trailofbits/algo

Installation failure "Deploy from script or cloud-init", Hostinger VPS Ubuntu 22.04 x64

rohhhs opened this issue · 1 comments

rohhhs commented

curl -s https://raw.githubusercontent.com/trailofbits/algo/master/install.sh | sudo -E bash -x

  • set -ex
  • METHOD=cloud
  • ONDEMAND_CELLULAR=false
  • ONDEMAND_WIFI=false
  • ONDEMAND_WIFI_EXCLUDE=_null
  • STORE_PKI=false
  • DNS_ADBLOCKING=false
  • SSH_TUNNELING=false
  • ENDPOINT=localhost
  • USERS=user1
  • REPO_SLUG=trailofbits/algo
  • REPO_BRANCH=master
  • EXTRA_VARS=placeholder=null
  • ANSIBLE_EXTRA_ARGS=
  • cd /opt/
  • test cloud = cloud
  • publicIpFromMetadata
  • grep DigitalOcean
  • curl -s http://169.254.169.254/metadata/v1/vendor-data
    ++ curl -s http://169.254.169.254/latest/meta-data/services/domain
  • test '' = amazonaws.com
  • host -t A -W 10 metadata.google.internal 127.0.0.53
    ++ curl -s -H Metadata:true 'http://169.254.169.254/metadata/instance/compute/publisher/?api-version=2017-04-02&format=text'
  • test '' = Canonical
  • echo localhost
  • grep -oE '\b([0-9]{1,3}.){3}[0-9]{1,3}\b'
  • publicIpFromInterface
  • echo 'Couldn'''t find a valid ipv4 address, using the first IP found on the interfaces as the endpoint.'
    Couldn't find a valid ipv4 address, using the first IP found on the interfaces as the endpoint.
    ++ awk '{print $2}'
    ++ grep -Eo 'dev .*'
    ++ ip -4 route list match default
  • DEFAULT_INTERFACE=venet0
    ++ grep -oE '\b([0-9]{1,3}.){3}[0-9]{1,3}\b'
    ++ awk '{print $2}'
    ++ head -n1
    ++ grep -w inet
    ++ ip -4 addr sh dev venet0
  • ENDPOINT=127.0.0.1
  • export ENDPOINT=127.0.0.1
  • ENDPOINT=127.0.0.1
  • echo 'Using 127.0.0.1 as the endpoint'
    Using 127.0.0.1 as the endpoint
  • installRequirements
  • export DEBIAN_FRONTEND=noninteractive
  • DEBIAN_FRONTEND=noninteractive
  • apt-get update
    Hit:1 http://archive.canonical.com/ubuntu jammy InRelease
    Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
    Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease
    Hit:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
    Reading package lists... Done
  • apt-get install python3-virtualenv jq -y
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    jq is already the newest version (1.6-2.1ubuntu3).
    python3-virtualenv is already the newest version (20.13.0+ds-2).
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  • deployAlgo
  • getAlgo
  • '[' '!' -d algo ']'
  • cd algo
    ++ command -v python3
  • python3 -m virtualenv --python=/usr/bin/python3 .env
    created virtual environment CPython3.10.12.final.0-64 in 354ms
    creator CPython3Posix(dest=/opt/algo/.env, clear=False, no_vcs_ignore=False, global=False)
    seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/root/.local/share/virtualenv)
    added seed packages: Jinja2==3.0.3, MarkupSafe==2.1.3, PyYAML==6.0.1, ansible==9.1.0, ansible_core==2.16.2, cffi==1.16.0, cryptography==41.0.7, distlib==0.3.8, filelock==3.13.1, netaddr==0.10.1, packaging==23.2, pip==22.0.2, platformdirs==4.1.0, pyOpenSSL==23.3.0, pycparser==2.21, resolvelib==1.0.1, segno==1.6.0, setuptools==59.6.0, virtualenv==20.25.0, wheel==0.37.1
    activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
  • . .env/bin/activate
    ++ '[' .env/bin/activate = bash ']'
    ++ deactivate nondestructive
    ++ unset -f pydoc
    ++ '[' -z '' ']'
    ++ '[' -z '' ']'
    ++ hash -r
    ++ '[' -z '' ']'
    ++ unset VIRTUAL_ENV
    ++ '[' '!' nondestructive = nondestructive ']'
    ++ VIRTUAL_ENV=/opt/algo/.env
    ++ '[' linux-gnu = cygwin ']'
    ++ '[' linux-gnu = msys ']'
    ++ export VIRTUAL_ENV
    ++ _OLD_VIRTUAL_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    ++ PATH=/opt/algo/.env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    ++ export PATH
    ++ '[' -z '' ']'
    ++ '[' -z '' ']'
    ++ _OLD_VIRTUAL_PS1=
    ++ '[' x '!=' x ']'
    +++ basename /opt/algo/.env
    ++ PS1='(.env) '
    ++ export PS1
    ++ alias pydoc
    ++ true
