible/tmp/ansible-tmp-1571059082.2566872-180706698406922/AnsiballZ_setup.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /Users/jroland/.ansible/tmp/ansible-tmp-1571059082.2566872-180706698406922/AnsiballZ_setup.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/jroland/.ansible/tmp/ansible-tmp-1571059082.2566872-180706698406922/ > /dev/null 2>&1 && sleep 0'

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/main.yml:2
ok: [localhost]
META: ran handlers

TASK [Ensure the requirements installed] *******************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/main.yml:5
ok: [localhost] => {
    "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"
}

TASK [Set required ansible version as a fact] **************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/main.yml:12
ok: [localhost] => (item=ansible==2.8.3) => {
    "ansible_facts": {
        "required_ansible_version": {
            "op": "==",
            "ver": "2.8.3"
        }
    },
    "ansible_loop_var": "item",
    "changed": false,
    "item": "ansible==2.8.3"
}

TASK [Verify Python meets Algo VPN requirements] ***********************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/main.yml:20
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verify Ansible meets Algo VPN requirements] **********************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/main.yml:28
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
META: ran handlers
META: ran handlers
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'

PLAY [Ask user for the input] ******************************************************************************************************************************************************************************
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: jroland
<localhost> EXEC /bin/sh -c 'echo ~jroland && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059083.5923169-41279331260628 `" && echo ansible-tmp-1571059083.5923169-41279331260628="` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059083.5923169-41279331260628 `" ) && sleep 0'
Using module file /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible/modules/system/setup.py
<localhost> PUT /Users/jroland/.ansible/tmp/ansible-local-1910nwfto4yb/tmp9fpf5vbc TO /Users/jroland/.ansible/tmp/ansible-tmp-1571059083.5923169-41279331260628/AnsiballZ_setup.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/jroland/.ansible/tmp/ansible-tmp-1571059083.5923169-41279331260628/ /Users/jroland/.ansible/tmp/ansible-tmp-1571059083.5923169-41279331260628/AnsiballZ_setup.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /Users/jroland/.ansible/tmp/ansible-tmp-1571059083.5923169-41279331260628/AnsiballZ_setup.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/jroland/.ansible/tmp/ansible-tmp-1571059083.5923169-41279331260628/ > /dev/null 2>&1 && sleep 0'

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:2
ok: [localhost]
META: ran handlers
Read vars_file 'config.cfg'
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Microsoft Azure
    5. Google Compute Engine
    6. Hetzner Cloud
    7. Vultr
    8. Scaleway
    9. OpenStack (DreamCompute optimised)
    10. CloudStack (Exoscale optimised)
    11. Install to existing Ubuntu 18.04 or 19.04 server (Advanced)

Enter the number of your desired provider
:

TASK [Cloud prompt] ****************************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:30
ok: [localhost] => {
    "changed": false,
    "delta": 1,
    "echo": true,
    "rc": 0,
    "start": "2019-10-14 21:18:04.290363",
    "stderr": "",
    "stdout": "Paused for 0.03 minutes",
    "stop": "2019-10-14 21:18:06.282997",
    "user_input": "7"
}
Read vars_file 'config.cfg'

TASK [Set facts based on the input] ************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:42
ok: [localhost] => {
    "ansible_facts": {
        "algo_provider": "vultr"
    },
    "changed": false
}
Read vars_file 'config.cfg'
[VPN server name prompt]
Name the vpn server
[algo]
:

TASK [VPN server name prompt] ******************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:46
ok: [localhost] => {
    "changed": false,
    "delta": 1,
    "echo": true,
    "rc": 0,
    "start": "2019-10-14 21:18:06.402400",
    "stderr": "",
    "stdout": "Paused for 0.03 minutes",
    "stop": "2019-10-14 21:18:08.371088",
    "user_input": ""
}
Read vars_file 'config.cfg'
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:

TASK [Cellular On Demand prompt] ***************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:56
ok: [localhost] => {
    "changed": false,
    "delta": 1,
    "echo": true,
    "rc": 0,
    "start": "2019-10-14 21:18:08.422152",
    "stderr": "",
    "stdout": "Paused for 0.02 minutes",
    "stop": "2019-10-14 21:18:09.859227",
    "user_input": ""
}
Read vars_file 'config.cfg'
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:

