algo icon indicating copy to clipboard operation
algo copied to clipboard
verified publisher icon trailofbits

Installation failure "Deploy from script or cloud-init", Hostinger VPS Ubuntu 22.04 x64

Open rohhhs opened this issue 2 years ago • 1 comments

curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x

  • set -ex
  • METHOD=cloud
  • ONDEMAND_CELLULAR=false
  • ONDEMAND_WIFI=false
  • ONDEMAND_WIFI_EXCLUDE=_null
  • STORE_PKI=false
  • DNS_ADBLOCKING=false
  • SSH_TUNNELING=false
  • ENDPOINT=localhost
  • USERS=user1
  • REPO_SLUG=trailofbits/algo
  • REPO_BRANCH=master
  • EXTRA_VARS=placeholder=null
  • ANSIBLE_EXTRA_ARGS=
  • cd /opt/
  • test cloud = cloud
  • publicIpFromMetadata
  • grep DigitalOcean
  • curl -s http://169.254.169.254/metadata/v1/vendor-data ++ curl -s http://169.254.169.254/latest/meta-data/services/domain
  • test '' = amazonaws.com
  • host -t A -W 10 metadata.google.internal 127.0.0.53 ++ curl -s -H Metadata:true 'http://169.254.169.254/metadata/instance/compute/publisher/?api-version=2017-04-02&format=text'
  • test '' = Canonical
  • echo localhost
  • grep -oE '\b([0-9]{1,3}.){3}[0-9]{1,3}\b'
  • publicIpFromInterface
  • echo 'Couldn'''t find a valid ipv4 address, using the first IP found on the interfaces as the endpoint.' Couldn't find a valid ipv4 address, using the first IP found on the interfaces as the endpoint. ++ awk '{print $2}' ++ grep -Eo 'dev .*' ++ ip -4 route list match default
  • DEFAULT_INTERFACE=venet0 ++ grep -oE '\b([0-9]{1,3}.){3}[0-9]{1,3}\b' ++ awk '{print $2}' ++ head -n1 ++ grep -w inet ++ ip -4 addr sh dev venet0
  • ENDPOINT=127.0.0.1
  • export ENDPOINT=127.0.0.1
  • ENDPOINT=127.0.0.1
  • echo 'Using 127.0.0.1 as the endpoint' Using 127.0.0.1 as the endpoint
  • installRequirements
  • export DEBIAN_FRONTEND=noninteractive
  • DEBIAN_FRONTEND=noninteractive
  • apt-get update Hit:1 http://archive.canonical.com/ubuntu jammy InRelease Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease Hit:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease Reading package lists... Done
  • apt-get install python3-virtualenv jq -y Reading package lists... Done Building dependency tree... Done Reading state information... Done jq is already the newest version (1.6-2.1ubuntu3). python3-virtualenv is already the newest version (20.13.0+ds-2). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  • deployAlgo
  • getAlgo
  • '[' '!' -d algo ']'
  • cd algo ++ command -v python3
  • python3 -m virtualenv --python=/usr/bin/python3 .env created virtual environment CPython3.10.12.final.0-64 in 354ms creator CPython3Posix(dest=/opt/algo/.env, clear=False, no_vcs_ignore=False, global=False) seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv) added seed packages: Jinja2==3.0.3, MarkupSafe==2.1.3, PyYAML==6.0.1, ansible==9.1.0, ansible_core==2.16.2, cffi==1.16.0, cryptography==41.0.7, distlib==0.3.8, filelock==3.13.1, netaddr==0.10.1, packaging==23.2, pip==22.0.2, platformdirs==4.1.0, pyOpenSSL==23.3.0, pycparser==2.21, resolvelib==1.0.1, segno==1.6.0, setuptools==59.6.0, virtualenv==20.25.0, wheel==0.37.1 activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
  • . .env/bin/activate ++ '[' .env/bin/activate = bash ']' ++ deactivate nondestructive ++ unset -f pydoc ++ '[' -z '' ']' ++ '[' -z '' ']' ++ hash -r ++ '[' -z '' ']' ++ unset VIRTUAL_ENV ++ '[' '!' nondestructive = nondestructive ']' ++ VIRTUAL_ENV=/opt/algo/.env ++ '[' linux-gnu = cygwin ']' ++ '[' linux-gnu = msys ']' ++ export VIRTUAL_ENV ++ _OLD_VIRTUAL_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ PATH=/opt/algo/.env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ export PATH ++ '[' -z '' ']' ++ '[' -z '' ']' ++ _OLD_VIRTUAL_PS1= ++ '[' x '!=' x ']' +++ basename /opt/algo/.env ++ PS1='(.env) ' ++ export PS1 ++ alias pydoc ++ true ++ hash -r
  • python3 -m pip install -U pip virtualenv Requirement already satisfied: pip in ./.env/lib/python3.10/site-packages (22.0.2) Collecting pip Using cached pip-23.3.2-py3-none-any.whl (2.1 MB) Requirement already satisfied: virtualenv in ./.env/lib/python3.10/site-packages (20.25.0) Requirement already satisfied: platformdirs<5,>=3.9.1 in ./.env/lib/python3.10/site-packages (from virtualenv) (4.1.0) Requirement already satisfied: distlib<1,>=0.3.7 in ./.env/lib/python3.10/site-packages (from virtualenv) (0.3.8) Requirement already satisfied: filelock<4,>=3.12.2 in ./.env/lib/python3.10/site-packages (from virtualenv) (3.13.1) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 22.0.2 Uninstalling pip-22.0.2: Successfully uninstalled pip-22.0.2 Successfully installed pip-23.3.2
  • python3 -m pip install -r requirements.txt Requirement already satisfied: ansible==9.1.0 in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 1)) (9.1.0) Requirement already satisfied: jinja2~=3.0.3 in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 2)) (3.0.3) Requirement already satisfied: netaddr in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 3)) (0.10.1) Requirement already satisfied: ansible-core~=2.16.1 in ./.env/lib/python3.10/site-packages (from ansible==9.1.0->-r requirements.txt (line 1)) (2.16.2) Requirement already satisfied: MarkupSafe>=2.0 in ./.env/lib/python3.10/site-packages (from jinja2~=3.0.3->-r requirements.txt (line 2)) (2.1.3) Requirement already satisfied: PyYAML>=5.1 in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (6.0.1) Requirement already satisfied: cryptography in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (41.0.7) Requirement already satisfied: packaging in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (23.2) Requirement already satisfied: resolvelib<1.1.0,>=0.5.3 in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (1.0.1) Requirement already satisfied: cffi>=1.12 in ./.env/lib/python3.10/site-packages (from cryptography->ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (1.16.0) Requirement already satisfied: pycparser in ./.env/lib/python3.10/site-packages (from cffi>=1.12->cryptography->ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (2.21)
  • cd /opt/algo
  • . .env/bin/activate ++ '[' .env/bin/activate = bash ']' ++ deactivate nondestructive ++ unset -f pydoc ++ '[' -z _ ']' ++ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ export PATH ++ unset _OLD_VIRTUAL_PATH ++ '[' -z '' ']' ++ hash -r ++ '[' -z _ ']' ++ PS1= ++ export PS1 ++ unset _OLD_VIRTUAL_PS1 ++ unset VIRTUAL_ENV ++ '[' '!' nondestructive = nondestructive ']' ++ VIRTUAL_ENV=/opt/algo/.env ++ '[' linux-gnu = cygwin ']' ++ '[' linux-gnu = msys ']' ++ export VIRTUAL_ENV ++ _OLD_VIRTUAL_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ PATH=/opt/algo/.env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ++ export PATH ++ '[' -z '' ']' ++ '[' -z '' ']' ++ _OLD_VIRTUAL_PS1= ++ '[' x '!=' x ']' +++ basename /opt/algo/.env ++ PS1='(.env) ' ++ export PS1 ++ alias pydoc ++ true ++ hash -r
  • export HOME=/root
  • HOME=/root
  • export ANSIBLE_LOCAL_TEMP=/root/.ansible/tmp
  • ANSIBLE_LOCAL_TEMP=/root/.ansible/tmp
  • export ANSIBLE_REMOTE_TEMP=/root/.ansible/tmp
  • ANSIBLE_REMOTE_TEMP=/root/.ansible/tmp
  • tee /var/log/algo.log ++ jq -Rc 'split(",")' ++ echo user1
  • ansible-playbook main.yml -e provider=local -e ondemand_cellular=false -e ondemand_wifi=false -e ondemand_wifi_exclude=_null -e store_pki=false -e dns_adblocking=false -e ssh_tunneling=false -e endpoint=127.0.0.1 -e 'users=["user1"]' -e server=localhost -e ssh_user=root -e placeholder=null --skip-tags debug