    ++ hash -r
  • python3 -m pip install -U pip virtualenv
    Requirement already satisfied: pip in ./.env/lib/python3.10/site-packages (22.0.2)
    Collecting pip
    Using cached pip-23.3.2-py3-none-any.whl (2.1 MB)
    Requirement already satisfied: virtualenv in ./.env/lib/python3.10/site-packages (20.25.0)
    Requirement already satisfied: platformdirs<5,>=3.9.1 in ./.env/lib/python3.10/site-packages (from virtualenv) (4.1.0)
    Requirement already satisfied: distlib<1,>=0.3.7 in ./.env/lib/python3.10/site-packages (from virtualenv) (0.3.8)
    Requirement already satisfied: filelock<4,>=3.12.2 in ./.env/lib/python3.10/site-packages (from virtualenv) (3.13.1)
    Installing collected packages: pip
    Attempting uninstall: pip
    Found existing installation: pip 22.0.2
    Uninstalling pip-22.0.2:
    Successfully uninstalled pip-22.0.2
    Successfully installed pip-23.3.2
  • python3 -m pip install -r requirements.txt
    Requirement already satisfied: ansible==9.1.0 in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 1)) (9.1.0)
    Requirement already satisfied: jinja2~=3.0.3 in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 2)) (3.0.3)
    Requirement already satisfied: netaddr in ./.env/lib/python3.10/site-packages (from -r requirements.txt (line 3)) (0.10.1)
    Requirement already satisfied: ansible-core~=2.16.1 in ./.env/lib/python3.10/site-packages (from ansible==9.1.0->-r requirements.txt (line 1)) (2.16.2)
    Requirement already satisfied: MarkupSafe>=2.0 in ./.env/lib/python3.10/site-packages (from jinja2~=3.0.3->-r requirements.txt (line 2)) (2.1.3)
    Requirement already satisfied: PyYAML>=5.1 in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (6.0.1)
    Requirement already satisfied: cryptography in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (41.0.7)
    Requirement already satisfied: packaging in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (23.2)
    Requirement already satisfied: resolvelib<1.1.0,>=0.5.3 in ./.env/lib/python3.10/site-packages (from ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (1.0.1)
    Requirement already satisfied: cffi>=1.12 in ./.env/lib/python3.10/site-packages (from cryptography->ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (1.16.0)
    Requirement already satisfied: pycparser in ./.env/lib/python3.10/site-packages (from cffi>=1.12->cryptography->ansible-core~=2.16.1->ansible==9.1.0->-r requirements.txt (line 1)) (2.21)
  • cd /opt/algo
  • . .env/bin/activate
    ++ '[' .env/bin/activate = bash ']'
    ++ deactivate nondestructive
    ++ unset -f pydoc
    ++ '[' -z _ ']'
    ++ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    ++ export PATH
    ++ unset _OLD_VIRTUAL_PATH
    ++ '[' -z '' ']'
    ++ hash -r
    ++ '[' -z _ ']'
    ++ PS1=
    ++ export PS1
    ++ unset _OLD_VIRTUAL_PS1
    ++ unset VIRTUAL_ENV
    ++ '[' '!' nondestructive = nondestructive ']'
    ++ VIRTUAL_ENV=/opt/algo/.env
    ++ '[' linux-gnu = cygwin ']'
    ++ '[' linux-gnu = msys ']'
    ++ export VIRTUAL_ENV
    ++ _OLD_VIRTUAL_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    ++ PATH=/opt/algo/.env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    ++ export PATH
    ++ '[' -z '' ']'
    ++ '[' -z '' ']'
    ++ _OLD_VIRTUAL_PS1=
    ++ '[' x '!=' x ']'
    +++ basename /opt/algo/.env
    ++ PS1='(.env) '
    ++ export PS1
    ++ alias pydoc
    ++ true
    ++ hash -r
  • export HOME=/root
  • HOME=/root
  • export ANSIBLE_LOCAL_TEMP=/root/.ansible/tmp
  • ANSIBLE_LOCAL_TEMP=/root/.ansible/tmp
  • export ANSIBLE_REMOTE_TEMP=/root/.ansible/tmp
  • ANSIBLE_REMOTE_TEMP=/root/.ansible/tmp
  • tee /var/log/algo.log
    ++ jq -Rc 'split(",")'
    ++ echo user1
  • ansible-playbook main.yml -e provider=local -e ondemand_cellular=false -e ondemand_wifi=false -e ondemand_wifi_exclude=_null -e store_pki=false -e dns_adblocking=false -e ssh_tunneling=false -e endpoint=127.0.0.1 -e 'users=["user1"]' -e server=localhost -e ssh_user=root -e placeholder=null --skip-tags debug