TASK [Wi-Fi On Demand prompt] ******************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:64
ok: [localhost] => {
    "changed": false,
    "delta": 0,
    "echo": true,
    "rc": 0,
    "start": "2019-10-14 21:18:09.910554",
    "stderr": "",
    "stdout": "Paused for 0.01 minutes",
    "stop": "2019-10-14 21:18:10.379517",
    "user_input": ""
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:

TASK [Retain the PKI prompt] *******************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:83
ok: [localhost] => {
    "changed": false,
    "delta": 0,
    "echo": true,
    "rc": 0,
    "start": "2019-10-14 21:18:10.489679",
    "stderr": "",
    "stdout": "Paused for 0.01 minutes",
    "stop": "2019-10-14 21:18:10.923207",
    "user_input": ""
}
Read vars_file 'config.cfg'
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:

TASK [DNS adblocking prompt] *******************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:92
ok: [localhost] => {
    "changed": false,
    "delta": 0,
    "echo": true,
    "rc": 0,
    "start": "2019-10-14 21:18:10.973723",
    "stderr": "",
    "stdout": "Paused for 0.01 minutes",
    "stop": "2019-10-14 21:18:11.523200",
    "user_input": ""
}
Read vars_file 'config.cfg'
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:

TASK [SSH tunneling prompt] ********************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:100
ok: [localhost] => {
    "changed": false,
    "delta": 0,
    "echo": true,
    "rc": 0,
    "start": "2019-10-14 21:18:11.573072",
    "stderr": "",
    "stdout": "Paused for 0.01 minutes",
    "stop": "2019-10-14 21:18:12.163198",
    "user_input": ""
}
Read vars_file 'config.cfg'

TASK [Set facts based on the input] ************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/input.yml:108
ok: [localhost] => {
    "ansible_facts": {
        "algo_dns_adblocking": false,
        "algo_ondemand_cellular": false,
        "algo_ondemand_wifi": false,
        "algo_ondemand_wifi_exclude": "X251bGw=",
        "algo_server_name": "algo",
        "algo_ssh_tunneling": false,
        "algo_store_pki": false
    },
    "changed": false
}
META: ran handlers
META: ran handlers
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'

PLAY [Provision the server] ********************************************************************************************************************************************************************************
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: jroland
<localhost> EXEC /bin/sh -c 'echo ~jroland && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059092.306366-17222269382821 `" && echo ansible-tmp-1571059092.306366-17222269382821="` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059092.306366-17222269382821 `" ) && sleep 0'
Using module file /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible/modules/system/setup.py
<localhost> PUT /Users/jroland/.ansible/tmp/ansible-local-1910nwfto4yb/tmpjm75eq6y TO /Users/jroland/.ansible/tmp/ansible-tmp-1571059092.306366-17222269382821/AnsiballZ_setup.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/jroland/.ansible/tmp/ansible-tmp-1571059092.306366-17222269382821/ /Users/jroland/.ansible/tmp/ansible-tmp-1571059092.306366-17222269382821/AnsiballZ_setup.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /Users/jroland/.ansible/tmp/ansible-tmp-1571059092.306366-17222269382821/AnsiballZ_setup.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/jroland/.ansible/tmp/ansible-tmp-1571059092.306366-17222269382821/ > /dev/null 2>&1 && sleep 0'

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/cloud.yml:2
ok: [localhost]
META: ran handlers
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: jroland
<localhost> EXEC /bin/sh -c 'echo ~jroland && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.0042398-6149431862841 `" && echo ansible-tmp-1571059093.0042398-6149431862841="` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.0042398-6149431862841 `" ) && sleep 0'
Using module file /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible/modules/commands/command.py
<localhost> PUT /Users/jroland/.ansible/tmp/ansible-local-1910nwfto4yb/tmpqwtuvkpu TO /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.0042398-6149431862841/AnsiballZ_command.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.0042398-6149431862841/ /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.0042398-6149431862841/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.0042398-6149431862841/AnsiballZ_command.py && sleep 0'

--> Please include the following block of text when reporting issues:

Algo running on: Mac OS X 10.13.6
ZIP file created: Oct  8 23:34:06 2019
Python 3.7.4
Runtime variables:
    algo_provider "vultr"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "False"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_dns_adblocking "False"
    algo_ssh_tunneling "False"
    wireguard_enabled "True"
    dns_encryption "True"
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.0042398-6149431862841/ > /dev/null 2>&1 && sleep 0'

