algo scripts fails with a couple of errors on Debian 12.4 minimal net install
NotHere opened this issue · 3 comments
Describe the bug
Did a git clone and tried to install Algo on a barebones (debian-12.4.0-amd64-netinst.iso) install of Debian 12.4. Script failed on 2 items:
-
debian netinstall (no desktop) does not include systemd-resolved. Script failed. Installing systems-resolved resolved this issue.
-
algo then fails on adding repository.
TASK [dns : Add the repository] *****************************************************************************************************************************
fatal: [localhost]: FAILED! => {"attempts": 10, "changed": false, "msg": "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu bookworm Release' does not have a Release file."}
To Reproduce
Steps to reproduce the behavior:
- config config.cfg
- ./algo
- Algo fails to install.
Expected behavior
Algo finishes installing.
Additional context
- add systemd-resolver to dependencies list in README.md
- According to https://launchpad.net/~shevchuk/+archive/ubuntu/dnscrypt-proxy, the way to add the repository is:
add-apt-repository ppa:shevchuk/dnscrypt-proxy
Add any other context about the problem here.
./algo
PLAY [localhost] ********************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
ok: [localhost]
TASK [Playbook dir stat] ************************************************************************************************************************************
ok: [localhost]
TASK [Ensure Ansible is not being run in a world writable directory] ****************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: The value '' is not a valid IP address or network, passing this value to ipaddr filter might result in breaking change in future.
TASK [Ensure the requirements installed] ********************************************************************************************************************
ok: [localhost]
TASK [Set required ansible version as a fact] ***************************************************************************************************************
ok: [localhost] => (item=ansible==9.1.0)
TASK [Just get the list from default pip] *******************************************************************************************************************
ok: [localhost]
TASK [Verify Python meets Algo VPN requirements] ************************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Verify Ansible meets Algo VPN requirements] ***********************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log
PLAY [Ask user for the input] *******************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Hetzner Cloud
7. Vultr
8. Scaleway
9. OpenStack (DreamCompute optimised)
10. CloudStack (Exoscale optimised)
11. Linode
12. Install to existing Ubuntu latest LTS server (for more advanced users)
Enter the number of your desired provider
:
12
TASK [Cloud prompt] *****************************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] *************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
y
TASK [Cellular On Demand prompt] ****************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
y
TASK [Wi-Fi On Demand prompt] *******************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:
Home
TASK [Trusted Wi-Fi networks prompt] ************************************************************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
y
TASK [Retain the PKI prompt] ********************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
y
TASK [DNS adblocking prompt] ********************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
TASK [SSH tunneling prompt] *********************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] *************************************************************************************************************************
ok: [localhost]
PLAY [Provision the server] *********************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
ok: [localhost]
--> Please include the following block of text when reporting issues:
Algo running on: Debian GNU/Linux 12 (bookworm) (Virtualized: kvm)
Created from git clone. Last commit: 74051d0 Update README.md dependencies (#14634)
Python 3.11.2
Runtime variables:
algo_provider "local"
algo_ondemand_cellular "True"
algo_ondemand_wifi "True"
algo_ondemand_wifi_exclude "VGhl2Wm9vA"
algo_dns_adblocking "True"
algo_ssh_tunneling "False"
wireguard_enabled "True"
dns_encryption "False"
TASK [Display the invocation environment] *******************************************************************************************************************
changed: [localhost]
TASK [Install the requirements] *****************************************************************************************************************************
ok: [localhost]
TASK [Include a provisioning role] **************************************************************************************************************************
[local : pause]
https://trailofbits.github.io/algo/deploy-to-ubuntu.html
Local installation might break your server. Use at your own risk.
Proceed? Press ENTER to continue or CTRL+C and A to abort...:
TASK [local : pause] ****************************************************************************************************************************************
ok: [localhost] => (item=https://trailofbits.github.io/algo/deploy-to-ubuntu.html
Local installation might break your server. Use at your own risk.
Proceed? Press ENTER to continue or CTRL+C and A to abort...)
