algo icon indicating copy to clipboard operation
algo copied to clipboard
verified publisher icon trailofbits

Can't detect the required Python library cryptography (>= 1.2.3)

Open tonisimakov99 opened this issue 4 years ago • 2 comments

To Reproduce

Just run ./algo

Full log

Algo running on: Ubuntu 20.04.4 LTS (Virtualized: kvm) Created from git clone. Last commit: 9f241b1 Bump ansible-core from 2.12.1 to 2.12.3 (#14425) Python 3.8.10 Runtime variables: algo_provider "local" algo_dns_adblocking "True" algo_ssh_tunneling "True" wireguard_enabled "True" dns_encryption "True"

TASK [Display the invocation environment] ******************************************************** changed: [localhost]

TASK [Install the requirements] ****************************************************************** changed: [localhost]

TASK [Include a provisioning role] *************************************************************** [local : pause] https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...: ^M TASK [local : pause] ***************************************************************************** ok: [localhost] => (item=https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...) [local : pause] Enter the IP address of your server: (or use localhost for local installation): [localhost] : localhost^M TASK [local : pause] ***************************************************************************** ok: [localhost]

TASK [local : Set the facts] ********************************************************************* ok: [localhost] [local : pause] Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [localhost] : 23.88.27.29^M TASK [local : pause] ***************************************************************************** ok: [localhost]

TASK [local : Set the facts] ********************************************************************* ok: [localhost]

TASK [Set subjectAltName as a fact] ************************************************************** ok: [localhost]

TASK [Add the server to an inventory group] ****************************************************** changed: [localhost]

TASK [Linux | set OS specific facts] ************************************************************* ok: [localhost]

TASK [Set config paths as facts] ***************************************************************** ok: [localhost]

TASK [Update config paths] *********************************************************************** changed: [localhost]

TASK [debug] ************************************************************************************* ok: [localhost] => { "IP_subject_alt_name": "23.88.27.29" } [WARNING]: Reset is not implemented for this connection

TASK [Wait 600 seconds for target connection to become reachable/usable] ************************* ok: [localhost] => (item=localhost)

PLAY [Configure the server and install required software] ****************************************

TASK [common : Check the system] ***************************************************************** ok: [localhost]

TASK [common : include_tasks] ******************************************************************** included: /root/algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] ********************************************************************* ok: [localhost]

TASK [common : Install unattended-upgrades] ****************************************************** ok: [localhost]

TASK [common : Configure unattended-upgrades] **************************************************** ok: [localhost]

TASK [common : Periodic upgrades configured] ***************************************************** ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] *************************************************** ok: [localhost] => (item={'regexp': '^session.*optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'}) ok: [localhost] => (item={'regexp': '^session.*optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Ensure fallback resolvers are set] ************************************************ ok: [localhost]

TASK [common : Loopback for services configured] ************************************************* ok: [localhost]

TASK [common : systemd services enabled and started] ********************************************* ok: [localhost] => (item=systemd-networkd) ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] *********************************************************** ok: [localhost]

TASK [common : Set fact if apparmor enabled] ***************************************************** ok: [localhost]

TASK [common : Define facts] ********************************************************************* ok: [localhost]

TASK [common : Set facts] ************************************************************************ ok: [localhost]

TASK [common : Set IPv6 support as a fact] ******************************************************* ok: [localhost]

TASK [common : Check size of MTU] **************************************************************** ok: [localhost]

TASK [common : Set OS specific facts] ************************************************************ ok: [localhost]

TASK [common : Install tools] ******************************************************************** ok: [localhost]

TASK [common : include_tasks] ******************************************************************** included: /root/algo/roles/common/tasks/iptables.yml for localhost

TASK [common : Iptables configured] ************************************************************** ok: [localhost] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})

TASK [common : Sysctl tuning] ******************************************************************** ok: [localhost] => (item={'item': 'net.ipv4.ip_forward', 'value': 1}) ok: [localhost] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})

TASK [dns : Include tasks for Ubuntu] ************************************************************ included: /root/algo/roles/dns/tasks/ubuntu.yml for localhost

