algo
algo copied to clipboard
trailofbits
Error while deploying Algo (without any modification of config.cfg)
Describe the bug
Error while deploying on DO and Vultr
A clear and concise description of what the bug is. fatal: [localhost]: FAILED! => {"changed": false, "content": "", "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>", "redirected": false, "status": -1, "url": "https://api.digitalocean.com/v2/regions"} included: /Users/manou/algo-master/playbooks/rescue.yml for localhost To Reproduce
Steps to reproduce the behavior:
- Download Algo
- Do not change anything in config.cfg
- Deploy as usual
Expected behavior
shortly after pasting the API, the error appears, as opposed to install successfully, like so many times before.
Help would be appreciated
Full log
BigMac-87:~ manou$ cd /Users/manou/algo-master
BigMac-87:algo-master manou$ python -m ensurepip --user
Looking in links: /var/folders/g4/8pysk3km8xjc4y0059bcgt800000gn/T/tmpksvVzZ
Requirement already satisfied: setuptools in /usr/local/lib/python2.7/site-packages (41.0.1)
Requirement already satisfied: pip in /Users/manou/Library/Python/2.7/lib/python/site-packages (19.2.2)
BigMac-87:algo-master manou$ python -m pip install --user --upgrade virtualenv
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Requirement already up-to-date: virtualenv in /Users/manou/Library/Python/2.7/lib/python/site-packages (16.7.2)
BigMac-87:algo-master manou$ python -m virtualenv --python=`which python2` env &&
> source env/bin/activate &&
> python -m pip install -U pip virtualenv &&
> python -m pip install -r requirements.txt
Running virtualenv with interpreter /Library/Frameworks/Python.framework/Versions/2.7/bin/python2
Already using interpreter /Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
New python executable in /Users/manou/algo-master/env/bin/python
Installing setuptools, pip, wheel...
done.
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Requirement already up-to-date: pip in ./env/lib/python2.7/site-packages (19.2.2)
Collecting virtualenv
Using cached https://files.pythonhosted.org/packages/db/9e/df208b2baad146fe3fbe750eacadd6e49bcf2f2c3c1117b7192a7b28aec4/virtualenv-16.7.2-py2.py3-none-any.whl
Installing collected packages: virtualenv
Successfully installed virtualenv-16.7.2
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Collecting ansible==2.7.12 (from -r requirements.txt (line 1))
Collecting netaddr (from -r requirements.txt (line 2))
Using cached https://files.pythonhosted.org/packages/ba/97/ce14451a9fd7bdb5a397abf99b24a1a6bb7a1a440b019bebd2e9a0dbec74/netaddr-0.7.19-py2.py3-none-any.whl
Requirement already satisfied: setuptools in ./env/lib/python2.7/site-packages (from ansible==2.7.12->-r requirements.txt (line 1)) (41.0.1)
Collecting PyYAML (from ansible==2.7.12->-r requirements.txt (line 1))
Collecting jinja2 (from ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/1d/e7/fd8b501e7a6dfe492a433deb7b9d833d39ca74916fa8bc63dd1a4947a671/Jinja2-2.10.1-py2.py3-none-any.whl
Collecting paramiko (from ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/4b/80/74dace9e48b0ef923633dfb5e48798f58a168e4734bca8ecfaf839ba051a/paramiko-2.6.0-py2.py3-none-any.whl
Collecting cryptography (from ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/e2/bf/3b641820c561aedde134e88528ba68dffe41ed238899fab7f7ef20118aaf/cryptography-2.7-cp27-cp27m-macosx_10_6_intel.whl
Collecting MarkupSafe>=0.23 (from jinja2->ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/6d/d2/0ccd2c0e2cd93b35e765d9b3205cd6602e6b202b522fc7997531353715b3/MarkupSafe-1.1.1-cp27-cp27m-macosx_10_6_intel.whl
Collecting pynacl>=1.0.1 (from paramiko->ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/51/83/2db5b919bf9848fe25d301225a16faabc378419e7eaf00da0b7d200fe801/PyNaCl-1.3.0-cp27-cp27m-macosx_10_6_intel.whl
Collecting bcrypt>=3.1.3 (from paramiko->ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/a0/dc/9810f8233a1263b11f2f6839f1840cc01a7c0c5d0d5e6cabbe270ddca4d3/bcrypt-3.1.7-cp27-cp27m-macosx_10_6_intel.whl
Collecting enum34; python_version < "3" (from cryptography->ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/c5/db/e56e6b4bbac7c4a06de1c50de6fe1ef3810018ae11732a50f15f62c7d050/enum34-1.1.6-py2-none-any.whl
Collecting asn1crypto>=0.21.0 (from cryptography->ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl
Collecting cffi!=1.11.3,>=1.8 (from cryptography->ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/16/f6/46a3dece43541b2cbf3776ec2299e370a2408d9380958401cacb6d101853/cffi-1.12.3-cp27-cp27m-macosx_10_6_intel.whl
Collecting six>=1.4.1 (from cryptography->ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/73/fb/00a976f728d0d1fecfe898238ce23f502a721c0ac0ecfedb80e0d88c64e9/six-1.12.0-py2.py3-none-any.whl
Collecting ipaddress; python_version < "3" (from cryptography->ansible==2.7.12->-r requirements.txt (line 1))
Using cached https://files.pythonhosted.org/packages/fc/d0/7fc3a811e011d4b388be48a0e381db8d990042df54aa4ef4599a31d39853/ipaddress-1.0.22-py2.py3-none-any.whl
Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->ansible==2.7.12->-r requirements.txt (line 1))
Installing collected packages: PyYAML, MarkupSafe, jinja2, six, pycparser, cffi, pynacl, enum34, asn1crypto, ipaddress, cryptography, bcrypt, paramiko, ansible, netaddr
Successfully installed MarkupSafe-1.1.1 PyYAML-5.1.2 ansible-2.7.12 asn1crypto-0.24.0 bcrypt-3.1.7 cffi-1.12.3 cryptography-2.7 enum34-1.1.6 ipaddress-1.0.22 jinja2-2.10.1 netaddr-0.7.19 paramiko-2.6.0 pycparser-2.19 pynacl-1.3.0 six-1.12.0
(env) BigMac-87:algo-master manou$ ./algo
PLAY [localhost] ************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************
ok: [localhost]
TASK [Ensure the requirements installed] ************************************************************************************************************
ok: [localhost]
TASK [Set required ansible version as a fact] *******************************************************************************************************
ok: [localhost] => (item=ansible==2.7.12)
TASK [Verify Ansible meets Algo VPN requirements.] **************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
PLAY [Ask user for the input] ***********************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Vultr
5. Microsoft Azure
