Closed zoonderkins closed 7 years ago
Ubuntu 17.04 64bit
2.1,<2.2.1
I updated to 5.5.2-0ubuntu1~zesty (strongswan version) it failed
local
PLAY [Configure the server] ****
TASK [setup] *** ok: [localhost]
TASK [Generate the SSH private key] **** ok: [localhost]
TASK [Generate the SSH public key] ***** ok: [localhost]
TASK [Change mode for the SSH private key] ***** ok: [localhost]
TASK [Ensure the dynamic inventory exists] ***** ok: [localhost]
TASK [Ensure the local ssh directory is exist] ***** ok: [localhost]
TASK [Copy the algo ssh key to the local ssh directory] **** ok: [localhost]
TASK [local : Add the instance to an inventory group] ** changed: [localhost]
TASK [local : Add the instance to an inventory group] ** skipping: [localhost]
TASK [local : set_fact] **** ok: [localhost]
TASK [local : Ensure the group local exists in the dynamic inventory file] ***** ok: [localhost]
TASK [local : Populate the dynamic inventory] ** ok: [localhost]
PLAY [Configure the server and install required software] **
TASK [Check the system] **** changed: [0.0.0.0]
TASK [Ubuntu | Install prerequisites] ** changed: [0.0.0.0]
TASK [FreeBSD / HardenedBSD | Install prerequisites] *** skipping: [0.0.0.0]
TASK [FreeBSD / HardenedBSD | Configure defaults] ** skipping: [0.0.0.0]
TASK [set_fact] **** skipping: [0.0.0.0]
TASK [Gather Facts] **** ok: [0.0.0.0]
TASK [Enable IPv6] ***** ok: [0.0.0.0]
TASK [Generate password for the CA key] **** changed: [0.0.0.0 -> localhost]
TASK [Define password facts] *** ok: [0.0.0.0]
TASK [Define the commonName] *** ok: [0.0.0.0]
TASK [common : Loopback for services configured] *** ok: [0.0.0.0]
TASK [common : Loopback included into the network config] ** ok: [0.0.0.0]
TASK [common : set_fact] *** ok: [0.0.0.0]
TASK [common : set_fact] *** skipping: [0.0.0.0]
TASK [common : Loopback included into the rc config] *** skipping: [0.0.0.0]
TASK [common : Enable the gateway features] **** skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'firewall_enable'}) skipping: [0.0.0.0] => (item={u'value': u'"open"', u'param': u'firewall_type'}) skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'gateway_enable'}) skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'natd_enable'}) skipping: [0.0.0.0] => (item={u'value': u'""', u'param': u'natd_interface'}) skipping: [0.0.0.0] => (item={u'value': u'"-dynamic -m"', u'param': u'natd_flags'})
TASK [common : Install tools] ** ok: [0.0.0.0] => (item=[u'git', u'screen', u'apparmor-utils', u'uuid-runtime', u'coreutils', u'sendmail', u'iptables-persistent', u'cgroup-tools', u'openssl'])
TASK [common : Sysctl tuning] ** ok: [0.0.0.0] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1}) ok: [0.0.0.0] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1}) ok: [0.0.0.0] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
TASK [vpn : Ensure that the strongswan group exist] **** ok: [0.0.0.0]
TASK [vpn : Ensure that the strongswan user exist] ***** ok: [0.0.0.0]
TASK [vpn : set_fact] ** ok: [0.0.0.0]
TASK [vpn : Configure apt to use the Xenial release by default] **** skipping: [0.0.0.0]
TASK [vpn : Configure packages preferences] **** skipping: [0.0.0.0]
TASK [vpn : Configure the Ubuntu Zesty repository] ***** skipping: [0.0.0.0]
TASK [vpn : Ubuntu | Install strongSwan] *** changed: [0.0.0.0]
TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] **** skipping: [0.0.0.0] => (item=/usr/lib/ipsec/charon) skipping: [0.0.0.0] => (item=/usr/lib/ipsec/lookip) skipping: [0.0.0.0] => (item=/usr/lib/ipsec/stroke)
TASK [vpn : Ubuntu | Enable services] ** ok: [0.0.0.0] => (item=apparmor) failed: [0.0.0.0] (item=strongswan) => {"failed": true, "item": "strongswan", "msg": "Unable to enable service strongswan: Failed to enable unit: Unit file /etc/systemd/system/strongswan.service is masked.\n"} ok: [0.0.0.0] => (item=netfilter-persistent)
TASK [vpn : debug] ***** ok: [0.0.0.0] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }
TASK [vpn : fail] ** fatal: [0.0.0.0]: FAILED! => {"changed": false, "failed": true, "msg": "Failed as requested from task"}
We don't officially support 17.04. Only 16.04 for servers.