TASK [dns : Install dnscrypt-proxy] ************************************************************** ok: [localhost]

TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] ******************************* ok: [localhost]

TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ********************************* ok: [localhost]

TASK [dns : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] ********************* ok: [localhost]

TASK [dns : Ubuntu | Add custom requirements to successfully start the unit] ********************* ok: [localhost]

TASK [dns : dnscrypt-proxy ip-blacklist configured] ********************************************** ok: [localhost]

TASK [dns : dnscrypt-proxy configured] *********************************************************** ok: [localhost]

TASK [dns : Adblock script created] ************************************************************** ok: [localhost]

TASK [dns : Adblock script added to cron] ******************************************************** changed: [localhost]

TASK [dns : Update adblock hosts] **************************************************************** ok: [localhost] [WARNING]: flush_handlers task does not support when conditional

TASK [dns : dnscrypt-proxy enabled and started] ************************************************** ok: [localhost]

TASK [wireguard : Ensure the required directories exist] ***************************************** ok: [localhost] => (item=configs/23.88.27.29/wireguard//.pki//preshared) ok: [localhost] => (item=configs/23.88.27.29/wireguard//.pki//private) ok: [localhost] => (item=configs/23.88.27.29/wireguard//.pki//public) ok: [localhost] => (item=configs/23.88.27.29/wireguard//apple/ios) ok: [localhost] => (item=configs/23.88.27.29/wireguard//apple/macos)

TASK [wireguard : Include tasks for Ubuntu] ****************************************************** included: /root/algo/roles/wireguard/tasks/ubuntu.yml for localhost

TASK [wireguard : WireGuard installed] *********************************************************** ok: [localhost]

TASK [wireguard : Set OS specific facts] ********************************************************* ok: [localhost]

TASK [wireguard : Generate private keys] ********************************************************* ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin) ok: [localhost] => (item=23.88.27.29)

TASK [wireguard : Generate preshared keys] ******************************************************* ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin) ok: [localhost] => (item=23.88.27.29)

TASK [wireguard : Generate public keys] ********************************************************** ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin) ok: [localhost] => (item=23.88.27.29)