TASK [Display the invocation environment] ******************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/playbooks/cloud-pre.yml:3
changed: [localhost -> localhost] => {
    "changed": true,
    "cmd": "./algo-showenv.sh  'algo_provider \"vultr\"'    'algo_ondemand_cellular \"False\"'  'algo_ondemand_wifi \"False\"'  'algo_ondemand_wifi_exclude \"X251bGw=\"'    'algo_dns_adblocking \"False\"'  'algo_ssh_tunneling \"False\"'  'wireguard_enabled \"True\"'  'dns_encryption \"True\"'  > /dev/tty\n",
    "delta": "0:00:00.063938",
    "end": "2019-10-14 21:18:13.530807",
    "invocation": {
        "module_args": {
            "_raw_params": "./algo-showenv.sh  'algo_provider \"vultr\"'    'algo_ondemand_cellular \"False\"'  'algo_ondemand_wifi \"False\"'  'algo_ondemand_wifi_exclude \"X251bGw=\"'    'algo_dns_adblocking \"False\"'  'algo_ssh_tunneling \"False\"'  'wireguard_enabled \"True\"'  'dns_encryption \"True\"'  > /dev/tty\n",
            "_uses_shell": true,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "rc": 0,
    "start": "2019-10-14 21:18:13.466869",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "",
    "stdout_lines": []
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: jroland
<localhost> EXEC /bin/sh -c 'echo ~jroland && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.659659-176248473549881 `" && echo ansible-tmp-1571059093.659659-176248473549881="` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.659659-176248473549881 `" ) && sleep 0'
Using module file /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible/modules/packaging/language/pip.py
<localhost> PUT /Users/jroland/.ansible/tmp/ansible-local-1910nwfto4yb/tmpa8zov_x2 TO /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.659659-176248473549881/AnsiballZ_pip.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.659659-176248473549881/ /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.659659-176248473549881/AnsiballZ_pip.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.659659-176248473549881/AnsiballZ_pip.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/jroland/.ansible/tmp/ansible-tmp-1571059093.659659-176248473549881/ > /dev/null 2>&1 && sleep 0'

TASK [Install the requirements] ****************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/playbooks/cloud-pre.yml:19
ok: [localhost -> localhost] => {
    "changed": false,
    "cmd": [
        "/Users/jroland/workspace/algo-master/.env/bin/pip3",
        "install",
        "-U",
        "pyOpenSSL",
        "jinja2==2.8",
        "segno"
    ],
    "invocation": {
        "module_args": {
            "chdir": null,
            "editable": false,
            "executable": null,
            "extra_args": null,
            "name": [
                "pyOpenSSL",
                "jinja2==2.8",
                "segno"
            ],
            "requirements": null,
            "state": "latest",
            "umask": null,
            "use_mirrors": true,
            "version": null,
            "virtualenv": null,
            "virtualenv_command": "virtualenv",
            "virtualenv_python": null,
            "virtualenv_site_packages": false
        }
    },
    "name": [
        "pyOpenSSL",
        "jinja2==2.8",
        "segno"
    ],
    "requirements": null,