6. Google Compute Engine
7. Scaleway
8. OpenStack (DreamCompute optimised)
9. Install to existing Ubuntu 18.04 or 19.04 server (Advanced)
Enter the number of your desired provider
:
TASK [Cloud prompt] *********************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] *****************************************************************************************************************
ok: [localhost]
[VPN server name prompt]
Name the vpn server
[algo]
:
TASK [VPN server name prompt] ***********************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
TASK [Cellular On Demand prompt] ********************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
TASK [Wi-Fi On Demand prompt] ***********************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:
TASK [Trusted Wi-Fi networks prompt] ****************************************************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
TASK [Retain the PKI prompt] ************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
TASK [DNS adblocking prompt] ************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
TASK [SSH tunneling prompt] *************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] *****************************************************************************************************************
ok: [localhost]
PLAY [Provision the server] *************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************
ok: [localhost]
--> Please include the following block of text when reporting issues:
Algo running on: Mac OS X 10.14.6
ZIP file created: Jul 31 08:47:10 2019
Python 2.7.16
Runtime variables:
algo_provider "digitalocean"
algo_ondemand_cellular "True"
algo_ondemand_wifi "True"
algo_ondemand_wifi_exclude "X251bGw="
algo_dns_adblocking "True"
algo_ssh_tunneling "False"
wireguard_enabled "True"
dns_encryption "True"
TASK [Display the invocation environment] ***********************************************************************************************************
changed: [localhost -> localhost]
TASK [Install the requirements] *********************************************************************************************************************
changed: [localhost -> localhost]
TASK [Generate the SSH private key] *****************************************************************************************************************
changed: [localhost]
TASK [Generate the SSH public key] ******************************************************************************************************************
changed: [localhost]
TASK [cloud-digitalocean : Install requirements] ****************************************************************************************************
changed: [localhost]
[cloud-digitalocean : pause]
Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens):
(output is hidden):
TASK [cloud-digitalocean : pause] *******************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Set the token as a fact] *************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Get regions] *************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "content": "", "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>", "redirected": false, "status": -1, "url": "https://api.digitalocean.com/v2/regions"}
included: /Users/manou/algo-master/playbooks/rescue.yml for localhost
TASK [debug] ****************************************************************************************************************************************
ok: [localhost] => {
"fail_hint": [
"Sorry, but something went wrong!",
"Please check the troubleshooting guide.",
"https://trailofbits.github.io/algo/troubleshooting.html"
]
}
TASK [Fail the installation] ************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP ******************************************************************************************************************************************
localhost : ok=25 changed=5 unreachable=0 failed=2
Looks similar to https://github.com/trailofbits/algo/issues/802 and https://github.com/trailofbits/algo/issues/206. I haven't seen such errors since then tought
hi here's the out put with -vvv, as requested
(env) BigMac-87:algo-master manou$ ./algo -vvv ansible-playbook 2.7.12 config file = /Users/manou/algo-master/ansible.cfg configured module search path = [u'/Users/manou/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible executable location = /Users/manou/algo-master/env/bin/ansible-playbook python version = 2.7.16 (v2.7.16:413a49145e, Mar 2 2019, 14:32:10) [GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57)] Using /Users/manou/algo-master/ansible.cfg as config file /Users/manou/algo-master/inventory did not meet host_list requirements, check plugin documentation if this is unexpected Parsed /Users/manou/algo-master/inventory inventory source with ini plugin Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/playbooks/cloud-pre.yml Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/playbooks/cloud-post.yml Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/playbooks/tmpfs/main.yml Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/playbooks/tmpfs/macos.yml Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/playbooks/tmpfs/linux.yml Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/roles/dns/tasks/dns_adblocking.yml Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/roles/wireguard/tasks/keys.yml Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/roles/strongswan/tasks/ipsec_configuration.yml Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/roles/strongswan/tasks/openssl.yml Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/roles/strongswan/tasks/distribute_keys.yml Read vars_file 'config.cfg' Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/roles/strongswan/tasks/client_configs.yml Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg' statically imported: /Users/manou/algo-master/playbooks/tmpfs/umount.yml
PLAYBOOK: main.yml ********************************************************************************************************************************** 4 plays in main.yml
PLAY [localhost] ************************************************************************************************************************************