TASK [wireguard : Save public keys] ************************************************************** ok: [localhost] => (item={'changed': False, 'stdout': 'Z7g6CLN7dDU5wy71SR0ho/0dy2Qnd0e6Rs5ZjYSEBiU=', 'stderr': '', 'rc': 0, 'cmd': 'set -o pipefail\necho "gH5VbW/ZSXLK0T3K2ExeRp0vyMX6KCy12OVI+9ienE8=" |\nwg pubkey\n', 'start': '2022-03-05 00:01:33.248987', 'end': '2022-03-05 00:01:33.253125', 'delta': '0:00:00.004138', 'msg': '', 'invocation': {'module_args': {'executable': 'bash', '_raw_params': 'set -o pipefail\necho "gH5VbW/ZSXLK0T3K2ExeRp0vyMX6KCy12OVI+9ienE8=" |\nwg pubkey\n', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['Z7g6CLN7dDU5wy71SR0ho/0dy2Qnd0e6Rs5ZjYSEBiU='], 'stderr_lines': [], 'failed': False, 'item': 'test', 'ansible_loop_var': 'item'}) ok: [localhost] => (item={'changed': False, 'stdout': 'J9c5YCpICV3wjrSf47ooV5+sLkayPVyfbP9GLUbLJwY=', 'stderr': '', 'rc': 0, 'cmd': 'set -o pipefail\necho "MGqAx4CFm/GcdWUysJX0vFCjpuQ6KymJo9D3Cxw/l3M=" |\nwg pubkey\n', 'start': '2022-03-05 00:01:33.366560', 'end': '2022-03-05 00:01:33.369911', 'delta': '0:00:00.003351', 'msg': '', 'invocation': {'module_args': {'executable': 'bash', '_raw_params': 'set -o pipefail\necho "MGqAx4CFm/GcdWUysJX0vFCjpuQ6KymJo9D3Cxw/l3M=" |\nwg pubkey\n', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['J9c5YCpICV3wjrSf47ooV5+sLkayPVyfbP9GLUbLJwY='], 'stderr_lines': [], 'failed': False, 'item': 'pench', 'ansible_loop_var': 'item'}) ok: [localhost] => (item={'changed': False, 'stdout': 'pUZ86rTlkOHnjA6ShXToNvrjHdaBMegHWhMBxqmG2wY=', 'stderr': '', 'rc': 0, 'cmd': 'set -o pipefail\necho "aJuu7ifaMFUryB6IiaF+BMf1rm3lGx1kU4cITXT741A=" |\nwg pubkey\n', 'start': '2022-03-05 00:01:33.475034', 'end': '2022-03-05 00:01:33.478281', 'delta': '0:00:00.003247', 'msg': '', 'invocation': {'module_args': {'executable': 'bash', '_raw_params': 'set -o pipefail\necho "aJuu7ifaMFUryB6IiaF+BMf1rm3lGx1kU4cITXT741A=" |\nwg pubkey\n', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['pUZ86rTlkOHnjA6ShXToNvrjHdaBMegHWhMBxqmG2wY='], 'stderr_lines': [], 'failed': False, 'item': 'admin', 'ansible_loop_var': 'item'}) ok: [localhost] => (item={'changed': False, 'stdout': 'p+eFbZqPB61PaWXzqPb4xP0qKMcc8bcwR6PZvjteuFI=', 'stderr': '', 'rc': 0, 'cmd': 'set -o pipefail\necho "8IZPg5bzDIgwh4C8opj7kpA48K/XZo3KHMhFLYW/RXo=" |\nwg pubkey\n', 'start': '2022-03-05 00:01:33.612451', 'end': '2022-03-05 00:01:33.616130', 'delta': '0:00:00.003679', 'msg': '', 'invocation': {'module_args': {'executable': 'bash', '_raw_params': 'set -o pipefail\necho "8IZPg5bzDIgwh4C8opj7kpA48K/XZo3KHMhFLYW/RXo=" |\nwg pubkey\n', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['p+eFbZqPB61PaWXzqPb4xP0qKMcc8bcwR6PZvjteuFI='], 'stderr_lines': [], 'failed': False, 'item': '23.88.27.29', 'ansible_loop_var': 'item'})

TASK [wireguard : WireGuard user list updated] *************************************************** ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin)

TASK [wireguard : set_fact] ********************************************************************** ok: [localhost]

TASK [wireguard : WireGuard users config generated] ********************************************** ok: [localhost] => (item=[3, 'test']) ok: [localhost] => (item=[4, 'pench']) ok: [localhost] => (item=[5, 'admin'])

TASK [wireguard : include_tasks] ***************************************************************** included: /root/algo/roles/wireguard/tasks/mobileconfig.yml for localhost => (item=ios) included: /root/algo/roles/wireguard/tasks/mobileconfig.yml for localhost => (item=macos)

TASK [wireguard : WireGuard apple mobileconfig generated] **************************************** changed: [localhost] => (item=[3, 'test']) changed: [localhost] => (item=[4, 'pench']) changed: [localhost] => (item=[5, 'admin'])

TASK [wireguard : WireGuard apple mobileconfig generated] **************************************** changed: [localhost] => (item=[3, 'test']) changed: [localhost] => (item=[4, 'pench']) changed: [localhost] => (item=[5, 'admin'])

TASK [wireguard : Generate QR codes] ************************************************************* ok: [localhost] => (item=[3, 'test']) ok: [localhost] => (item=[4, 'pench']) ok: [localhost] => (item=[5, 'admin'])

TASK [wireguard : WireGuard configured] ********************************************************** ok: [localhost]

TASK [wireguard : WireGuard enabled and started] ************************************************* ok: [localhost]

TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] ********************** ok: [localhost]

TASK [ssh_tunneling : Ensure that the algo group exist] ****************************************** ok: [localhost]

TASK [ssh_tunneling : Ensure that the jail directory exist] ************************************** ok: [localhost]

TASK [ssh_tunneling : Ensure that the SSH users exist] ******************************************* ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin) [WARNING]: 'append' is set, but no 'groups' are specified. Use 'groups' for appending new groups.This will change to an error in Ansible 2.14.

