davidemyers
commented
7 years ago It looks like hosts-file.net is not responding to HTTPS requests. HTTP seems to still be working.
Closed etrigan6 closed 7 years ago
davidemyers
commented
7 years ago It looks like hosts-file.net is not responding to HTTPS requests. HTTP seems to still be working.
etrigan6
commented
7 years ago So what am i supposed to do? its again happening with a new set of server and I downloaded the latest algo
PLAY [Configure the server] ****
TASK [setup] *** ok: [localhost]
TASK [Generate the SSH private key] **** ok: [localhost]
TASK [Generate the SSH public key] ***** ok: [localhost]
TASK [Change mode for the SSH private key] ***** ok: [localhost]
TASK [Ensure the dynamic inventory exists] ***** ok: [localhost]
TASK [cloud-ec2 : set_fact] **** ok: [localhost]
TASK [cloud-ec2 : Locate official AMI for region] ** ok: [localhost]
TASK [cloud-ec2 : set_fact] **** ok: [localhost]
TASK [cloud-ec2 : Make a cloudformation template] ** changed: [localhost]
TASK [cloud-ec2 : Deploy the template] ***** changed: [localhost]
TASK [cloud-ec2 : Add new instance to host group] ** changed: [localhost]
TASK [cloud-ec2 : set_fact] **** ok: [localhost]
TASK [cloud-ec2 : Get EC2 instances] *** ok: [localhost]
TASK [cloud-ec2 : Ensure the group ec2 exists in the dynamic inventory file] *** ok: [localhost]
TASK [cloud-ec2 : Populate the dynamic inventory] ** changed: [localhost] => (item={u'kernel': None, u'instance_profile': None, u'root_device_type': u'ebs', u'private_dns_name': u'ip-172-16-254-136.ec2.internal', u'spot_instance_request_id': None, u'source_destination_check': u'true', u'id': u'i-08a833acbd9da3c1d', u'ebs_optimized': False, u'state': u'running', u'client_token': u'vpnal-EC2In-9AJMX6VZWGF5', u'virtualization_type': u'hvm', u'ramdisk': None, u'public_ip_address': u'34.199.229.220', u'block_device_mapping': [{u'status': u'attached', u'volume_id': u'vol-0ffb0092907c66033', u'delete_on_termination': True, u'attach_time': u'2017-06-06T00:47:21.000Z', u'device_name': u'/dev/sda1'}], u'key_name': None, u'interfaces': [{u'id': u'eni-e3f1aa39', u'mac_address': u'0e:f1:79:ea:5e:50'}], u'image_id': u'ami-20631a36', u'groups': [{u'id': u'sg-a22f24dc', u'name': u'vpnalgo-InstanceSecurityGroup-IY8W45YEF96R'}], u'public_dns_name': u'ec2-34-199-229-220.compute-1.amazonaws.com', u'requester_id': None, u'tags': {u'Environment': u'Algo', u'aws:cloudformation:stack-name': u'vpnalgo', u'Name': u'Algo', u'aws:cloudformation:stack-id': u'arn:aws:cloudformation:us-east-1:997882590914:stack/vpnalgo/79ec1190-4a51-11e7-be63-500c212ff6fd', u'aws:cloudformation:logical-id': u'EC2Instance'}, u'monitoring_state': u'disabled', u'placement': {u'tenancy': u'default', u'zone': u'us-east-1d'}, u'ami_launch_index': u'0', u'hypervisor': u'xen', u'region': u'us-east-1', u'launch_time': u'2017-06-06T00:47:20.000Z', u'persistent': False, u'architecture': u'x86_64', u'private_ip_address': u'172.16.254.136', u'vpc_id': u'vpc-f36db18a'})
TASK [Wait until SSH becomes ready...] ***** ok: [localhost]
TASK [A short pause, in order to be sure the instance is ready] **** Pausing for 20 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [localhost]
TASK [Ensure the local ssh directory is exist] ***** ok: [localhost]
TASK [Copy the algo ssh key to the local ssh directory] **** ok: [localhost]
PLAY [Configure the server and install required software] **
TASK [Check the system] **** changed: [34.199.229.220]
TASK [Ubuntu | Install prerequisites] ** changed: [34.199.229.220]
TASK [Ubuntu | Configure defaults] ***** changed: [34.199.229.220]
TASK [FreeBSD / HardenedBSD | Install prerequisites] *** skipping: [34.199.229.220]
TASK [FreeBSD / HardenedBSD | Configure defaults] ** skipping: [34.199.229.220]