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628144.38-234970213591853" && echo ansible-tmp-1565628144.38-234970213591853="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628144.38-234970213591853" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/system/setup.py
TASK [Gathering Facts] ****************************************************************************************************************************** task path: /Users/manou/algo-master/main.yml:2 ok: [localhost] META: ran handlers
TASK [Ensure the requirements installed] ************************************************************************************************************ task path: /Users/manou/algo-master/main.yml:5 ok: [localhost] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result" }
TASK [Set required ansible version as a fact] ******************************************************************************************************* task path: /Users/manou/algo-master/main.yml:12 ok: [localhost] => (item=ansible==2.7.12) => { "ansible_facts": { "required_ansible_version": { "op": "==", "ver": "2.7.12" } }, "changed": false, "item": "ansible==2.7.12" }
TASK [Verify Ansible meets Algo VPN requirements.] ************************************************************************************************** task path: /Users/manou/algo-master/main.yml:20 ok: [localhost] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg'
PLAY [Ask user for the input] ***********************************************************************************************************************
Read vars_file 'config.cfg'
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628145.44-13140550497956" && echo ansible-tmp-1565628145.44-13140550497956="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628145.44-13140550497956" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/system/setup.py
TASK [Gathering Facts] ****************************************************************************************************************************** task path: /Users/manou/algo-master/input.yml:2 ok: [localhost] META: ran handlers Read vars_file 'config.cfg' [Cloud prompt] What provider would you like to use? 1. DigitalOcean 2. Amazon Lightsail 3. Amazon EC2 4. Vultr 5. Microsoft Azure 6. Google Compute Engine 7. Scaleway 8. OpenStack (DreamCompute optimised) 9. Install to existing Ubuntu 18.04 or 19.04 server (Advanced)
Enter the number of your desired provider :
TASK [Cloud prompt] ********************************************************************************************************************************* task path: /Users/manou/algo-master/input.yml:28 ok: [localhost] => { "changed": false, "delta": 3, "echo": true, "rc": 0, "start": "2019-08-12 18:42:25.881146", "stderr": "", "stdout": "Paused for 0.06 minutes", "stop": "2019-08-12 18:42:29.635195", "user_input": "1" } Read vars_file 'config.cfg'
TASK [Set facts based on the input] ***************************************************************************************************************** task path: /Users/manou/algo-master/input.yml:40 ok: [localhost] => { "ansible_facts": { "algo_provider": "digitalocean" }, "changed": false } Read vars_file 'config.cfg' [VPN server name prompt] Name the vpn server [algo] :
TASK [VPN server name prompt] *********************************************************************************************************************** task path: /Users/manou/algo-master/input.yml:44 ok: [localhost] => { "changed": false, "delta": 8, "echo": true, "rc": 0, "start": "2019-08-12 18:42:29.743702", "stderr": "", "stdout": "Paused for 0.14 minutes", "stop": "2019-08-12 18:42:38.170945", "user_input": "normal" } Read vars_file 'config.cfg' [Cellular On Demand prompt] Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks? [y/N] :
TASK [Cellular On Demand prompt] ******************************************************************************************************************** task path: /Users/manou/algo-master/input.yml:54 ok: [localhost] => { "changed": false, "delta": 8, "echo": true, "rc": 0, "start": "2019-08-12 18:42:38.228331", "stderr": "", "stdout": "Paused for 0.14 minutes", "stop": "2019-08-12 18:42:46.359052", "user_input": "y" } Read vars_file 'config.cfg' [Wi-Fi On Demand prompt] Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi? [y/N] :
TASK [Wi-Fi On Demand prompt] *********************************************************************************************************************** task path: /Users/manou/algo-master/input.yml:62 ok: [localhost] => { "changed": false, "delta": 4, "echo": true, "rc": 0, "start": "2019-08-12 18:42:46.415893", "stderr": "", "stdout": "Paused for 0.07 minutes", "stop": "2019-08-12 18:42:50.545606", "user_input": "y" } Read vars_file 'config.cfg' [Trusted Wi-Fi networks prompt] List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand" (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi) :
TASK [Trusted Wi-Fi networks prompt] **************************************************************************************************************** task path: /Users/manou/algo-master/input.yml:70 ok: [localhost] => { "changed": false, "delta": 7, "echo": true, "rc": 0, "start": "2019-08-12 18:42:50.604659", "stderr": "", "stdout": "Paused for 0.12 minutes", "stop": "2019-08-12 18:42:57.910920", "user_input": "" } Read vars_file 'config.cfg' [Retain the PKI prompt] Do you want to retain the keys (PKI)? (required to add users in the future, but less secure) [y/N] :
TASK [Retain the PKI prompt] ************************************************************************************************************************ task path: /Users/manou/algo-master/input.yml:81 ok: [localhost] => { "changed": false, "delta": 3, "echo": true, "rc": 0, "start": "2019-08-12 18:42:57.966543", "stderr": "", "stdout": "Paused for 0.06 minutes", "stop": "2019-08-12 18:43:01.492314", "user_input": "n" } Read vars_file 'config.cfg' [DNS adblocking prompt] Do you want to enable DNS ad blocking on this VPN server? [y/N] :