PLAY [localhost] ***************************************************************

TASK [Gathering Facts] ********************************************************* ok: [localhost]

TASK [Playbook dir stat] ******************************************************* ok: [localhost]

TASK [Ensure Ansible is not being run in a world writable directory] *********** ok: [localhost] => { "changed": false, "msg": "All assertions passed" } [DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [WARNING]: The value '' is not a valid IP address or network, passing this value to ipaddr filter might result in breaking change in future.

TASK [Ensure the requirements installed] *************************************** ok: [localhost]

TASK [Set required ansible version as a fact] ********************************** ok: [localhost] => (item=ansible==9.1.0)

TASK [Just get the list from default pip] ************************************** ok: [localhost]

TASK [Verify Python meets Algo VPN requirements] ******************************* ok: [localhost] => { "changed": false, "msg": "All assertions passed" } [WARNING]: Found variable using reserved name: no_log

TASK [Verify Ansible meets Algo VPN requirements] ****************************** ok: [localhost] => { "changed": false, "msg": "All assertions passed" }

PLAY [Ask user for the input] **************************************************

TASK [Gathering Facts] ********************************************************* ok: [localhost]

TASK [Set facts based on the input] ******************************************** ok: [localhost]

TASK [Set facts based on the input] ******************************************** ok: [localhost]

PLAY [Provision the server] ****************************************************

TASK [Gathering Facts] ********************************************************* ok: [localhost]

TASK [Install the requirements] ************************************************ ok: [localhost]

TASK [Include a provisioning role] ********************************************* [WARNING]: Not waiting for response to prompt as stdin is not interactive

TASK [local : pause] *********************************************************** ok: [localhost] => (item=https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...)