TASK [set_fact] **** skipping: [34.199.229.220]
TASK [Gather Facts] **** ok: [34.199.229.220]
TASK [Ensure the algo ssh key exist on the server] ***** ok: [34.199.229.220]
TASK [Enable IPv6] ***** ok: [34.199.229.220]
TASK [Set facts if the deployment in a cloud] ** ok: [34.199.229.220]
TASK [Generate password for the CA key] **** changed: [34.199.229.220 -> localhost]
TASK [Define password facts] *** ok: [34.199.229.220]
TASK [Define the commonName] *** ok: [34.199.229.220]
TASK [common : Install software updates] *** changed: [34.199.229.220]
TASK [common : Check if reboot is required] **** changed: [34.199.229.220]
TASK [common : Reboot] ***** ok: [34.199.229.220]
TASK [common : Wait until SSH becomes ready...] **** ok: [34.199.229.220 -> localhost]
TASK [common : Disable MOTD on login and SSHD] ***** changed: [34.199.229.220] => (item={u'regexp': u'^session.optional.pam_motd.so.', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'}) changed: [34.199.229.220] => (item={u'regexp': u'^session.optional.pam_motd.so.', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})
TASK [common : Loopback for services configured] *** changed: [34.199.229.220]
TASK [common : Loopback included into the network config] ** changed: [34.199.229.220]
RUNNING HANDLER [common : restart loopback] **** changed: [34.199.229.220]
TASK [common : Check apparmor support] ***** changed: [34.199.229.220]
TASK [common : set_fact] *** ok: [34.199.229.220]
TASK [common : set_fact] *** ok: [34.199.229.220]
TASK [common : set_fact] *** skipping: [34.199.229.220]
TASK [common : Loopback included into the rc config] *** skipping: [34.199.229.220]
TASK [common : Enable the gateway features] **** skipping: [34.199.229.220] => (item={u'value': u'"YES"', u'param': u'gateway_enable'}) skipping: [34.199.229.220] => (item={u'value': u'"open"', u'param': u'firewall_type'}) skipping: [34.199.229.220] => (item={u'value': u'"YES"', u'param': u'firewall_enable'}) skipping: [34.199.229.220] => (item={u'value': u'"YES"', u'param': u'natd_enable'}) skipping: [34.199.229.220] => (item={u'value': u'""', u'param': u'natd_interface'}) skipping: [34.199.229.220] => (item={u'value': u'"-dynamic -m"', u'param': u'natd_flags'})
TASK [common : FreeBSD | Activate IPFW] **** skipping: [34.199.229.220]
TASK [common : Install tools] ** changed: [34.199.229.220] => (item=[u'git', u'screen', u'apparmor-utils', u'uuid-runtime', u'coreutils', u'sendmail', u'iptables-persistent', u'cgroup-tools', u'openssl'])
TASK [common : Sysctl tuning] ** changed: [34.199.229.220] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1}) changed: [34.199.229.220] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1}) changed: [34.199.229.220] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
TASK [security : Install tools] **** ok: [34.199.229.220] => (item=[u'unattended-upgrades'])
TASK [security : Configure unattended-upgrades] **** changed: [34.199.229.220]
TASK [security : Periodic upgrades configured] ***** changed: [34.199.229.220]
TASK [security : Find directories for minimizing access] *** ok: [34.199.229.220] => (item=/usr/local/sbin) ok: [34.199.229.220] => (item=/usr/local/bin) ok: [34.199.229.220] => (item=/usr/sbin) ok: [34.199.229.220] => (item=/usr/bin) ok: [34.199.229.220] => (item=/sbin) ok: [34.199.229.220] => (item=/bin)
TASK [security : Minimize access] ** ok: [34.199.229.220] => (item=(censored due to no_log)) ok: [34.199.229.220] => (item=(censored due to no_log)) ok: [34.199.229.220] => (item=(censored due to no_log)) ok: [34.199.229.220] => (item=(censored due to no_log)) ok: [34.199.229.220] => (item=(censored due to no_log)) ok: [34.199.229.220] => (item=(censored due to no_log))
