algo
algo copied to clipboard
trailofbits
Unsuccessful Google cloud setup
Describe the bug
GCE setup doesn't succeed after following the documentation listed here.
Full log
./algo -e "provider=gce" -e "gce_credentials_file=$(pwd)/configs/gce.json"
PLAY [localhost] *******************************************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Playbook dir stat] ***********************************************************************************************************************************************************************************
ok: [localhost]
TASK [Ensure Ansible is not being run in a world writable directory] ***************************************************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[WARNING]: The value '' is not a valid IP address or network, passing this value to ipaddr filter might result in breaking change in future.
TASK [Ensure the requirements installed] *******************************************************************************************************************************************************************
ok: [localhost]
TASK [Set required ansible version as a fact] **************************************************************************************************************************************************************
ok: [localhost] => (item=ansible==6.1.0)
TASK [Just get the list from default pip] ******************************************************************************************************************************************************************
ok: [localhost]
TASK [Verify Python meets Algo VPN requirements] ***********************************************************************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Verify Ansible meets Algo VPN requirements] **********************************************************************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log
PLAY [Ask user for the input] ******************************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] ************************************************************************************************************************************************************************
ok: [localhost]
[VPN server name prompt]
Name the vpn server
[algo]
:
^M
TASK [VPN server name prompt] ******************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
^M
TASK [Cellular On Demand prompt] ***************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
^M
TASK [Wi-Fi On Demand prompt] ******************************************************************************************************************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
^M
TASK [Retain the PKI prompt] *******************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
^M
TASK [DNS adblocking prompt] *******************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
^M
TASK [SSH tunneling prompt] ********************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] ************************************************************************************************************************************************************************
ok: [localhost]
PLAY [Provision the server] ********************************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [localhost]
--> Please include the following block of text when reporting issues:
Algo running on: Ubuntu 22.04.2 LTS
Created from git fork. Last commit: 45fe0f5 change dockerhub docs references
Python 3.10.6
Runtime variables:
algo_provider "gce"
algo_ondemand_cellular "False"
algo_ondemand_wifi "False"
algo_ondemand_wifi_exclude "X251bGw="
algo_dns_adblocking "False"
algo_ssh_tunneling "False"
wireguard_enabled "True"
dns_encryption "True"
TASK [Display the invocation environment] ******************************************************************************************************************************************************************
changed: [localhost]
TASK [Install the requirements] ****************************************************************************************************************************************************************************
ok: [localhost]
TASK [Generate the SSH private key] ************************************************************************************************************************************************************************
ok: [localhost]
TASK [Generate the SSH public key] *************************************************************************************************************************************************************************
ok: [localhost]
TASK [Copy the private SSH key to /tmp] ********************************************************************************************************************************************************************
ok: [localhost]
TASK [Include a provisioning role] *************************************************************************************************************************************************************************
TASK [cloud-gce : Install requirements] ********************************************************************************************************************************************************************
changed: [localhost]
TASK [cloud-gce : set_fact] ********************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : set_fact] ********************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : set_fact] ********************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : Get regions] *****************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : Set facts about the regions] *************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : Set facts about the default region] ******************************************************************************************************************************************************
ok: [localhost]
[cloud-gce : pause]
What region should the server be located in?
(https://cloud.google.com/compute/docs/regions-zones/#locations)
1. asia-east1
2. asia-east2
3. asia-northeast1
4. asia-northeast2
5. asia-northeast3
6. asia-south1
7. asia-south2
8. asia-southeast1
9. asia-southeast2
10. australia-southeast1
11. australia-southeast2
12. europe-central2
13. europe-north1
14. europe-southwest1
15. europe-west1
16. europe-west12
17. europe-west2
18. europe-west3
19. europe-west4
20. europe-west6
21. europe-west8
22. europe-west9
23. me-central1
24. me-west1
25. northamerica-northeast1
26. northamerica-northeast2
27. southamerica-east1
28. southamerica-west1
29. us-central1
30. us-east1
31. us-east4
32. us-east5
33. us-south1
34. us-west1
35. us-west2
36. us-west3
37. us-west4
Enter the number of your desired region
[30]
:
15^M
TASK [cloud-gce : pause] ***********************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : Set region as a fact] ********************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : Get zones] *******************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : Set random available zone as a fact] *****************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-gce : Network configured] **********************************************************************************************************************************************************************
changed: [localhost]
TASK [cloud-gce : Firewall configured] *********************************************************************************************************************************************************************
changed: [localhost]
TASK [cloud-gce : Instance created] ************************************************************************************************************************************************************************
changed: [localhost]
TASK [cloud-gce : set_fact] ********************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set subjectAltName as a fact] ************************************************************************************************************************************************************************
ok: [localhost]
TASK [Add the server to an inventory group] ****************************************************************************************************************************************************************
changed: [localhost]
TASK [Additional variables for the server] *****************************************************************************************************************************************************************
changed: [localhost]
TASK [Wait until SSH becomes ready...] *********************************************************************************************************************************************************************
ok: [localhost]
TASK [Linux | set OS specific facts] ***********************************************************************************************************************************************************************
ok: [localhost]
TASK [Set config paths as facts] ***************************************************************************************************************************************************************************
ok: [localhost]
TASK [Update config paths] *********************************************************************************************************************************************************************************
changed: [localhost]
TASK [debug] ***********************************************************************************************************************************************************************************************
ok: [localhost] => {
"IP_subject_alt_name": "34.140.242.193"
}
TASK [Wait 600 seconds for target connection to become reachable/usable] ***********************************************************************************************************************************
ok: [localhost -> 34.140.242.193] => (item=34.140.242.193)
PLAY [Configure the server and install required software] **************************************************************************************************************************************************
TASK [Wait until the cloud-init completed] *****************************************************************************************************************************************************************
fatal: [34.140.242.193]: FAILED! => {"changed": false, "elapsed": 600, "msg": "Timeout when waiting for file /var/lib/cloud/data/result.json"}
TASK [include_tasks] ***************************************************************************************************************************************************************************************
included: /home/mgelbana/workspace/repos/open/algo/playbooks/rescue.yml for 34.140.242.193
TASK [debug] ***********************************************************************************************************************************************************************************************
ok: [34.140.242.193] => {
"fail_hint": [
"Sorry, but something went wrong!",
"Please check the troubleshooting guide.",
"https://trailofbits.github.io/algo/troubleshooting.html"
]
}
TASK [Fail the installation] *******************************************************************************************************************************************************************************
fatal: [34.140.242.193]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP *************************************************************************************************************************************************************************************************
34.140.242.193 : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=1 ignored=0
localhost : ok=47 changed=8 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
How exactly are you setting this up? Are you using cloud shell?
I am not sure if this will help you. I was setting a cloud vpn using the google cloud shell. I had to install pyenv as the google cloud shell only includes python 3.9 which doesn't support the latest ansible. After some tweaking I got it to work.
Thanks for your reply @RearDoor. I found that my ISP (And possibly the whole country) is blocking the Wireguard protocol handshake. I tried overcoming that but unfortunately I couldn't.