PLAY [localhost] ***************************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [Playbook dir stat] *******************************************************
ok: [localhost]

TASK [Ensure Ansible is not being run in a world writable directory] ***********
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature
will be removed from ansible.netcommon in a release after 2024-01-01.
Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
[WARNING]: The value '' is not a valid IP address or network, passing this
value to ipaddr filter might result in breaking change in future.

TASK [Ensure the requirements installed] ***************************************
ok: [localhost]

TASK [Set required ansible version as a fact] **********************************
ok: [localhost] => (item=ansible==9.1.0)

TASK [Just get the list from default pip] **************************************
ok: [localhost]

TASK [Verify Python meets Algo VPN requirements] *******************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log

TASK [Verify Ansible meets Algo VPN requirements] ******************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}

PLAY [Ask user for the input] **************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [Set facts based on the input] ********************************************
ok: [localhost]

TASK [Set facts based on the input] ********************************************
ok: [localhost]

PLAY [Provision the server] ****************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [Install the requirements] ************************************************
ok: [localhost]

TASK [Include a provisioning role] *********************************************
[WARNING]: Not waiting for response to prompt as stdin is not interactive

TASK [local : pause] ***********************************************************
ok: [localhost] => (item=https://trailofbits.github.io/algo/deploy-to-ubuntu.html

Local installation might break your server. Use at your own risk.

Proceed? Press ENTER to continue or CTRL+C and A to abort...)

TASK [local : Set the facts] ***************************************************
ok: [localhost]

TASK [local : Set the facts] ***************************************************
ok: [localhost]

TASK [Set subjectAltName as a fact] ********************************************
ok: [localhost]

TASK [Add the server to an inventory group] ************************************
changed: [localhost]

TASK [Linux | set OS specific facts] *******************************************
ok: [localhost]

TASK [Set config paths as facts] ***********************************************
ok: [localhost]

TASK [Update config paths] *****************************************************
changed: [localhost]

TASK [debug] *******************************************************************
ok: [localhost] => {
"IP_subject_alt_name": "127.0.0.1"
}
[WARNING]: Reset is not implemented for this connection

TASK [Wait 600 seconds for target connection to become reachable/usable] *******
ok: [localhost] => (item=localhost)

PLAY [Configure the server and install required software] **********************

TASK [common : Check the system] ***********************************************
ok: [localhost]

