davidemyers
commented
4 years ago It looks like you might have made an error editing config.cfg to modify users. Can you post the output of:
git diff config.cfgClosed jonsc88 closed 4 years ago
davidemyers
commented
4 years ago It looks like you might have made an error editing config.cfg to modify users. Can you post the output of:
git diff config.cfg
jonsc88
commented
4 years ago found a syntax error with "useusers" and fixed it to say users, but now getting another syntax error? Any thoughts?
davidemyers
commented
4 years ago When pasting output put it between triple backticks to make it more readable.
jonsc88
commented
4 years ago
diff --git a/config.cfg b/config.cfg
index 758d27e..b89cc15 100644
--- a/config.cfg
+++ b/config.cfg
@@ -1,4 +1,4 @@
----
+-
# This is the list of users to generate.
# Every device must have a unique username.
@@ -6,9 +6,9 @@
# Usernames with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
# Emails are not allowed
users:
- - phone
- - laptop
- - desktop
+ - JM1
+ - JM2
+ - JM3
### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed.
root@MSI:~/algo# ```
# This is the list of users to generate.
# Every device must have a unique username.
# You can generate up to 250 users at one time.
# Usernames with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
# Emails are not allowed
users:
- JM1
- JM2
- JM3
### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deplo$
# Change default SSH port for the cloud roles only
# It doesn't apply if you deploy to your existing Ubuntu Server
ssh_port: 4160
# Deploy StrongSwan to enable IPsec support
ipsec_enabled: true
# Deploy WireGuard
# WireGuard will listen on 51820/UDP. You might need to change to another port
# if your network blocks this one. Be aware that 53/UDP (DNS) is blocked on some
# mobile data networks.
wireguard_enabled: true
wireguard_port: 51820
# This feature allows you to configure the Algo server to send outbound traffic
# through a different external IP address than the one you are establishing the VPN connection with.
# More info https://trailofbits.github.io/algo/cloud-alternative-ingress-ip.html
# Available for the following cloud providers:
# - DigitalOcean
alternative_ingress_ip: false
# Reduce the MTU of the VPN tunnel
# Some cloud and internet providers use a smaller MTU (Maximum Transmission
# Unit) than the normal value of 1500 and if you don't reduce the MTU of your
# VPN tunnel some network connections will hang. Algo will attempt to set this
# automatically based on your server, but if connections hang you might need to```Why did you make this change at the very top of the file:
@@ -1,4 +1,4 @@
----
+-it worked! thanks so much!
davidemyers
commented
4 years ago Great! Please close this issue.
No idea why my install is failing. Could anyone help?
root@MSI:~/algo# ./algo [WARNING]: Could not match supplied host pattern, ignoring: vpn-host
PLAY [localhost] ***
TASK [Gathering Facts] ***** ok: [localhost]
TASK [Playbook dir stat] *** ok: [localhost]
TASK [Ensure Ansible is not being run in a world writable directory] *** ok: [localhost] => { "changed": false, "msg": "All assertions passed" }
TASK [Ensure the requirements installed] *** ok: [localhost]
TASK [Set required ansible version as a fact] ** ok: [localhost] => (item=ansible==2.9.7)
TASK [Verify Python meets Algo VPN requirements] *** ok: [localhost] => { "changed": false, "msg": "All assertions passed" }
TASK [Verify Ansible meets Algo VPN requirements] ** ok: [localhost] => { "changed": false, "msg": "All assertions passed" }
PLAY [Ask user for the input] **
TASK [Gathering Facts] ***** ok: [localhost] [Cloud prompt] What provider would you like to use?