    "state": "latest",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "Requirement already up-to-date: pyOpenSSL in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (19.0.0)\nRequirement already up-to-date: jinja2==2.8 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (2.8)\nRequirement already up-to-date: segno in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (0.3.2)\nRequirement already satisfied, skipping upgrade: cryptography>=2.3 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from pyOpenSSL) (2.7)\nRequirement already satisfied, skipping upgrade: six>=1.5.2 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from pyOpenSSL) (1.12.0)\nRequirement already satisfied, skipping upgrade: MarkupSafe in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from jinja2==2.8) (1.1.1)\nRequirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.12.3)\nRequirement already satisfied, skipping upgrade: asn1crypto>=0.21.0 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.1.0)\nRequirement already satisfied, skipping upgrade: pycparser in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.3->pyOpenSSL) (2.19)\n",
    "stdout_lines": [
        "Requirement already up-to-date: pyOpenSSL in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (19.0.0)",
        "Requirement already up-to-date: jinja2==2.8 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (2.8)",
        "Requirement already up-to-date: segno in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (0.3.2)",
        "Requirement already satisfied, skipping upgrade: cryptography>=2.3 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from pyOpenSSL) (2.7)",
        "Requirement already satisfied, skipping upgrade: six>=1.5.2 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from pyOpenSSL) (1.12.0)",
        "Requirement already satisfied, skipping upgrade: MarkupSafe in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from jinja2==2.8) (1.1.1)",
        "Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.12.3)",
        "Requirement already satisfied, skipping upgrade: asn1crypto>=0.21.0 in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.1.0)",
        "Requirement already satisfied, skipping upgrade: pycparser in /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.3->pyOpenSSL) (2.19)"
    ],
    "version": null,
    "virtualenv": null
}
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: jroland
<localhost> EXEC /bin/sh -c 'echo ~jroland && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059095.780135-192715515402077 `" && echo ansible-tmp-1571059095.780135-192715515402077="` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059095.780135-192715515402077 `" ) && sleep 0'
Using module file /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible/modules/crypto/openssl_privatekey.py
<localhost> PUT /Users/jroland/.ansible/tmp/ansible-local-1910nwfto4yb/tmpb56b0y80 TO /Users/jroland/.ansible/tmp/ansible-tmp-1571059095.780135-192715515402077/AnsiballZ_openssl_privatekey.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/jroland/.ansible/tmp/ansible-tmp-1571059095.780135-192715515402077/ /Users/jroland/.ansible/tmp/ansible-tmp-1571059095.780135-192715515402077/AnsiballZ_openssl_privatekey.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /Users/jroland/.ansible/tmp/ansible-tmp-1571059095.780135-192715515402077/AnsiballZ_openssl_privatekey.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/jroland/.ansible/tmp/ansible-tmp-1571059095.780135-192715515402077/ > /dev/null 2>&1 && sleep 0'

