Installation fails on AWS

[TarekSalama]

Expected behavior:

Success

Actual Behavior:

Fails to finish

Steps to Reproduce:

I tried following the steps twice to run the script. The script seems to run fine for quite a bit and then it fails eventually as shown below.

Ansible Information

• Ansible version: 2.8.4
• Ansible system: Darwin
• Host OS: MacOSX
• Host OS version: 10.14.6
• Python interpreter: python
• Python version: 2.7.10

Streisand Information

• Streisand Git revision: e0680b71e13c5549145899cd534a7032e885311c
• Streisand Git clone has untracked changes: no
• Genesis role: genesis-amazon
• Custom SSH key: True

Enabled Roles

• Shadowsocks enabled: True
• Wireguard enabled: True
• OpenVPN enabled: True
• stunnel enabled: True
• Tor enabled: True
• Openconnect enabled: True
• TinyProxy enabled: True
• SSH forward user enabled: True
• Configured number of VPN clients: 5

Additional Details:

Log output from Ansible or other relevant services (link to Gist for longer output):

`TASK [streisand-gateway : Register more MITM mitigation facts (fingerprints)] *** changed: [34.226.186.66] => (item=sha256) changed: [34.226.186.66] => (item=sha1) changed: [34.226.186.66] => (item=md5)

TASK [streisand-gateway : Convert the CA certificate into the right format for a data uri] *** changed: [34.226.186.66]

TASK [streisand-gateway : include_vars] **************************************** ok: [34.226.186.66]

TASK [streisand-gateway : Generate a random Gateway password] ****************** changed: [34.226.186.66]

TASK [streisand-gateway : Register the Gateway password] *********************** ok: [34.226.186.66]

TASK [streisand-gateway : Install the required package for the htpasswd command] *** fatal: [34.226.186.66]: FAILED! => {"cache_update_time": 1569277006, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" install 'apache2-utils'' failed: E: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.5.2-3_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\n\nE: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.5.4-1build1_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\n\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.4.18-2ubuntu3.13_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\n\nE: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?\n", "rc": 100, "stderr": "E: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.5.2-3_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\n\nE: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.5.4-1build1_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\n\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.4.18-2ubuntu3.13_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\n\nE: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?\n", "stderr_lines": ["E: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.5.2-3_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'", "", "E: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.5.4-1build1_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'", "", "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.4.18-2ubuntu3.13_amd64.deb Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'", "", "E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following additional packages will be installed:\n libapr1 libaprutil1\nThe following NEW packages will be installed:\n apache2-utils libapr1 libaprutil1\n0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.\nNeed to get 245 kB of archives.\nAfter this operation, 810 kB of additional disk space will be used.\nErr:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libapr1 amd64 1.5.2-3\n Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\nErr:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1 amd64 1.5.4-1build1\n Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\nErr:3 http://security.ubuntu.com/ubuntu xenial-security/main amd64 apache2-utils amd64 2.4.18-2ubuntu3.13\n Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\nErr:3 http://security.ubuntu.com/ubuntu xenial-security/main amd64 apache2-utils amd64 2.4.18-2ubuntu3.13\n Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following additional packages will be installed:", " libapr1 libaprutil1", "The following NEW packages will be installed:", " apache2-utils libapr1 libaprutil1", "0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.", "Need to get 245 kB of archives.", "After this operation, 810 kB of additional disk space will be used.", "Err:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libapr1 amd64 1.5.2-3", " Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'", "Err:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1 amd64 1.5.4-1build1", " Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'", "Err:3 http://security.ubuntu.com/ubuntu xenial-security/main amd64 apache2-utils amd64 2.4.18-2ubuntu3.13", " Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'", "Err:3 http://security.ubuntu.com/ubuntu xenial-security/main amd64 apache2-utils amd64 2.4.18-2ubuntu3.13", " Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'"]}

RUNNING HANDLER [ssh : Restart SSH] ********************************************

RUNNING HANDLER [dnsmasq : Restart dnsmasq] ************************************

RUNNING HANDLER [openconnect : Restart rsyslog for OpenConnect] ****************

RUNNING HANDLER [tor-bridge : Restart Nginx for the Tor hidden service vhost] ***

RUNNING HANDLER [sslh : Restart sslh] ******************************************

RUNNING HANDLER [cloudflared : restart cloudflared service] ********************

RUNNING HANDLER [stunnel : Restart stunnel] ************************************

PLAY RECAP ********************************************************************* 34.226.186.66 : ok=378 changed=302 unreachable=0 failed=1 skipped=43 rescued=0 ignored=1
localhost : ok=26 changed=15 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
`

*Target Cloud Provider: AWS

Operating System of target host:

*Operating System of client: macOS

Version of Ansible, using ansible --version :

Output from git rev-parse HEAD in your Streisand directory :

[smolley]

same here, seems the dns is not working properly. I reverted back to the commit before ad blocking was added and was able to install successfully again.

[avastmick]

Ditto for "Existing Server" (8). After failure can ssh onto VPS, but apt cannot resolve external hosts.

[jboolean]

+1

[lpanjwani]

+1

[nopdotcom]

-1, can't repro?

Could somebody who has this problem try with Enable DNS-over-HTTPS (cloudflared)? disabled? cloudflared is guaranteed to screw up if Amazon is doing anything funny with private DNS resolution. At least in the past us-east-1.ec2.archive.ubuntu.com (or what was listed in /etc/apt/sources.list) was not resolvable from outside AWS...and cloudflared as a DNS resolver is outside AWS, since it bypasses local DNS.

[vcozcan]

I had the same problem on Azure. It was finally solved when I disabled "Enable DNS-over-HTTPS (cloudflared)".