OS / Environment
Ubuntu 17.04 64bit
Ansible version
2.1,<2.2.1
Summary of the problem
I updated to 5.5.2-0ubuntu1~zesty (strongswan version) it failed
The way of deployment (cloud or local)
local
Full log
PLAY [Configure the server] ****
TASK [setup] *** ok: [localhost]
TASK [Generate the SSH private key] **** ok: [localhost]
TASK [Generate the SSH public key] ***** ok: [localhost]
TASK [Change mode for the SSH private key] ***** ok: [localhost]
TASK [Ensure the dynamic inventory exists] ***** ok: [localhost]
TASK [Ensure the local ssh directory is exist] ***** ok: [localhost]
TASK [Copy the algo ssh key to the local ssh directory] **** ok: [localhost]
TASK [local : Add the instance to an inventory group] ** changed: [localhost]
TASK [local : Add the instance to an inventory group] ** skipping: [localhost]
TASK [local : set_fact] **** ok: [localhost]
TASK [local : Ensure the group local exists in the dynamic inventory file] ***** ok: [localhost]
TASK [local : Populate the dynamic inventory] ** ok: [localhost]
PLAY [Configure the server and install required software] **
TASK [Check the system] **** changed: [0.0.0.0]
TASK [Ubuntu | Install prerequisites] ** changed: [0.0.0.0]
TASK [FreeBSD / HardenedBSD | Install prerequisites] *** skipping: [0.0.0.0]
TASK [FreeBSD / HardenedBSD | Configure defaults] ** skipping: [0.0.0.0]
TASK [set_fact] **** skipping: [0.0.0.0]
TASK [Gather Facts] **** ok: [0.0.0.0]
TASK [Enable IPv6] ***** ok: [0.0.0.0]
TASK [Generate password for the CA key] **** changed: [0.0.0.0 -> localhost]
TASK [Define password facts] *** ok: [0.0.0.0]
TASK [Define the commonName] *** ok: [0.0.0.0]
TASK [common : Loopback for services configured] *** ok: [0.0.0.0]
TASK [common : Loopback included into the network config] ** ok: [0.0.0.0]
TASK [common : set_fact] *** ok: [0.0.0.0]
TASK [common : set_fact] *** skipping: [0.0.0.0]
TASK [common : Loopback included into the rc config] *** skipping: [0.0.0.0]
TASK [common : Enable the gateway features] **** skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'firewall_enable'}) skipping: [0.0.0.0] => (item={u'value': u'"open"', u'param': u'firewall_type'}) skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'gateway_enable'}) skipping: [0.0.0.0] => (item={u'value': u'"YES"', u'param': u'natd_enable'}) skipping: [0.0.0.0] => (item={u'value': u'""', u'param': u'natd_interface'}) skipping: [0.0.0.0] => (item={u'value': u'"-dynamic -m"', u'param': u'natd_flags'})
TASK [common : Install tools] ** ok: [0.0.0.0] => (item=[u'git', u'screen', u'apparmor-utils', u'uuid-runtime', u'coreutils', u'sendmail', u'iptables-persistent', u'cgroup-tools', u'openssl'])
TASK [common : Sysctl tuning] ** ok: [0.0.0.0] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1}) ok: [0.0.0.0] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1}) ok: [0.0.0.0] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
TASK [vpn : Ensure that the strongswan group exist] **** ok: [0.0.0.0]
TASK [vpn : Ensure that the strongswan user exist] ***** ok: [0.0.0.0]
TASK [vpn : set_fact] ** ok: [0.0.0.0]
TASK [vpn : Configure apt to use the Xenial release by default] **** skipping: [0.0.0.0]
TASK [vpn : Configure packages preferences] **** skipping: [0.0.0.0]
TASK [vpn : Configure the Ubuntu Zesty repository] ***** skipping: [0.0.0.0]
TASK [vpn : Ubuntu | Install strongSwan] *** changed: [0.0.0.0]
TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] **** skipping: [0.0.0.0] => (item=/usr/lib/ipsec/charon) skipping: [0.0.0.0] => (item=/usr/lib/ipsec/lookip) skipping: [0.0.0.0] => (item=/usr/lib/ipsec/stroke)
TASK [vpn : Ubuntu | Enable services] ** ok: [0.0.0.0] => (item=apparmor) failed: [0.0.0.0] (item=strongswan) => {"failed": true, "item": "strongswan", "msg": "Unable to enable service strongswan: Failed to enable unit: Unit file /etc/systemd/system/strongswan.service is masked.\n"} ok: [0.0.0.0] => (item=netfilter-persistent)
TASK [vpn : debug] ***** ok: [0.0.0.0] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }
TASK [vpn : fail] ** fatal: [0.0.0.0]: FAILED! => {"changed": false, "failed": true, "msg": "Failed as requested from task"}