TASK [Generate the SSH private key] ************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/playbooks/cloud-pre.yml:32
ok: [localhost] => {
    "changed": false,
    "filename": "configs/algo.pem",
    "fingerprint": {
        "blake2b": "61:2d:c9:ed:c1:af:af:42:e3:eb:2a:ee:f2:49:7a:31:eb:41:ea:21:5e:dc:3d:51:a7:49:d5:c5:1c:d0:36:52:1c:4e:f2:6f:23:01:c7:88:9c:13:d1:30:9a:a3:d7:04:5c:37:13:f5:1d:1c:a1:11:dc:f3:a5:54:f5:38:8d:08",
        "blake2s": "7c:82:bf:d8:8f:06:da:f3:3e:14:3f:84:7b:54:16:6a:c3:c6:56:de:85:22:aa:7a:7e:f5:54:6f:a1:8c:b7:31",
        "md5": "c0:5b:78:5a:88:80:c5:1a:c2:be:fc:41:c5:74:4e:14",
        "sha1": "8e:17:59:1d:ce:08:31:94:53:da:16:e0:a4:a3:94:57:23:4e:92:72",
        "sha224": "2c:d0:80:7d:cb:a9:08:45:27:2e:47:46:cd:56:cd:e7:0c:4d:5e:f5:55:80:b2:52:af:1f:38:59",
        "sha256": "36:19:e5:56:0d:4f:f1:55:8f:33:78:5d:4c:1b:65:f6:df:f5:67:ee:d5:d0:b4:75:13:16:ed:46:17:65:c4:15",
        "sha384": "eb:c5:d8:51:2a:90:4d:97:8e:f6:0d:77:72:14:d3:86:74:63:ad:f2:f1:bc:e8:c1:01:81:08:3e:d7:61:7f:8e:7e:35:e4:ee:10:51:64:f4:9f:9e:ae:af:7a:98:2b:30",
        "sha3_224": "21:42:5d:a8:ea:40:38:fd:c6:07:9a:b7:71:75:44:6d:97:cd:6b:4a:91:e1:f1:05:22:10:9e:ca",
        "sha3_256": "42:1f:74:a8:aa:e9:4e:f7:8d:57:00:c5:7c:29:bd:e7:c5:b5:42:c7:92:44:6e:d4:fa:9d:73:11:cd:55:3d:bc",
        "sha3_384": "74:d0:0c:bf:fb:49:46:67:2b:c2:9e:8d:58:f2:bd:fc:f0:78:db:79:db:cd:d3:96:6f:59:c8:37:e0:d1:99:b6:08:da:2b:2b:a4:6e:81:a5:4d:a4:c6:8b:ef:1f:11:c5",
        "sha3_512": "bd:f0:6f:db:4a:81:75:c7:5b:03:2d:e4:47:03:9b:2b:8e:9b:48:13:44:64:c4:ee:aa:29:26:59:cd:73:34:d7:f9:d4:3a:14:b5:e6:35:07:eb:7a:83:e2:f7:d5:99:0a:a8:4a:97:f1:ae:40:f1:64:16:25:13:b1:1b:a5:18:65",
        "sha512": "dd:7f:99:20:cd:2c:72:c2:a7:9e:71:40:df:cf:c1:40:59:b8:b7:72:0d:be:45:5d:06:93:6f:e9:96:52:75:7f:0d:5f:07:69:ce:f8:b4:b1:b3:31:a8:e3:87:b4:ec:62:f2:0f:61:79:9c:e0:25:c8:69:b4:d3:e3:2c:94:08:c3",
        "shake_128": "90:3d:82:b6:72:e1:29:12:fd:03:88:a7:78:7a:74:2b:cd:cc:c3:26:cf:8d:91:e5:05:76:12:02:49:8f:37:a5",
        "shake_256": "00:54:83:f3:d5:1c:95:b1:ff:86:21:01:cf:e8:d8:22:dd:ff:75:12:e4:c8:0e:99:43:74:0e:bb:52:7f:f0:ae"
    },
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": false,
            "cipher": null,
            "content": null,
            "curve": null,
            "delimiter": null,
            "directory_mode": null,
            "follow": false,
            "force": false,
            "group": null,
            "mode": "0600",
            "owner": null,
            "passphrase": null,
            "path": "configs/algo.pem",
            "regexp": null,
            "remote_src": null,
            "select_crypto_backend": "auto",
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "size": 2048,
            "src": null,
            "state": "present",
            "type": "RSA",
            "unsafe_writes": null
        }
    },
    "size": 2048,
    "type": "RSA"
}
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: jroland
<localhost> EXEC /bin/sh -c 'echo ~jroland && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059096.560502-151979700342985 `" && echo ansible-tmp-1571059096.560502-151979700342985="` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059096.560502-151979700342985 `" ) && sleep 0'
Using module file /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible/modules/crypto/openssl_publickey.py
<localhost> PUT /Users/jroland/.ansible/tmp/ansible-local-1910nwfto4yb/tmps271xf2p TO /Users/jroland/.ansible/tmp/ansible-tmp-1571059096.560502-151979700342985/AnsiballZ_openssl_publickey.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/jroland/.ansible/tmp/ansible-tmp-1571059096.560502-151979700342985/ /Users/jroland/.ansible/tmp/ansible-tmp-1571059096.560502-151979700342985/AnsiballZ_openssl_publickey.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /Users/jroland/.ansible/tmp/ansible-tmp-1571059096.560502-151979700342985/AnsiballZ_openssl_publickey.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/jroland/.ansible/tmp/ansible-tmp-1571059096.560502-151979700342985/ > /dev/null 2>&1 && sleep 0'