TASK [security : Change shadow ownership to root and mode to 0600] ***** changed: [34.199.229.220]
TASK [security : change su-binary to only be accessible to user and group root] changed: [34.199.229.220]
TASK [security : Collect Use of privileged commands] *** changed: [34.199.229.220]
TASK [security : Restrict core dumps (with PAM)] *** changed: [34.199.229.220]
TASK [security : Restrict core dumps (with sysctl)] **** changed: [34.199.229.220]
TASK [security : Disable Source Routed Packet Acceptance] ** changed: [34.199.229.220] => (item=net.ipv4.conf.all.accept_source_route) changed: [34.199.229.220] => (item=net.ipv4.conf.default.accept_source_route)
TASK [security : Disable ICMP Redirect Acceptance] ***** changed: [34.199.229.220] => (item=net.ipv4.conf.all.accept_redirects) changed: [34.199.229.220] => (item=net.ipv4.conf.default.accept_redirects)
TASK [security : Disable Secure ICMP Redirect Acceptance] ** changed: [34.199.229.220] => (item=net.ipv4.conf.all.secure_redirects) changed: [34.199.229.220] => (item=net.ipv4.conf.default.secure_redirects)
TASK [security : Enable Bad Error Message Protection] ** changed: [34.199.229.220]
TASK [security : Enable RFC-recommended Source Route Validation] *** changed: [34.199.229.220] => (item=net.ipv4.conf.all.rp_filter) changed: [34.199.229.220] => (item=net.ipv4.conf.default.rp_filter)
TASK [security : Do not send ICMP redirects (we are not a router)] ***** changed: [34.199.229.220]
TASK [security : SSH config] *** changed: [34.199.229.220]
TASK [dns_adblocking : The DNS tag is defined] ***** ok: [34.199.229.220]
TASK [dns_adblocking : Dnsmasq installed] ** changed: [34.199.229.220]
TASK [dns_adblocking : Ensure that the dnsmasq user exist] ***** changed: [34.199.229.220]
TASK [dns_adblocking : The dnsmasq directory created] ** changed: [34.199.229.220]
TASK [dns_adblocking : Ubuntu | Dnsmasq profile for apparmor configured] *** changed: [34.199.229.220]
TASK [dns_adblocking : Ubuntu | Enforce the dnsmasq AppArmor policy] *** changed: [34.199.229.220]
TASK [dns_adblocking : Ubuntu | Ensure that the dnsmasq service directory exist] *** changed: [34.199.229.220]
TASK [dns_adblocking : Ubuntu | Setup the cgroup limitations for the ipsec daemon] *** changed: [34.199.229.220]
TASK [dns_adblocking : FreeBSD / HardenedBSD | Enable dnsmasq] ***** skipping: [34.199.229.220]
TASK [dns_adblocking : Dnsmasq configured] ***** changed: [34.199.229.220]
TASK [dns_adblocking : Adblock script created] ***** changed: [34.199.229.220]
TASK [dns_adblocking : Adblock script added to cron] *** changed: [34.199.229.220]
TASK [dns_adblocking : Update adblock hosts] ***
OS / Environment
ubuntu/AWS ec2 4.4.0-78-generic
Ansible version
ansible>=2.1,<2.2.1
Version of components from
requirements.txtmsrestazure setuptools>=11.3 ansible>=2.1,<2.2.1 dopy==0.3.5 boto>=2.5 boto3 azure==2.0.0rc5 msrest==0.4.1 apache-libcloud six pyopenssl jinja2==2.8
Summary of the problem
I have installed algo multiple times. But today on running ./algo it always get stuck at
TASK [dns_adblocking : Update adblock hosts] ** It doesnt move forward. The ec2 instance is created. The configs downloaded for the instance wont let me connect to the internet
Steps to reproduce the behavior
regular - go to run ./algo use ec2 virginia every other options selected -- y
The way of deployment (cloud or local)
cloud ec2
Expected behavior
Should have finished and give me ok. Then i would download the config files for the ip from configs/ip folder. enable the config and start browsing using the new vpn
Actual behavior
Get stuck in between. The configs downloaded wont let me connect to internet
Full log
What region should the server be located in?