TASK [DNS adblocking prompt] ************************************************************************************************************************ task path: /Users/manou/algo-master/input.yml:90 ok: [localhost] => { "changed": false, "delta": 2, "echo": true, "rc": 0, "start": "2019-08-12 18:43:01.546958", "stderr": "", "stdout": "Paused for 0.05 minutes", "stop": "2019-08-12 18:43:04.386079", "user_input": "y" } Read vars_file 'config.cfg' [SSH tunneling prompt] Do you want each user to have their own account for SSH tunneling? [y/N] :
TASK [SSH tunneling prompt] ************************************************************************************************************************* task path: /Users/manou/algo-master/input.yml:98 ok: [localhost] => { "changed": false, "delta": 7, "echo": true, "rc": 0, "start": "2019-08-12 18:43:04.440475", "stderr": "", "stdout": "Paused for 0.13 minutes", "stop": "2019-08-12 18:43:12.141554", "user_input": "n" } Read vars_file 'config.cfg'
TASK [Set facts based on the input] ***************************************************************************************************************** task path: /Users/manou/algo-master/input.yml:106 ok: [localhost] => { "ansible_facts": { "algo_dns_adblocking": true, "algo_ondemand_cellular": true, "algo_ondemand_wifi": true, "algo_ondemand_wifi_exclude": "X251bGw=", "algo_server_name": "normal", "algo_ssh_tunneling": false, "algo_store_pki": false }, "changed": false } META: ran handlers META: ran handlers Read vars_file 'config.cfg' Read vars_file 'config.cfg' Read vars_file 'config.cfg'
PLAY [Provision the server] *************************************************************************************************************************
Read vars_file 'config.cfg'
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628192.27-88969911785203" && echo ansible-tmp-1565628192.27-88969911785203="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628192.27-88969911785203" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/system/setup.py
TASK [Gathering Facts] ******************************************************************************************************************************
task path: /Users/manou/algo-master/cloud.yml:2
ok: [localhost]
META: ran handlers
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628192.64-187543026428605" && echo ansible-tmp-1565628192.64-187543026428605="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628192.64-187543026428605" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/commands/command.py
--> Please include the following block of text when reporting issues:
Algo running on: Mac OS X 10.14.6
ZIP file created: Jul 31 08:47:10 2019
Python 2.7.16
Runtime variables:
algo_provider "digitalocean"
algo_ondemand_cellular "True"
algo_ondemand_wifi "True"
algo_ondemand_wifi_exclude "X251bGw="
algo_dns_adblocking "True"
algo_ssh_tunneling "False"
wireguard_enabled "True"
dns_encryption "True"
TASK [Display the invocation environment] ***********************************************************************************************************
task path: /Users/manou/algo-master/playbooks/cloud-pre.yml:3
changed: [localhost -> localhost] => {
"changed": true,
"cmd": "./algo-showenv.sh 'algo_provider "digitalocean"' 'algo_ondemand_cellular "True"' 'algo_ondemand_wifi "True"' 'algo_ondemand_wifi_exclude "X251bGw="' 'algo_dns_adblocking "True"' 'algo_ssh_tunneling "False"' 'wireguard_enabled "True"' 'dns_encryption "True"' > /dev/tty",
"delta": "0:00:00.049067",
"end": "2019-08-12 18:43:12.961890",
"invocation": {
"module_args": {
"_raw_params": "./algo-showenv.sh 'algo_provider "digitalocean"' 'algo_ondemand_cellular "True"' 'algo_ondemand_wifi "True"' 'algo_ondemand_wifi_exclude "X251bGw="' 'algo_dns_adblocking "True"' 'algo_ssh_tunneling "False"' 'wireguard_enabled "True"' 'dns_encryption "True"' > /dev/tty",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"warn": true
}
},
"rc": 0,
"start": "2019-08-12 18:43:12.912823",
"stderr": "",
"stderr_lines": [],
"stdout": "",
"stdout_lines": []
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628193.05-202048980691685" && echo ansible-tmp-1565628193.05-202048980691685="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628193.05-202048980691685" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/packaging/language/pip.py
TASK [Install the requirements] *********************************************************************************************************************
task path: /Users/manou/algo-master/playbooks/cloud-pre.yml:19
ok: [localhost -> localhost] => {
"changed": false,
"cmd": [
"/Users/manou/algo-master/env/bin/pip2",
"install",
"-U",
"pyOpenSSL",
"jinja2==2.8",
"segno"
],
"invocation": {
"module_args": {
"chdir": null,
"editable": false,
"executable": null,
"extra_args": null,
"name": [
"pyOpenSSL",
"jinja2==2.8",
"segno"
],
"requirements": null,
"state": "latest",
"umask": null,
"use_mirrors": true,
"version": null,
"virtualenv": null,
"virtualenv_command": "virtualenv",
"virtualenv_python": null,
"virtualenv_site_packages": false
}
},
"name": [
"pyOpenSSL",
"jinja2==2.8",
"segno"
],
"requirements": null,
"state": "latest",
"stderr": "DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support\n",
"stderr_lines": [
"DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support"
],
"stdout": "Requirement already up-to-date: pyOpenSSL in /Users/manou/algo-master/env/lib/python2.7/site-packages (19.0.0)\nRequirement already up-to-date: jinja2==2.8 in /Users/manou/algo-master/env/lib/python2.7/site-packages (2.8)\nRequirement already up-to-date: segno in /Users/manou/algo-master/env/lib/python2.7/site-packages (0.3.2)\nRequirement already satisfied, skipping upgrade: cryptography>=2.3 in /Users/manou/algo-master/env/lib/python2.7/site-packages (from pyOpenSSL) (2.7)\nRequirement already satisfied, skipping upgrade: six>=1.5.2 in /Users/manou/algo-master/env/lib/python2.7/site-packages (from pyOpenSSL) (1.12.0)\nRequirement already satisfied, skipping upgrade: MarkupSafe in /Users/manou/algo-master/env/lib/python2.7/site-packages (from jinja2==2.8) (1.1.1)\nRequirement already satisfied, skipping upgrade: enum34; python_version < "3" in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.1.6)\nRequirement already satisfied, skipping upgrade: asn1crypto>=0.21.0 in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cryptography>=2.3->pyOpenSSL) (0.24.0)\nRequirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.12.3)\nRequirement already satisfied, skipping upgrade: ipaddress; python_version < "3" in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.0.22)\nRequirement already satisfied, skipping upgrade: pycparser in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.3->pyOpenSSL) (2.19)\n",