Enter the number of your desired provider :
TASK [Cloud prompt] **** ok: [localhost]
TASK [Set facts based on the input] **** ok: [localhost] [VPN server name prompt] Name the vpn server [algo] :
TASK [VPN server name prompt] ** ok: [localhost] [Cellular On Demand prompt] Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks? [y/N] :
TASK [Cellular On Demand prompt] *** ok: [localhost] [Wi-Fi On Demand prompt] Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi? [y/N] :
TASK [Wi-Fi On Demand prompt] ** ok: [localhost] [Trusted Wi-Fi networks prompt] List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand" (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi) :
TASK [Trusted Wi-Fi networks prompt] *** ok: [localhost] [Retain the PKI prompt] Do you want to retain the keys (PKI)? (required to add users in the future, but less secure) [y/N] :
TASK [Retain the PKI prompt] *** ok: [localhost] [DNS adblocking prompt] Do you want to enable DNS ad blocking on this VPN server? [y/N] :
TASK [DNS adblocking prompt] *** ok: [localhost] [SSH tunneling prompt] Do you want each user to have their own account for SSH tunneling? [y/N] :
TASK [SSH tunneling prompt] **** ok: [localhost]
TASK [Set facts based on the input] **** ok: [localhost]
PLAY [Provision the server] ****
TASK [Gathering Facts] ***** ok: [localhost]
--> Please include the following block of text when reporting issues:
Algo running on: Ubuntu 18.04.5 LTS (Virtualized: wsl) Created from git fork. Last commit: 2821f28 Move Lightsail to Ubuntu 20.04 (#1873) Python 3.6.9 Runtime variables: algo_provider "ec2" algo_ondemand_cellular "True" algo_ondemand_wifi "True" algo_ondemand_wifi_exclude "X251bGw=" algo_dns_adblocking "False" algo_ssh_tunneling "False" wireguard_enabled "True" dns_encryption "True"
TASK [Display the invocation environment] ** changed: [localhost -> localhost]
TASK [Install the requirements] **** ok: [localhost -> localhost]
TASK [Generate the SSH private key] **** ok: [localhost]
TASK [Generate the SSH public key] ***** ok: [localhost]
TASK [Copy the private SSH key to /tmp] **** ok: [localhost -> localhost] [DEPRECATION WARNING]: aws_region_facts is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about this rationale.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: ec2_eip_facts is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about this rationale.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: ec2_ami_facts is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about this rationale.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
TASK [cloud-ec2 : Install requirements] **** ok: [localhost] [cloud-ec2 : pause] Enter your AWS Access Key ID (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md) (output is hidden):
TASK [cloud-ec2 : pause] *** ok: [localhost] [cloud-ec2 : pause] Enter your AWS Secret Access Key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) (output is hidden):
TASK [cloud-ec2 : pause] *** ok: [localhost]
TASK [cloud-ec2 : set_fact] **** ok: [localhost]
TASK [cloud-ec2 : Get regions] ***** [DEPRECATION WARNING]: The 'aws_region_facts' module has been renamed to 'aws_region_info'. This feature will be removed in version 2.13. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. ok: [localhost]
TASK [cloud-ec2 : Set facts about the regions] ***** ok: [localhost]
TASK [cloud-ec2 : Set the default region] ** ok: [localhost] [cloud-ec2 : pause] What region should the server be located in? (https://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
Enter the number of your desired region [13] :
TASK [cloud-ec2 : pause] *** ok: [localhost]
TASK [cloud-ec2 : Set algo_region and stack_name facts] **** ok: [localhost]
TASK [cloud-ec2 : Locate official AMI for region] ** [DEPRECATION WARNING]: The 'ec2_ami_facts' module has been renamed to 'ec2_ami_info'. This feature will be removed in version 2.13. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. ok: [localhost]
TASK [cloud-ec2 : Set the ami id as a fact] **** ok: [localhost]
TASK [cloud-ec2 : Deploy the template] ***** changed: [localhost]
TASK [cloud-ec2 : set_fact] **** ok: [localhost]
TASK [Set subjectAltName as a fact] **** ok: [localhost]
TASK [Add the server to an inventory group] **** changed: [localhost]
TASK [Additional variables for the server] ***** changed: [localhost]
TASK [Wait until SSH becomes ready...] ***** ok: [localhost]
TASK [debug] *** ok: [localhost] => { "IP_subject_alt_name": "54.177.135.106" }
TASK [Wait 600 seconds for target connection to become reachable/usable] *** ok: [localhost -> 54.177.135.106] => (item=54.177.135.106)
PLAY [Configure the server and install required software] **