TASK [Generate the SSH public key] *************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/playbooks/cloud-pre.yml:40
ok: [localhost] => {
    "changed": false,
    "filename": "configs/algo.pem.pub",
    "fingerprint": {
        "blake2b": "61:2d:c9:ed:c1:af:af:42:e3:eb:2a:ee:f2:49:7a:31:eb:41:ea:21:5e:dc:3d:51:a7:49:d5:c5:1c:d0:36:52:1c:4e:f2:6f:23:01:c7:88:9c:13:d1:30:9a:a3:d7:04:5c:37:13:f5:1d:1c:a1:11:dc:f3:a5:54:f5:38:8d:08",
        "blake2s": "7c:82:bf:d8:8f:06:da:f3:3e:14:3f:84:7b:54:16:6a:c3:c6:56:de:85:22:aa:7a:7e:f5:54:6f:a1:8c:b7:31",
        "md5": "c0:5b:78:5a:88:80:c5:1a:c2:be:fc:41:c5:74:4e:14",
        "sha1": "8e:17:59:1d:ce:08:31:94:53:da:16:e0:a4:a3:94:57:23:4e:92:72",
        "sha224": "2c:d0:80:7d:cb:a9:08:45:27:2e:47:46:cd:56:cd:e7:0c:4d:5e:f5:55:80:b2:52:af:1f:38:59",
        "sha256": "36:19:e5:56:0d:4f:f1:55:8f:33:78:5d:4c:1b:65:f6:df:f5:67:ee:d5:d0:b4:75:13:16:ed:46:17:65:c4:15",
        "sha384": "eb:c5:d8:51:2a:90:4d:97:8e:f6:0d:77:72:14:d3:86:74:63:ad:f2:f1:bc:e8:c1:01:81:08:3e:d7:61:7f:8e:7e:35:e4:ee:10:51:64:f4:9f:9e:ae:af:7a:98:2b:30",
        "sha3_224": "21:42:5d:a8:ea:40:38:fd:c6:07:9a:b7:71:75:44:6d:97:cd:6b:4a:91:e1:f1:05:22:10:9e:ca",
        "sha3_256": "42:1f:74:a8:aa:e9:4e:f7:8d:57:00:c5:7c:29:bd:e7:c5:b5:42:c7:92:44:6e:d4:fa:9d:73:11:cd:55:3d:bc",
        "sha3_384": "74:d0:0c:bf:fb:49:46:67:2b:c2:9e:8d:58:f2:bd:fc:f0:78:db:79:db:cd:d3:96:6f:59:c8:37:e0:d1:99:b6:08:da:2b:2b:a4:6e:81:a5:4d:a4:c6:8b:ef:1f:11:c5",
        "sha3_512": "bd:f0:6f:db:4a:81:75:c7:5b:03:2d:e4:47:03:9b:2b:8e:9b:48:13:44:64:c4:ee:aa:29:26:59:cd:73:34:d7:f9:d4:3a:14:b5:e6:35:07:eb:7a:83:e2:f7:d5:99:0a:a8:4a:97:f1:ae:40:f1:64:16:25:13:b1:1b:a5:18:65",
        "sha512": "dd:7f:99:20:cd:2c:72:c2:a7:9e:71:40:df:cf:c1:40:59:b8:b7:72:0d:be:45:5d:06:93:6f:e9:96:52:75:7f:0d:5f:07:69:ce:f8:b4:b1:b3:31:a8:e3:87:b4:ec:62:f2:0f:61:79:9c:e0:25:c8:69:b4:d3:e3:2c:94:08:c3",
        "shake_128": "90:3d:82:b6:72:e1:29:12:fd:03:88:a7:78:7a:74:2b:cd:cc:c3:26:cf:8d:91:e5:05:76:12:02:49:8f:37:a5",
        "shake_256": "00:54:83:f3:d5:1c:95:b1:ff:86:21:01:cf:e8:d8:22:dd:ff:75:12:e4:c8:0e:99:43:74:0e:bb:52:7f:f0:ae"
    },
    "format": "OpenSSH",
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": false,
            "content": null,
            "delimiter": null,
            "directory_mode": null,
            "follow": false,
            "force": false,
            "format": "OpenSSH",
            "group": null,
            "mode": null,
            "owner": null,
            "path": "configs/algo.pem.pub",
            "privatekey_passphrase": null,
            "privatekey_path": "configs/algo.pem",
            "regexp": null,
            "remote_src": null,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "present",
            "unsafe_writes": null
        }
    },
    "privatekey": "configs/algo.pem"
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
statically imported: /Users/jroland/workspace/algo-master/roles/cloud-vultr/tasks/prompts.yml
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
[cloud-vultr : pause]
Enter the local path to your configuration INI file
(https://trailofbits.github.io/algo/cloud-vultr.html):
:

TASK [cloud-vultr : pause] *********************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/roles/cloud-vultr/tasks/prompts.yml:2
ok: [localhost] => {
    "changed": false,
    "delta": 2,
    "echo": true,
    "rc": 0,
    "start": "2019-10-14 21:18:17.508962",
    "stderr": "",
    "stdout": "Paused for 0.04 minutes",
    "stop": "2019-10-14 21:18:19.692373",
    "user_input": ""
}
Read vars_file 'config.cfg'

TASK [cloud-vultr : Set the token as a fact] ***************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/roles/cloud-vultr/tasks/prompts.yml:11
ok: [localhost] => {
    "ansible_facts": {
        "algo_vultr_config": ""
    },
    "changed": false
}
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: jroland
<localhost> EXEC /bin/sh -c 'echo ~jroland && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059099.808295-253779648503323 `" && echo ansible-tmp-1571059099.808295-253779648503323="` echo /Users/jroland/.ansible/tmp/ansible-tmp-1571059099.808295-253779648503323 `" ) && sleep 0'
Using module file /Users/jroland/workspace/algo-master/.env/lib/python3.7/site-packages/ansible/modules/net_tools/basics/uri.py
<localhost> PUT /Users/jroland/.ansible/tmp/ansible-local-1910nwfto4yb/tmpcptg6npc TO /Users/jroland/.ansible/tmp/ansible-tmp-1571059099.808295-253779648503323/AnsiballZ_uri.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/jroland/.ansible/tmp/ansible-tmp-1571059099.808295-253779648503323/ /Users/jroland/.ansible/tmp/ansible-tmp-1571059099.808295-253779648503323/AnsiballZ_uri.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /Users/jroland/.ansible/tmp/ansible-tmp-1571059099.808295-253779648503323/AnsiballZ_uri.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/jroland/.ansible/tmp/ansible-tmp-1571059099.808295-253779648503323/ > /dev/null 2>&1 && sleep 0'

TASK [cloud-vultr : Get regions] ***************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/roles/cloud-vultr/tasks/prompts.yml:15
fatal: [localhost]: FAILED! => {
    "changed": false,
    "content": "",
    "elapsed": 3,
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": null,
            "body": null,
            "body_format": "raw",
            "client_cert": null,
            "client_key": null,
            "content": null,
            "creates": null,
            "delimiter": null,
            "dest": null,
            "directory_mode": null,
            "follow": false,
            "follow_redirects": "safe",
            "force": false,
            "force_basic_auth": false,
            "group": null,
            "headers": {},
            "http_agent": "ansible-httpget",
            "method": "GET",
            "mode": null,
            "owner": null,
            "regexp": null,
            "remote_src": null,
            "removes": null,
            "return_content": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "status_code": [
                "200"
            ],
            "timeout": 30,
            "unix_socket": null,
            "unsafe_writes": null,
            "url": "https://api.vultr.com/v1/regions/list",
            "url_password": null,
            "url_username": null,
            "use_proxy": true,
            "validate_certs": true
        }
    },
    "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)>",
    "redirected": false,
    "status": -1,
    "url": "https://api.vultr.com/v1/regions/list"
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
included: /Users/jroland/workspace/algo-master/playbooks/rescue.yml for localhost
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'

TASK [debug] ***********************************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/playbooks/rescue.yml:2
ok: [localhost] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}
Read vars_file 'config.cfg'

TASK [Fail the installation] *******************************************************************************************************************************************************************************
task path: /Users/jroland/workspace/algo-master/playbooks/rescue.yml:5
fatal: [localhost]: FAILED! => {
    "changed": false,
    "msg": "Failed as requested from task"
}

PLAY RECAP *************************************************************************************************************************************************************************************************
localhost                  : ok=24   changed=1    unreachable=0    failed=1    skipped=1    rescued=1    ignored=0   

[davidemyers]

I don't know where validate_certs would go.

I've uploaded my cert.pem file here (expires in 1 day) if you want to give it a try in place of yours.

Perhaps there's some permission problem on your end. If you run Keychain Access can you see the list of System Roots?

[james-a-roland]

Just tried with the cert.pem file you mentioned - looks like the error is the same. I can see the list of all of my System roots though as you mentioned - all appear to be valid. How can I tell which cert is relevant to what Algo is using for communicating with the Vultr API?

[davidemyers]

Thanks for running that test, I was hopeful it would work since it looked like your version of the file had not been created correctly.

One of the things I don't understand is why your installation of python3 depends on openssl when the Brew site says it should depend on openssl@1.1. Did you install Homebrew recently or has it been installed for a while?

If it's not new, maybe try: brew update; brew upgrade, then see if the dependency changed with brew deps python3.

I don't know how to tell which cert is being used.

[TC1977]

Sorry if this is a dumb question, but did you do source .env/bin/activate before running ./algo? From the prompt it doesn't look like you did.

[james-a-roland]

Looks like the issues was with my dependencies. I performed the following to get this to work:

• brew update; brew upgrade
• Uninstalling python3. I had installed this previously with an Installation Wizard, so I just needed to move stuff from /Applications to the Trash
• brew install python3
• python3 -m ensurepip --default-pip
• Redownloading algo and starting from the top!

Thank you @davidemyers @TC1977 and @jackivanov for the pointers here!