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi) :
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
Do you want each user to have their own account for SSH tunneling?
Do you want to apply operating system security enhancements on the server? (warning: replaces your sshd_config)
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
Do you want to retain the CA key? (required to add users in the future, but less secure)
PLAY [Configure the server] ****
TASK [setup] *** ok: [localhost]
TASK [Generate the SSH private key] **** changed: [localhost]
TASK [Generate the SSH public key] ***** ok: [localhost]
TASK [Change mode for the SSH private key] ***** ok: [localhost]
TASK [Ensure the dynamic inventory exists] ***** changed: [localhost]
TASK [cloud-ec2 : set_fact] **** ok: [localhost]
TASK [cloud-ec2 : Locate official AMI for region] ** ok: [localhost]
TASK [cloud-ec2 : set_fact] **** ok: [localhost]
TASK [cloud-ec2 : Make a cloudformation template] ** changed: [localhost]
TASK [cloud-ec2 : Deploy the template] ***** changed: [localhost]
TASK [cloud-ec2 : Add new instance to host group] ** changed: [localhost]
TASK [cloud-ec2 : set_fact] **** ok: [localhost]
TASK [cloud-ec2 : Get EC2 instances] *** ok: [localhost]
TASK [cloud-ec2 : Ensure the group ec2 exists in the dynamic inventory file] *** changed: [localhost]
TASK [cloud-ec2 : Populate the dynamic inventory] ** changed: [localhost] => (item={u'kernel': None, u'instance_profile': None, u'root_device_type': u'ebs', u'private_dns_name': u'ip-172-16-255-30.ec2.internal', u'spot_instance_request_id': None, u'source_destination_check': u'true', u'id': u'i-06e5f3624bd29272f', u'ebs_optimized': False, u'state': u'running', u'client_token': u'VPNSk-EC2In-1OTI76JN81L87', u'virtualization_type': u'hvm', u'ramdisk': None, u'public_ip_address': u'34.225.12.105', u'block_device_mapping': [{u'status': u'attached', u'volume_id': u'vol-0ce0c5728e5efb507', u'delete_on_termination': True, u'attach_time': u'2017-06-04T22:58:07.000Z', u'device_name': u'/dev/sda1'}], u'key_name': None, u'interfaces': [{u'id': u'eni-cd43bccc', u'mac_address': u'06:7a:48:25:e3:56'}], u'image_id': u'ami-20631a36', u'groups': [{u'id': u'sg-e2afa39c', u'name': u'VPNSkaria-InstanceSecurityGroup-1HZI08TGP2Z1P'}], u'public_dns_name': u'ec2-34-225-12-105.compute-1.amazonaws.com', u'requester_id': None, u'tags': {u'Environment': u'Algo', u'aws:cloudformation:stack-name': u'VPNSkaria', u'aws:cloudformation:stack-id': u'arn:aws:cloudformation:us-east-1:997882590914:stack/VPNSkaria/11264280-4979-11e7-93b4-500c2893c0d2', u'Name': u'Algo', u'aws:cloudformation:logical-id': u'EC2Instance'}, u'monitoring_state': u'disabled', u'placement': {u'tenancy': u'default', u'zone': u'us-east-1b'}, u'ami_launch_index': u'0', u'hypervisor': u'xen', u'region': u'us-east-1', u'launch_time': u'2017-06-04T22:58:06.000Z', u'persistent': False, u'architecture': u'x86_64', u'private_ip_address': u'172.16.255.30', u'vpc_id': u'vpc-26de035f'})
TASK [Wait until SSH becomes ready...] ***** ok: [localhost]
TASK [A short pause, in order to be sure the instance is ready] **** Pausing for 20 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [localhost]
TASK [Ensure the local ssh directory is exist] ***** ok: [localhost]
TASK [Copy the algo ssh key to the local ssh directory] **** changed: [localhost]