TASK [Wait until the cloud-init completed] ***** ok: [54.177.135.106]
TASK [Ensure the config directory exists] ** changed: [54.177.135.106 -> localhost]
TASK [Dump the ssh config] ***** changed: [54.177.135.106 -> localhost]
TASK [common : Check the system] *** ok: [54.177.135.106] included: /root/algo/roles/common/tasks/ubuntu.yml for 54.177.135.106
TASK [common : Gather facts] *** ok: [54.177.135.106]
TASK [common : Install software updates] *** ok: [54.177.135.106]
TASK [common : Check if reboot is required] **** changed: [54.177.135.106]
TASK [common : Install unattended-upgrades] **** ok: [54.177.135.106]
TASK [common : Configure unattended-upgrades] ** changed: [54.177.135.106]
TASK [common : Periodic upgrades configured] *** changed: [54.177.135.106]
TASK [common : Disable MOTD on login and SSHD] ***** changed: [54.177.135.106] => (item={'regexp': '^session.optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'}) changed: [54.177.135.106] => (item={'regexp': '^session.optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})
TASK [common : Loopback for services configured] *** changed: [54.177.135.106]
TASK [common : systemd services enabled and started] *** ok: [54.177.135.106] => (item=systemd-networkd) ok: [54.177.135.106] => (item=systemd-resolved)
RUNNING HANDLER [common : restart systemd-networkd] **** changed: [54.177.135.106]
TASK [common : Check apparmor support] ***** ok: [54.177.135.106]
TASK [common : Set fact if apparmor enabled] *** ok: [54.177.135.106]
TASK [common : Define facts] *** ok: [54.177.135.106]
TASK [common : Set facts] ** ok: [54.177.135.106]
TASK [common : Set IPv6 support as a fact] ***** ok: [54.177.135.106]
TASK [common : Check size of MTU] ** ok: [54.177.135.106]
TASK [common : Set OS specific facts] ** ok: [54.177.135.106]
TASK [common : Install tools] ** changed: [54.177.135.106] included: /root/algo/roles/common/tasks/iptables.yml for 54.177.135.106
TASK [common : Iptables configured] **** changed: [54.177.135.106] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})
TASK [common : Iptables configured] **** changed: [54.177.135.106] => (item={'src': 'rules.v6.j2', 'dest': '/etc/iptables/rules.v6'})
TASK [common : Sysctl tuning] ** changed: [54.177.135.106] => (item={'item': 'net.ipv4.ip_forward', 'value': 1}) changed: [54.177.135.106] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1}) changed: [54.177.135.106] => (item={'item': 'net.ipv6.conf.all.forwarding', 'value': 1})
RUNNING HANDLER [common : restart iptables] **** changed: [54.177.135.106] included: /root/algo/roles/dns/tasks/ubuntu.yml for 54.177.135.106
TASK [dns : Install dnscrypt-proxy] **** changed: [54.177.135.106]
TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] ***** changed: [54.177.135.106]
TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] *** ok: [54.177.135.106]
TASK [dns : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] *** changed: [54.177.135.106]
TASK [dns : Ubuntu | Add custom requirements to successfully start the unit] *** changed: [54.177.135.106]
TASK [dns : dnscrypt-proxy ip-blacklist configured] **** changed: [54.177.135.106]
TASK [dns : dnscrypt-proxy configured] ***** changed: [54.177.135.106] [WARNING]: flush_handlers task does not support when conditional
RUNNING HANDLER [dns : restart dnscrypt-proxy] ***** changed: [54.177.135.106]
TASK [dns : dnscrypt-proxy enabled and started] **** ok: [54.177.135.106]
TASK [wireguard : Ensure the required directories exist] *** changed: [54.177.135.106 -> localhost] => (item=configs/54.177.135.106/wireguard//.pki//preshared) changed: [54.177.135.106 -> localhost] => (item=configs/54.177.135.106/wireguard//.pki//private) changed: [54.177.135.106 -> localhost] => (item=configs/54.177.135.106/wireguard//.pki//public) changed: [54.177.135.106 -> localhost] => (item=configs/54.177.135.106/wireguard//apple/ios) changed: [54.177.135.106 -> localhost] => (item=configs/54.177.135.106/wireguard//apple/macos) included: /root/algo/roles/wireguard/tasks/ubuntu.yml for 54.177.135.106
TASK [wireguard : WireGuard installed] ***** changed: [54.177.135.106]
TASK [wireguard : Set OS specific facts] *** ok: [54.177.135.106]
TASK [wireguard : Generate private keys] *** fatal: [54.177.135.106]: FAILED! => {"msg": "'users' is undefined"} included: /root/algo/playbooks/rescue.yml for 54.177.135.106
TASK [debug] *** ok: [54.177.135.106] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }
TASK [Fail the installation] *** fatal: [54.177.135.106]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP ***** 54.177.135.106 : ok=44 changed=22 unreachable=0 failed=1 skipped=13 rescued=1 ignored=0 localhost : ok=43 changed=4 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0