"stdout_lines": [
"Requirement already up-to-date: pyOpenSSL in /Users/manou/algo-master/env/lib/python2.7/site-packages (19.0.0)",
"Requirement already up-to-date: jinja2==2.8 in /Users/manou/algo-master/env/lib/python2.7/site-packages (2.8)",
"Requirement already up-to-date: segno in /Users/manou/algo-master/env/lib/python2.7/site-packages (0.3.2)",
"Requirement already satisfied, skipping upgrade: cryptography>=2.3 in /Users/manou/algo-master/env/lib/python2.7/site-packages (from pyOpenSSL) (2.7)",
"Requirement already satisfied, skipping upgrade: six>=1.5.2 in /Users/manou/algo-master/env/lib/python2.7/site-packages (from pyOpenSSL) (1.12.0)",
"Requirement already satisfied, skipping upgrade: MarkupSafe in /Users/manou/algo-master/env/lib/python2.7/site-packages (from jinja2==2.8) (1.1.1)",
"Requirement already satisfied, skipping upgrade: enum34; python_version < "3" in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.1.6)",
"Requirement already satisfied, skipping upgrade: asn1crypto>=0.21.0 in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cryptography>=2.3->pyOpenSSL) (0.24.0)",
"Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.12.3)",
"Requirement already satisfied, skipping upgrade: ipaddress; python_version < "3" in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cryptography>=2.3->pyOpenSSL) (1.0.22)",
"Requirement already satisfied, skipping upgrade: pycparser in /Users/manou/algo-master/env/lib/python2.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.3->pyOpenSSL) (2.19)"
],
"version": null,
"virtualenv": null
}
Read vars_file 'config.cfg'
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628194.81-234113909131074" && echo ansible-tmp-1565628194.81-234113909131074="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628194.81-234113909131074" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/crypto/openssl_privatekey.py
TASK [Generate the SSH private key] *****************************************************************************************************************
task path: /Users/manou/algo-master/playbooks/cloud-pre.yml:32
ok: [localhost] => {
"changed": false,
"filename": "configs/algo.pem",
"fingerprint": {
"md5": "5a:ca:2d:10:f9:29:37:78:3f:bb:c2:ad:f8:71:99:0a",
"sha1": "d1:80:a8:d6:0b:98:50:28:e0:f6:d6:6c:ad:9b:d2:d0:5f:d5:8f:fb",
"sha224": "de:23:05:76:6a:67:43:b2:d6:65:21:2c:4b:b9:b3:71:df:31:8e:80:3d:a1:51:75:10:d1:c9:dc",
"sha256": "64:57:f0:f9:d1:61:a4:d5:19:3b:42:78:1c:93:66:31:ca:dd:64:ac:a0:a7:b0:b8:99:4a:1a:5a:67:3c:4d:83",
"sha384": "9e:81:2a:27:d3:4f:82:51:82:54:cb:15:07:25:cc:b0:f6:60:1a:4e:05:8f:b8:40:93:bf:8b:ac:e6:c6:0b:56:e9:16:aa:78:2c:40:3f:78:98:3d:46:99:2f:a7:f1:f8",
"sha512": "e5:b4:5e:b7:56:1c:7c:2f:96:76:2c:4f:18:7a:38:93:f5:3c:d3:fd:0d:f3:93:9c:96:23:9c:8b:d8:06:f3:b3:98:30:6b:ff:61:c6:92:2a:eb:eb:32:19:69:44:95:63:7a:a7:ac:0e:0a:f8:27:61:07:0e:3a:b0:c1:5c:32:58"
},
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"cipher": null,
"content": null,
"delimiter": null,
"directory_mode": null,
"follow": false,
"force": false,
"group": null,
"mode": "0600",
"owner": null,
"passphrase": null,
"path": "configs/algo.pem",
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"size": 2048,
"src": null,
"state": "present",
"type": "RSA",
"unsafe_writes": null
}
},
"size": 2048,
"type": "RSA"
}
Read vars_file 'config.cfg'
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628195.23-14744268219381" && echo ansible-tmp-1565628195.23-14744268219381="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628195.23-14744268219381" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/crypto/openssl_publickey.py
TASK [Generate the SSH public key] ******************************************************************************************************************
task path: /Users/manou/algo-master/playbooks/cloud-pre.yml:40
ok: [localhost] => {
"changed": false,
"filename": "configs/algo.pem.pub",
"fingerprint": {
"md5": "5a:ca:2d:10:f9:29:37:78:3f:bb:c2:ad:f8:71:99:0a",
"sha1": "d1:80:a8:d6:0b:98:50:28:e0:f6:d6:6c:ad:9b:d2:d0:5f:d5:8f:fb",
"sha224": "de:23:05:76:6a:67:43:b2:d6:65:21:2c:4b:b9:b3:71:df:31:8e:80:3d:a1:51:75:10:d1:c9:dc",
"sha256": "64:57:f0:f9:d1:61:a4:d5:19:3b:42:78:1c:93:66:31:ca:dd:64:ac:a0:a7:b0:b8:99:4a:1a:5a:67:3c:4d:83",
"sha384": "9e:81:2a:27:d3:4f:82:51:82:54:cb:15:07:25:cc:b0:f6:60:1a:4e:05:8f:b8:40:93:bf:8b:ac:e6:c6:0b:56:e9:16:aa:78:2c:40:3f:78:98:3d:46:99:2f:a7:f1:f8",
"sha512": "e5:b4:5e:b7:56:1c:7c:2f:96:76:2c:4f:18:7a:38:93:f5:3c:d3:fd:0d:f3:93:9c:96:23:9c:8b:d8:06:f3:b3:98:30:6b:ff:61:c6:92:2a:eb:eb:32:19:69:44:95:63:7a:a7:ac:0e:0a:f8:27:61:07:0e:3a:b0:c1:5c:32:58"
},
"format": "OpenSSH",
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"content": null,
"delimiter": null,
"directory_mode": null,
"follow": false,
"force": false,
"format": "OpenSSH",
"group": null,
"mode": null,
"owner": null,
"path": "configs/algo.pem.pub",
"privatekey_passphrase": null,
"privatekey_path": "configs/algo.pem",
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"state": "present",
"unsafe_writes": null
}
},
"privatekey": "configs/algo.pem"
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
statically imported: /Users/manou/algo-master/roles/cloud-digitalocean/tasks/venv.yml
Read vars_file 'config.cfg'
statically imported: /Users/manou/algo-master/roles/cloud-digitalocean/tasks/prompts.yml
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628195.79-66525484932111" && echo ansible-tmp-1565628195.79-66525484932111="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628195.79-66525484932111" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/packaging/language/pip.py