PLAY [Configure the server and install required software] **
TASK [Check the system] **** changed: [34.225.12.105]
TASK [Ubuntu | Install prerequisites] ** changed: [34.225.12.105]
TASK [Ubuntu | Configure defaults] ***** changed: [34.225.12.105]
TASK [FreeBSD / HardenedBSD | Install prerequisites] *** skipping: [34.225.12.105]
TASK [FreeBSD / HardenedBSD | Configure defaults] ** skipping: [34.225.12.105]
TASK [set_fact] **** skipping: [34.225.12.105]
TASK [Gather Facts] **** ok: [34.225.12.105]
TASK [Ensure the algo ssh key exist on the server] ***** ok: [34.225.12.105]
TASK [Enable IPv6] ***** ok: [34.225.12.105]
TASK [Set facts if the deployment in a cloud] ** ok: [34.225.12.105]
TASK [Generate password for the CA key] **** changed: [34.225.12.105 -> localhost]
TASK [Define password facts] *** ok: [34.225.12.105]
TASK [Define the commonName] *** ok: [34.225.12.105]
TASK [common : Install software updates] *** changed: [34.225.12.105]
TASK [common : Check if reboot is required] **** changed: [34.225.12.105]
TASK [common : Reboot] ***** ok: [34.225.12.105]
TASK [common : Wait until SSH becomes ready...] **** ok: [34.225.12.105 -> localhost]
TASK [common : Disable MOTD on login and SSHD] ***** changed: [34.225.12.105] => (item={u'regexp': u'^session.optional.pam_motd.so.', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/login'}) changed: [34.225.12.105] => (item={u'regexp': u'^session.optional.pam_motd.so.', u'line': u'# MOTD DISABLED', u'file': u'/etc/pam.d/sshd'})
TASK [common : Loopback for services configured] *** changed: [34.225.12.105]
TASK [common : Loopback included into the network config] ** changed: [34.225.12.105]
RUNNING HANDLER [common : restart loopback] **** changed: [34.225.12.105]
TASK [common : Check apparmor support] ***** changed: [34.225.12.105]
TASK [common : set_fact] *** ok: [34.225.12.105]
TASK [common : set_fact] *** ok: [34.225.12.105]
TASK [common : set_fact] *** skipping: [34.225.12.105]
TASK [common : Loopback included into the rc config] *** skipping: [34.225.12.105]
TASK [common : Enable the gateway features] **** skipping: [34.225.12.105] => (item={u'value': u'"open"', u'param': u'firewall_type'}) skipping: [34.225.12.105] => (item={u'value': u'"YES"', u'param': u'firewall_enable'}) skipping: [34.225.12.105] => (item={u'value': u'"YES"', u'param': u'gateway_enable'}) skipping: [34.225.12.105] => (item={u'value': u'"YES"', u'param': u'natd_enable'}) skipping: [34.225.12.105] => (item={u'value': u'""', u'param': u'natd_interface'}) skipping: [34.225.12.105] => (item={u'value': u'"-dynamic -m"', u'param': u'natd_flags'})
TASK [common : FreeBSD | Activate IPFW] **** skipping: [34.225.12.105]
TASK [common : Install tools] ** changed: [34.225.12.105] => (item=[u'git', u'screen', u'apparmor-utils', u'uuid-runtime', u'coreutils', u'sendmail', u'iptables-persistent', u'cgroup-tools', u'openssl'])
TASK [common : Sysctl tuning] ** changed: [34.225.12.105] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1}) changed: [34.225.12.105] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1}) changed: [34.225.12.105] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
TASK [security : Install tools] **** ok: [34.225.12.105] => (item=[u'unattended-upgrades'])
TASK [security : Configure unattended-upgrades] **** changed: [34.225.12.105]
