streisand URGENT Failed installation at "Add the official OpenVPN APT key"

Expected behavior:

Pass the Add the official OpenVPN APT key step

Actual Behavior:

Fails at the step

Steps to Reproduce:

Create 1 core Ubuntu 16.04 machine on DigitalOcean
apt update && apt upgrade -y && reboot
ssh-keygen (the script fails when a key not found on the machine)
Follow the official installation steps
Start streisand and select 7. No customization on the configuration. No domain submitted.)
The script fails at Add the official OpenVPN APT key step

I've also tried against a newly generated machine through the Existing machine option. The bug is still there. Probably applies all the provisioning options.

Here is the ANSIBLE_DEBUG=True log of the failure; https://www.pastebin.com/1ba9q0DE

Ansible Information

Ansible version: 2.8.4
Ansible system: Linux
Host OS: Ubuntu
Host OS version: 16.04
Python interpreter: /usr/bin/python
Python version: 2.7.12

Streisand Information

Streisand Git revision: af5eb7dac157a2416ea64cba96cf32f7f505d9ff
Streisand Git clone has untracked changes: no
Genesis role: localhost
Custom SSH key: False

Enabled Roles

Shadowsocks enabled: True
Wireguard enabled: True
OpenVPN enabled: True
stunnel enabled: True
Tor enabled: False
Openconnect enabled: True
TinyProxy enabled: True
SSH forward user enabled: True
Configured number of VPN clients: 10

Jul 27 '20 18:07 thiras

It seems OpenVPN key and repository address has changed. Trying to test with the new repo. I'll PR the fix if it's valid ASAP.

Jul 27 '20 19:07 thiras

Do we know what the difference is between the instructions on Access Server Software Packages:

apt update && apt -y install ca-certificates wget net-tools gnupg
wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
echo "deb [arch=amd64] http://as-repository.openvpn.net/as/debian xenial main">/etc/apt/sources.list.d/openvpn-as-repo.list
apt update && apt -y install openvpn-as

and the instructions on OpenvpnSoftwareRepos?:

$ sudo -s
$ wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
$ echo "deb http://build.openvpn.net/debian/openvpn/<version> <osrelease> main" > /etc/apt/sources.list.d/openvpn-aptrepo.list

Which key + repo URL is the one that Streisand needs?

See #866 for the last time this happened.

Jul 27 '20 22:07 noelleleigh

@noelleleigh That repository has 2.3.x for the xenial. That's a big problem since 2.3.x doesn't support fully TLS stuff. I've tried to inform the build repository admin about the expired key.

Jul 27 '20 23:07 thiras

@noelleleigh That repository has 2.3.x for the xenial. That's a big problem since 2.3.x doesn't support fully TLS stuff.

So do both repos contain the same packages, just with different versions?

Jul 27 '20 23:07 noelleleigh

I think so. But I don't know their differences exactly other than versions.

Jul 27 '20 23:07 thiras

I've noticed that as-repository OpenVPN package named as openvpn-as. But it seems the package uses a totally different configuration and service names etc.

No luck so far.

I've reported to the bug to thier Trac; https://community.openvpn.net/openvpn/ticket/1309

Jul 27 '20 23:07 thiras

#1796 is waiting to be merged. I've just changed the key and looks good now.

Jul 28 '20 14:07 thiras

any update on this?