TASK [cloud-digitalocean : Install requirements] **************************************************************************************************** task path: /Users/manou/algo-master/roles/cloud-digitalocean/tasks/venv.yml:8 ok: [localhost] => { "changed": false, "cmd": [ "/Users/manou/algo-master/configs/.venvs/digitalocean/bin/pip2", "install", "dopy==0.3.5" ], "invocation": { "module_args": { "chdir": null, "editable": false, "executable": null, "extra_args": null, "name": [ "dopy" ], "requirements": null, "state": "present", "umask": null, "use_mirrors": true, "version": "0.3.5", "virtualenv": "/Users/manou/algo-master/configs/.venvs/digitalocean", "virtualenv_command": "virtualenv", "virtualenv_python": "python2.7", "virtualenv_site_packages": false } }, "name": [ "dopy" ], "requirements": null, "state": "present", "stderr": "DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support\n", "stderr_lines": [ "DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support" ], "stdout": "Requirement already satisfied: dopy==0.3.5 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (0.3.5)\nRequirement already satisfied: requests>=1.0.4 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from dopy==0.3.5) (2.22.0)\nRequirement already satisfied: chardet<3.1.0,>=3.0.2 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from requests>=1.0.4->dopy==0.3.5) (3.0.4)\nRequirement already satisfied: idna<2.9,>=2.5 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from requests>=1.0.4->dopy==0.3.5) (2.8)\nRequirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from requests>=1.0.4->dopy==0.3.5) (1.25.3)\nRequirement already satisfied: certifi>=2017.4.17 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from requests>=1.0.4->dopy==0.3.5) (2019.6.16)\n", "stdout_lines": [ "Requirement already satisfied: dopy==0.3.5 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (0.3.5)", "Requirement already satisfied: requests>=1.0.4 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from dopy==0.3.5) (2.22.0)", "Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from requests>=1.0.4->dopy==0.3.5) (3.0.4)", "Requirement already satisfied: idna<2.9,>=2.5 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from requests>=1.0.4->dopy==0.3.5) (2.8)", "Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from requests>=1.0.4->dopy==0.3.5) (1.25.3)", "Requirement already satisfied: certifi>=2017.4.17 in /Users/manou/algo-master/configs/.venvs/digitalocean/lib/python2.7/site-packages (from requests>=1.0.4->dopy==0.3.5) (2019.6.16)" ], "version": "0.3.5", "virtualenv": "/Users/manou/algo-master/configs/.venvs/digitalocean" } Read vars_file 'config.cfg' [cloud-digitalocean : pause] Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens): (output is hidden):
TASK [cloud-digitalocean : pause] ******************************************************************************************************************* task path: /Users/manou/algo-master/roles/cloud-digitalocean/tasks/prompts.yml:2 ok: [localhost] => { "changed": false, "delta": 34, "echo": true, "rc": 0, "start": "2019-08-12 18:43:16.582562", "stderr": "", "stdout": "Paused for 0.58 minutes", "stop": "2019-08-12 18:43:51.269608", "user_input": "9dbd4323b1205ad59f7e67ff0d417ccd28294e5661cdd5a62c2f4bdb7fa45a18" } Read vars_file 'config.cfg'
TASK [cloud-digitalocean : Set the token as a fact] *************************************************************************************************
task path: /Users/manou/algo-master/roles/cloud-digitalocean/tasks/prompts.yml:11
ok: [localhost] => {
"ansible_facts": {
"algo_do_token": "9dbd4323b1205ad59f7e67ff0d417ccd28294e5661cdd5a62c2f4bdb7fa45a18"
},
"changed": false
}
Read vars_file 'config.cfg'
echo /Users/manou/.ansible/tmp/ansible-tmp-1565628231.39-163511822736290" && echo ansible-tmp-1565628231.39-163511822736290="echo /Users/manou/.ansible/tmp/ansible-tmp-1565628231.39-163511822736290" ) && sleep 0'
Using module file /Users/manou/algo-master/env/lib/python2.7/site-packages/ansible/modules/net_tools/basics/uri.py
TASK [cloud-digitalocean : Get regions] ************************************************************************************************************* task path: /Users/manou/algo-master/roles/cloud-digitalocean/tasks/prompts.yml:15 fatal: [localhost]: FAILED! => { "changed": false, "content": "", "invocation": { "module_args": { "attributes": null, "backup": null, "body": null, "body_format": "raw", "client_cert": null, "client_key": null, "content": null, "creates": null, "delimiter": null, "dest": null, "directory_mode": null, "follow": false, "follow_redirects": "safe", "force": false, "force_basic_auth": false, "group": null, "headers": { "Authorization": "Bearer 9dbd4323b1205ad59f7e67ff0d417ccd28294e5661cdd5a62c2f4bdb7fa45a18", "Content-Type": "application/json" }, "http_agent": "ansible-httpget", "method": "GET", "mode": null, "owner": null, "regexp": null, "remote_src": null, "removes": null, "return_content": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "status_code": [ "200" ], "timeout": 30, "unsafe_writes": null, "url": "https://api.digitalocean.com/v2/regions", "url_password": null, "url_username": null, "use_proxy": true, "validate_certs": true } }, "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>", "redirected": false, "status": -1, "url": "https://api.digitalocean.com/v2/regions" } Read vars_file 'config.cfg' Read vars_file 'config.cfg' included: /Users/manou/algo-master/playbooks/rescue.yml for localhost Read vars_file 'config.cfg' Read vars_file 'config.cfg'
TASK [debug] **************************************************************************************************************************************** task path: /Users/manou/algo-master/playbooks/rescue.yml:2 ok: [localhost] => { "fail_hint": [ "Sorry, but something went wrong!", "Please check the troubleshooting guide.", "https://trailofbits.github.io/algo/troubleshooting.html" ] } Read vars_file 'config.cfg'
TASK [Fail the installation] ************************************************************************************************************************ task path: /Users/manou/algo-master/playbooks/rescue.yml:5 fatal: [localhost]: FAILED! => { "changed": false, "msg": "Failed as requested from task" }
PLAY RECAP ****************************************************************************************************************************************** localhost : ok=25 changed=1 unreachable=0 failed=2
(env) BigMac-87:algo-master manou$
I think your DO API key is in that output. You should delete it and generate a new one.