[local : pause]
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:
TASK [local : pause] ****************************************************************************************************************************************
ok: [localhost]
TASK [local : Set the facts] ********************************************************************************************************************************
ok: [localhost]
[local : pause]
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[localhost]
:
TASK [local : pause] ****************************************************************************************************************************************
ok: [localhost]
TASK [local : Set the facts] ********************************************************************************************************************************
ok: [localhost]
TASK [Set subjectAltName as a fact] *************************************************************************************************************************
ok: [localhost]
TASK [Add the server to an inventory group] *****************************************************************************************************************
changed: [localhost]
TASK [debug] ************************************************************************************************************************************************
ok: [localhost] => {
"IP_subject_alt_name": "vpn.exampe.com"
}
[WARNING]: Reset is not implemented for this connection
TASK [Wait 600 seconds for target connection to become reachable/usable] ************************************************************************************
ok: [localhost] => (item=localhost)
PLAY [Configure the server and install required software] ***************************************************************************************************
TASK [common : Check the system] ****************************************************************************************************************************
ok: [localhost]
TASK [common : include_tasks] *******************************************************************************************************************************
included: /home/tai/algo/roles/common/tasks/ubuntu.yml for localhost
TASK [common : Gather facts] ********************************************************************************************************************************
ok: [localhost]
TASK [common : Install unattended-upgrades] *****************************************************************************************************************
ok: [localhost]
TASK [common : Configure unattended-upgrades] ***************************************************************************************************************
ok: [localhost]
TASK [common : Periodic upgrades configured] ****************************************************************************************************************
ok: [localhost]
TASK [common : Disable MOTD on login and SSHD] **************************************************************************************************************
ok: [localhost] => (item={'regexp': '^session.*optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'})
ok: [localhost] => (item={'regexp': '^session.*optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})
TASK [common : Ensure fallback resolvers are set] ***********************************************************************************************************
ok: [localhost]
[DEPRECATION WARNING]: Use 'ansible.utils.ipmath' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
TASK [common : Loopback for services configured] ************************************************************************************************************
ok: [localhost]
TASK [common : systemd services enabled and started] ********************************************************************************************************
ok: [localhost] => (item=systemd-networkd)
ok: [localhost] => (item=systemd-resolved)
TASK [common : Check apparmor support] **********************************************************************************************************************
ok: [localhost]
TASK [common : Set fact if apparmor enabled] ****************************************************************************************************************
ok: [localhost]
TASK [common : Define facts] ********************************************************************************************************************************
ok: [localhost]
TASK [common : Set facts] ***********************************************************************************************************************************
ok: [localhost]
TASK [common : Set IPv6 support as a fact] ******************************************************************************************************************
ok: [localhost]
TASK [common : Check size of MTU] ***************************************************************************************************************************
ok: [localhost]
TASK [common : Set OS specific facts] ***********************************************************************************************************************
ok: [localhost]
TASK [common : Install tools] *******************************************************************************************************************************
ok: [localhost]
TASK [common : include_tasks] *******************************************************************************************************************************
included: /home/tai/algo/roles/common/tasks/iptables.yml for localhost
TASK [common : Iptables configured] *************************************************************************************************************************
ok: [localhost] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})
TASK [common : Sysctl tuning] *******************************************************************************************************************************
ok: [localhost] => (item={'item': 'net.ipv4.ip_forward', 'value': 1})
ok: [localhost] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})
TASK [dns : Include tasks for Ubuntu] ***********************************************************************************************************************
included: /home/tai/algo/roles/dns/tasks/ubuntu.yml for localhost
FAILED - RETRYING: [localhost]: Add the repository (10 retries left).
FAILED - RETRYING: [localhost]: Add the repository (9 retries left).
FAILED - RETRYING: [localhost]: Add the repository (8 retries left).
FAILED - RETRYING: [localhost]: Add the repository (7 retries left).
FAILED - RETRYING: [localhost]: Add the repository (6 retries left).
FAILED - RETRYING: [localhost]: Add the repository (5 retries left).
FAILED - RETRYING: [localhost]: Add the repository (4 retries left).
FAILED - RETRYING: [localhost]: Add the repository (3 retries left).
FAILED - RETRYING: [localhost]: Add the repository (2 retries left).
FAILED - RETRYING: [localhost]: Add the repository (1 retries left).
TASK [dns : Add the repository] *****************************************************************************************************************************
fatal: [localhost]: FAILED! => {"attempts": 10, "changed": false, "msg": "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu bookworm Release' does not have a Release file."}
TASK [include_tasks] ****************************************************************************************************************************************
included: /home/tai/algo/playbooks/rescue.yml for localhost
TASK [debug] ************************************************************************************************************************************************
ok: [localhost] => {
"fail_hint": [
"Sorry, but something went wrong!",
"Please check the troubleshooting guide.",
"https://trailofbits.github.io/algo/troubleshooting.html"
]
}
TASK [Fail the installation] ********************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP **************************************************************************************************************************************************
localhost : ok=54 changed=2 unreachable=0 failed=1 skipped=25 rescued=1 ignored=0
A little more digging turns this gem up:
DNSCrypt/dnscrypt-proxy#2410