TASK [common : include_tasks] **************************************************
included: /opt/algo/roles/common/tasks/ubuntu.yml for localhost

TASK [common : Gather facts] ***************************************************
ok: [localhost]

TASK [common : Install unattended-upgrades] ************************************
ok: [localhost]

TASK [common : Configure unattended-upgrades] **********************************
ok: [localhost]

TASK [common : Periodic upgrades configured] ***********************************
ok: [localhost]

TASK [common : Disable MOTD on login and SSHD] *********************************
ok: [localhost] => (item={'regexp': '^session.*optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'})
ok: [localhost] => (item={'regexp': '^session.*optional.pam_motd.so.', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})

TASK [common : Ensure fallback resolvers are set] ******************************
ok: [localhost]
[DEPRECATION WARNING]: Use 'ansible.utils.ipmath' module instead. This feature
will be removed from ansible.netcommon in a release after 2024-01-01.
Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.

TASK [common : Loopback for services configured] *******************************
ok: [localhost]

TASK [common : systemd services enabled and started] ***************************
ok: [localhost] => (item=systemd-networkd)
ok: [localhost] => (item=systemd-resolved)

TASK [common : Check apparmor support] *****************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["apparmor_status"], "delta": "0:00:00.003685", "end": "2024-01-16 08:48:22.799598", "msg": "non-zero return code", "rc": 1, "start": "2024-01-16 08:48:22.795913", "stderr": "apparmor not present.", "stderr_lines": ["apparmor not present."], "stdout": "", "stdout_lines": []}
...ignoring

TASK [common : Define facts] ***************************************************
ok: [localhost]

TASK [common : Set facts] ******************************************************
ok: [localhost]

TASK [common : Set IPv6 support as a fact] *************************************
ok: [localhost]

TASK [common : Check size of MTU] **********************************************
ok: [localhost]

TASK [common : Set OS specific facts] ******************************************
ok: [localhost]

TASK [common : Install tools] **************************************************
ok: [localhost]

TASK [common : include_tasks] **************************************************
included: /opt/algo/roles/common/tasks/iptables.yml for localhost

TASK [common : Iptables configured] ********************************************
ok: [localhost] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})

TASK [common : Sysctl tuning] **************************************************
ok: [localhost] => (item={'item': 'net.ipv4.ip_forward', 'value': 1})
ok: [localhost] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})

TASK [dns : Include tasks for Ubuntu] ******************************************
included: /opt/algo/roles/dns/tasks/ubuntu.yml for localhost

TASK [dns : Install dnscrypt-proxy] ********************************************
ok: [localhost]

TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] *************
ok: [localhost]

TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] ***************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["aa-enforce", "usr.bin.dnscrypt-proxy"], "delta": "0:00:00.207941", "end": "2024-01-16 08:48:28.741736", "msg": "non-zero return code", "rc": 1, "start": "2024-01-16 08:48:28.533795", "stderr": "\nERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)\nWarning: unable to find a suitable fs in /proc/mounts, is it mounted?\nUse --subdomainfs to override.", "stderr_lines": ["", "ERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)", "Warning: unable to find a suitable fs in /proc/mounts, is it mounted?", "Use --subdomainfs to override."], "stdout": "Setting /etc/apparmor.d/usr.bin.dnscrypt-proxy to enforce mode.", "stdout_lines": ["Setting /etc/apparmor.d/usr.bin.dnscrypt-proxy to enforce mode."]}

TASK [include_tasks] ***********************************************************
included: /opt/algo/playbooks/rescue.yml for localhost

TASK [debug] *******************************************************************
ok: [localhost] => {
"fail_hint": [
"Sorry, but something went wrong!",
"Please check the troubleshooting guide.",
"https://trailofbits.github.io/algo/troubleshooting.html"
]
}

TASK [Fail the installation] ***************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}

PLAY RECAP *********************************************************************
localhost : ok=48 changed=2 unreachable=0 failed=1 skipped=34 rescued=1 ignored=1

muelli commented

seems to be same issue here: #14716