TASK [security : Periodic upgrades configured] ***** changed: [34.225.12.105]
TASK [security : Find directories for minimizing access] *** ok: [34.225.12.105] => (item=/usr/local/sbin) ok: [34.225.12.105] => (item=/usr/local/bin) ok: [34.225.12.105] => (item=/usr/sbin) ok: [34.225.12.105] => (item=/usr/bin) ok: [34.225.12.105] => (item=/sbin) ok: [34.225.12.105] => (item=/bin)
TASK [security : Minimize access] ** ok: [34.225.12.105] => (item=(censored due to no_log)) ok: [34.225.12.105] => (item=(censored due to no_log)) ok: [34.225.12.105] => (item=(censored due to no_log)) ok: [34.225.12.105] => (item=(censored due to no_log)) ok: [34.225.12.105] => (item=(censored due to no_log)) ok: [34.225.12.105] => (item=(censored due to no_log))
TASK [security : Change shadow ownership to root and mode to 0600] ***** changed: [34.225.12.105]
TASK [security : change su-binary to only be accessible to user and group root] changed: [34.225.12.105]
TASK [security : Collect Use of privileged commands] *** changed: [34.225.12.105]
TASK [security : Restrict core dumps (with PAM)] *** changed: [34.225.12.105]
TASK [security : Restrict core dumps (with sysctl)] **** changed: [34.225.12.105]
TASK [security : Disable Source Routed Packet Acceptance] ** changed: [34.225.12.105] => (item=net.ipv4.conf.all.accept_source_route) changed: [34.225.12.105] => (item=net.ipv4.conf.default.accept_source_route)
TASK [security : Disable ICMP Redirect Acceptance] ***** changed: [34.225.12.105] => (item=net.ipv4.conf.all.accept_redirects) changed: [34.225.12.105] => (item=net.ipv4.conf.default.accept_redirects)
TASK [security : Disable Secure ICMP Redirect Acceptance] ** changed: [34.225.12.105] => (item=net.ipv4.conf.all.secure_redirects) changed: [34.225.12.105] => (item=net.ipv4.conf.default.secure_redirects)
TASK [security : Enable Bad Error Message Protection] ** changed: [34.225.12.105]
TASK [security : Enable RFC-recommended Source Route Validation] *** changed: [34.225.12.105] => (item=net.ipv4.conf.all.rp_filter) changed: [34.225.12.105] => (item=net.ipv4.conf.default.rp_filter)
TASK [security : Do not send ICMP redirects (we are not a router)] ***** changed: [34.225.12.105]
TASK [security : SSH config] *** changed: [34.225.12.105]
TASK [dns_adblocking : The DNS tag is defined] ***** ok: [34.225.12.105]
TASK [dns_adblocking : Dnsmasq installed] ** changed: [34.225.12.105]
TASK [dns_adblocking : Ensure that the dnsmasq user exist] ***** changed: [34.225.12.105]
TASK [dns_adblocking : The dnsmasq directory created] ** changed: [34.225.12.105]
TASK [dns_adblocking : Ubuntu | Dnsmasq profile for apparmor configured] *** changed: [34.225.12.105]
TASK [dns_adblocking : Ubuntu | Enforce the dnsmasq AppArmor policy] *** changed: [34.225.12.105]
TASK [dns_adblocking : Ubuntu | Ensure that the dnsmasq service directory exist] *** changed: [34.225.12.105]
TASK [dns_adblocking : Ubuntu | Setup the cgroup limitations for the ipsec daemon] *** changed: [34.225.12.105]
TASK [dns_adblocking : FreeBSD / HardenedBSD | Enable dnsmasq] ***** skipping: [34.225.12.105]
TASK [dns_adblocking : Dnsmasq configured] ***** changed: [34.225.12.105]
TASK [dns_adblocking : Adblock script created] ***** changed: [34.225.12.105]
TASK [dns_adblocking : Adblock script added to cron] *** changed: [34.225.12.105]
TASK [dns_adblocking : Update adblock hosts] ***