TASK [ssh_tunneling : Ensure the config directories exist] *************************************** ok: [localhost]

TASK [ssh_tunneling : Check if the private keys exist] ******************************************* ok: [localhost] => (item=test) ok: [localhost] => (item=pench) ok: [localhost] => (item=admin)

TASK [ssh_tunneling : Build ssh private keys] **************************************************** failed: [localhost] (item={'changed': False, 'stat': {'exists': False}, 'invocation': {'module_args': {'path': 'configs/23.88.27.29/ssh-tunnel//test.pem', 'follow': False, 'get_md5': False, 'get_checksum': True, 'get_mime': True, 'get_attributes': True, 'checksum_algorithm': 'sha1'}}, 'failed': False, 'item': 'test', 'ansible_loop_var': 'item'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": false, "invocation": {"module_args": {"checksum_algorithm": "sha1", "follow": false, "get_attributes": true, "get_checksum": true, "get_md5": false, "get_mime": true, "path": "configs/23.88.27.29/ssh-tunnel//test.pem"}}, "item": "test", "stat": {"exists": false}}, "msg": "Can't detect the required Python library cryptography (>= 1.2.3)"} failed: [localhost] (item={'changed': False, 'stat': {'exists': False}, 'invocation': {'module_args': {'path': 'configs/23.88.27.29/ssh-tunnel//pench.pem', 'follow': False, 'get_md5': False, 'get_checksum': True, 'get_mime': True, 'get_attributes': True, 'checksum_algorithm': 'sha1'}}, 'failed': False, 'item': 'pench', 'ansible_loop_var': 'item'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": false, "invocation": {"module_args": {"checksum_algorithm": "sha1", "follow": false, "get_attributes": true, "get_checksum": true, "get_md5": false, "get_mime": true, "path": "configs/23.88.27.29/ssh-tunnel//pench.pem"}}, "item": "pench", "stat": {"exists": false}}, "msg": "Can't detect the required Python library cryptography (>= 1.2.3)"} failed: [localhost] (item={'changed': False, 'stat': {'exists': False}, 'invocation': {'module_args': {'path': 'configs/23.88.27.29/ssh-tunnel//admin.pem', 'follow': False, 'get_md5': False, 'get_checksum': True, 'get_mime': True, 'get_attributes': True, 'checksum_algorithm': 'sha1'}}, 'failed': False, 'item': 'admin', 'ansible_loop_var': 'item'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": false, "invocation": {"module_args": {"checksum_algorithm": "sha1", "follow": false, "get_attributes": true, "get_checksum": true, "get_md5": false, "get_mime": true, "path": "configs/23.88.27.29/ssh-tunnel//admin.pem"}}, "item": "admin", "stat": {"exists": false}}, "msg": "Can't detect the required Python library cryptography (>= 1.2.3)"}

TASK [include_tasks] ***************************************************************************** included: /root/algo/playbooks/rescue.yml for localhost

TASK [debug] ************************************************************************************* ok: [localhost] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }

TASK [Fail the installation] ********************************************************************* fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP *************************************************************************************** localhost : ok=90 changed=7 unreachable=0 failed=1 skipped=71 rescued=1 ignored=0

tonisimakov99 avatar Mar 04 '22 21:03 tonisimakov99

Faced with the same error. @tonisimakov99 any news? Maybe you found workaround?

Yrok472 avatar Mar 28 '22 11:03 Yrok472

Faced with the same error. @tonisimakov99 any news? Maybe your found workaround?

@Yrok472, No, only if on this question "Do you want each user to have their own account for SSH tunneling? [y/N]" answer "n", it's working, but i don't understand what will happen because of this

tonisimakov99 avatar Mar 29 '22 06:03 tonisimakov99