yes I deleted the key before posting the output on Git Thanks for the heads up, nonetheless
The only hint I could find anywhere is to make sure you're logging into DO from an IP that has a reverse DNS configured. Not sure where I saw that.
hi again Thank you for your suggestion I checked that reverse dns is enabled by my ISP So that does not seem to be a problem
openssl s_client -showcerts -servername api.digitalocean.com -connect api.digitalocean.com:443 < /dev/null
@macuser666 Could you post the output here, please?
openssl s_client -showcerts -servername api.digitalocean.com -connect api.digitalocean.com:443 < /dev/null
shure:
(env) BigMac-87:algo-master manou$ openssl s_client -showcerts -servername api.digitalocean.com -connect api.digitalocean.com:443 < /dev/null
CONNECTED(00000006)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
verify return:1
depth=0 businessCategory = Private Organization, jurisdictionCountryName = US, jurisdictionStateOrProvinceName = Delaware, serialNumber = 5118787, C = US, ST = New York, L = New York, O = "DigitalOcean, LLC", CN = www.digitalocean.com
verify return:1
---
Certificate chain
0 s:/businessCategory=Private Organization/jurisdictionCountryName=US/jurisdictionStateOrProvinceName=Delaware/serialNumber=5118787/C=US/ST=New York/L=New York/O=DigitalOcean, LLC/CN=www.digitalocean.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
-----BEGIN CERTIFICATE-----
MIIHkDCCBnigAwIBAgIQA8RAHSTuzbZNewDJrxzhyjANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDYwNTAwMDAwMFoXDTIwMDYxMTEy
MDAwMFowgc8xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
Ewc1MTE4Nzg3MQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNV
BAcTCE5ldyBZb3JrMRowGAYDVQQKExFEaWdpdGFsT2NlYW4sIExMQzEdMBsGA1UE
AxMUd3d3LmRpZ2l0YWxvY2Vhbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDcHaYfxxCfPgc0hy+fPJmRTvfDzVIg5ce5HUKerb4k2+b89HhBeaRP
HqNWE06KHD+XsStpQyPDKW1KRJvrIn7+Kz79FgB1XP9Fe8cWEHvkt8ZChGN53kkF
hwa9jhCJV2UG9UPWUB+rVgwxmwCQK4wwrYWlgidYwES2Q88Zeubr+z5BzmC6a9V2
5iDtCRd8B2whBhGSbykHLp7MqZGFuAYOoSMfkNaKwIq06iHlaCmOLaUlDv010Axy
eAodp1YHGTILoA7iuR1M7cEgvqD+I79Pcspj5igBHLOPCUgBnRZGf7TxO8wyOK9D
usy69EZuB158oZQxQQJNu63CWD9Tc5pzAgMBAAGjggO/MIIDuzAfBgNVHSMEGDAW
gBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQUrKhNb3mUhZc5hX6vL26q
Ow2e1+UwagYDVR0RBGMwYYIUd3d3LmRpZ2l0YWxvY2Vhbi5jb22CFGFwaS5kaWdp
dGFsb2NlYW4uY29tghZjbG91ZC5kaWdpdGFsb2NlYW4uY29tghtkZXZlbG9wZXJz
LmRpZ2l0YWxvY2Vhbi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5k
aWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8v
Y3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIARE
MEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj
ZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcw
AYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8v
Y2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0
aW9uU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIB
bwSCAWsBaQB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABY9G4
qysAAAQDAEcwRQIhAOn8TwS3l5ubM5OwCe76xT9l6YeNUfLCFw+5J7/QCTKmAiA8
20vS1jT94qgtor48oJ2H9uJ5ukYsI4PBplqKgaKWhAB2AFYUBpov18Ls0/XhvUSy
PsdGdrm8mRFcwO+UmFXWidDdAAABY9G4qxIAAAQDAEcwRQIgZBw1BJ4lYxAW9xVS
s4yTfi/tC/VPIAZLJSs00jWVUZMCIQCa/EVkbk6Y1Mk9k/tfuOaW4uXJA3+wM3nJ
3wL3Kc3GgQB3ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABY9G4
q8gAAAQDAEgwRgIhAPctwsPhSB8bw6xK4+Kk8SIU1qYjJ8WwiRKmtCNhHWHtAiEA
vFxGPll/br3o5bsihjfOwDCqA0EzbfNfKoSizLXWIvswDQYJKoZIhvcNAQELBQAD
ggEBAMSldhz28/5kcMb1LLXjsp2tqaGjoGUYaqXIR6IgKnMrtHwkQrrxiV7OoZl6
vSqoQ6/RRD+sJwQEK6iSykwDVyRIAKXeTIBCzVxX30DX5BJtxnIK/GMVK69MBiv3
43SxqMTrOltwINyvAKG8FHdJ8wvzl6IJTPlFUGhqKg2LpXJnq6x8LbfyHQ7Fk2++
xSL9wvSiAlBrBoqY7dg1VBBPIV7ZRYlwIwbtKTZllaJkgj3NAeicMhR6aWLzlDtC
+p6rKUgUOFGxZbIl+vza71Rt77xvkviqvCHutzoYgeclKKEMY4QdzMJANWuYnd6S
QI6DT95RTVOA+puTeKaSrRmDOLE=
-----END CERTIFICATE-----
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-----BEGIN CERTIFICATE-----
MIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBW
YWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUY
uD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/
LhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy
/Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQh
cJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k
8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYB
Af8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
Z2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2Vy