TASK [local : Set the facts] *************************************************** ok: [localhost]

TASK [local : Set the facts] *************************************************** ok: [localhost]

TASK [Set subjectAltName as a fact] ******************************************** ok: [localhost]

TASK [Add the server to an inventory group] ************************************ changed: [localhost]

TASK [Linux | set OS specific facts] ******************************************* ok: [localhost]

TASK [Set config paths as facts] *********************************************** ok: [localhost]

TASK [Update config paths] ***************************************************** changed: [localhost]

TASK [debug] ******************************************************************* ok: [localhost] => { "IP_subject_alt_name": "127.0.0.1" } [WARNING]: Reset is not implemented for this connection

TASK [Wait 600 seconds for target connection to become reachable/usable] ******* ok: [localhost] => (item=localhost)

PLAY [Configure the server and install required software] **********************

TASK [common : Check the system] *********************************************** ok: [localhost]

TASK [common : include_tasks] ************************************************** included: /opt/algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] *************************************************** ok: [localhost]

TASK [common : Install unattended-upgrades] ************************************ ok: [localhost]

TASK [common : Configure unattended-upgrades] ********************************** ok: [localhost]

TASK [common : Periodic upgrades configured] *********************************** ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] ********************************* ok: [localhost] => (item={'regexp': '^session.*optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'}) ok: [localhost] => (item={'regexp': '^session.*optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Ensure fallback resolvers are set] ****************************** ok: [localhost] [DEPRECATION WARNING]: Use 'ansible.utils.ipmath' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

TASK [common : Loopback for services configured] ******************************* ok: [localhost]

TASK [common : systemd services enabled and started] *************************** ok: [localhost] => (item=systemd-networkd) ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] ***************************************** fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["apparmor_status"], "delta": "0:00:00.003685", "end": "2024-01-16 08:48:22.799598", "msg": "non-zero return code", "rc": 1, "start": "2024-01-16 08:48:22.795913", "stderr": "apparmor not present.", "stderr_lines": ["apparmor not present."], "stdout": "", "stdout_lines": []} ...ignoring

TASK [common : Define facts] *************************************************** ok: [localhost]

TASK [common : Set facts] ****************************************************** ok: [localhost]

TASK [common : Set IPv6 support as a fact] ************************************* ok: [localhost]

TASK [common : Check size of MTU] ********************************************** ok: [localhost]

TASK [common : Set OS specific facts] ****************************************** ok: [localhost]

TASK [common : Install tools] ************************************************** ok: [localhost]

TASK [common : include_tasks] ************************************************** included: /opt/algo/roles/common/tasks/iptables.yml for localhost

TASK [common : Iptables configured] ******************************************** ok: [localhost] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})

TASK [common : Sysctl tuning] ************************************************** ok: [localhost] => (item={'item': 'net.ipv4.ip_forward', 'value': 1}) ok: [localhost] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})

TASK [dns : Include tasks for Ubuntu] ****************************************** included: /opt/algo/roles/dns/tasks/ubuntu.yml for localhost

TASK [dns : Install dnscrypt-proxy] ******************************************** ok: [localhost]

TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] ************* ok: [localhost]

TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] *************** fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["aa-enforce", "usr.bin.dnscrypt-proxy"], "delta": "0:00:00.207941", "end": "2024-01-16 08:48:28.741736", "msg": "non-zero return code", "rc": 1, "start": "2024-01-16 08:48:28.533795", "stderr": "\nERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)\nWarning: unable to find a suitable fs in /proc/mounts, is it mounted?\nUse --subdomainfs to override.", "stderr_lines": ["", "ERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)", "Warning: unable to find a suitable fs in /proc/mounts, is it mounted?", "Use --subdomainfs to override."], "stdout": "Setting /etc/apparmor.d/usr.bin.dnscrypt-proxy to enforce mode.", "stdout_lines": ["Setting /etc/apparmor.d/usr.bin.dnscrypt-proxy to enforce mode."]}

TASK [include_tasks] *********************************************************** included: /opt/algo/playbooks/rescue.yml for localhost

TASK [debug] ******************************************************************* ok: [localhost] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] }

TASK [Fail the installation] *************************************************** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP ********************************************************************* localhost : ok=48 changed=2 unreachable=0 failed=1 skipped=34 rescued=1 ignored=1

rohhhs avatar Jan 16 '24 08:01 rohhhs

seems to be same issue here: https://github.com/trailofbits/algo/issues/14716

muelli avatar Dec 10 '24 00:12 muelli