dC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2
MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5j
b20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAW
gBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbh
hgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg
4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa
2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs
1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1
oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn
8TUoE6smftX3eg==
-----END CERTIFICATE-----
---
Server certificate
subject=/businessCategory=Private Organization/jurisdictionCountryName=US/jurisdictionStateOrProvinceName=Delaware/serialNumber=5118787/C=US/ST=New York/L=New York/O=DigitalOcean, LLC/CN=www.digitalocean.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 3780 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: 260D031735BD0DB96E8C800B314971616DC03BB46C3628CF50F7C112ED0E83B7
Session-ID-ctx:
Master-Key: 97439C899605C34AC940C9924FC83075DD166FCDF0B3737A0C99E0D5BE2D9EA683A53C1E88CAAC53241DE87DB20F8C88
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - df d4 07 b9 dd c8 a8 0e-08 c8 1a 77 ea 57 a1 dc ...........w.W..
0010 - f9 48 63 43 51 a0 5c 6e-be b9 28 46 30 18 dd ad .HcCQ.\n..(F0...
0020 - 8b 94 4c d6 2e 31 7c 55-97 de 2b f1 ea 39 a2 3e ..L..1|U..+..9.>
0030 - c1 10 76 2b 3c 1c 7c e1-ab b4 c6 c6 bb de 30 07 ..v+<.|.......0.
0040 - 2c 1a a7 ed 99 a0 5e 9d-1a f0 7d 3d 37 bc c6 88 ,.....^...}=7...
0050 - c3 42 fb 2d b9 21 66 bf-51 1e 18 34 3f 19 b8 2d .B.-.!f.Q..4?..-
0060 - 26 29 09 8d d3 93 0b 7d-ad 5c 85 39 c7 72 e2 65 &).....}.\.9.r.e
0070 - 8d 32 d0 09 1a 92 d3 37-0b 41 a0 79 08 a3 84 7a .2.....7.A.y...z
0080 - ef 86 cb 93 95 15 88 09-31 55 f1 71 74 87 3f fb ........1U.qt.?.
0090 - 77 9c 42 3e 30 0d 37 e1-4f ee fa 35 70 9b bf 93 w.B>0.7.O..5p...
00a0 - 51 9d e1 f4 6e 8e fc 97-b2 54 c5 8e 57 90 64 da Q...n....T..W.d.
Start Time: 1565717519
Timeout : 7200 (sec)
Verify return code: 0 (ok)
RTFM😏 From the python readme
Certificate verification and OpenSSL_[CHANGED in 2.7.15]
This variant of Python 2.7 now includes its own private copy of OpenSSL 1.0.2. Unlike previous releases, the deprecated Apple-supplied OpenSSL libraries are no longer used. This also means that the trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are no longer used as defaults by the Python ssl module. A sample command script is included in /Applications/Python 2.7 to install a curated bundle of default root certificates from the third-party certifi package (https://pypi.python.org/pypi/certifi). Click on Install Certificates to run it. If you choose to use certifi, you should consider subscribing to the project's email update service to be notified when the certificate bundle is updated.
The bundled pip included with the Python 2.7 installer has its own default certificate store for verifying download connections.
TLDR: double click on "Install Certificates.command" located in /Applications/Python\ 2.7 Problem solved I just installed a new Algo instance on DO
Experiencing this same SSL error (on Ubuntu 19.04) while running the algo script:
TASK [cloud-digitalocean : Get regions] ****************************************************** fatal: [localhost]: FAILED! => {"changed": false, "content": "", "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>", "redirected": false, "status": -1, "url": "https://api.digitalocean.com/v2/regions"}
Tried searching but not finding a similar solution as above for the Linux/Ubuntu environment:
"Install Certificates.command" located in /Applications/Python\ 2.7
@daehee Do you perhaps have non-standard versions of either python or openssl installed?
@davidemyers I believe they are latest standard versions from the normal Ubuntu package upgrades/installations:
❯ openssl version OpenSSL 1.1.1b 26 Feb 2019
env ❯ python --version Python 2.7.16
@daehee Those look correct. I'm not sure what's going on. I just deployed fine from a fresh 19.04 container.
Do you get any output from the command dpkg -V ca-certificates?
@davidemyers thanks for confirming on your end. I'll dig around some more and try deploying from another machine if needed.
Re: your question:
❯ dpkg --verify ca-certificates
no output, returns empty
After running /Applications/Python\ 3.6/Install\ Certificates.command the issue got resolved! 🎉
Maybe it's a good idea to add this info in troubleshooting documentation.
