Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't detect any of the required Python libraries cryptography (>= 1.2.3) or PyOpenSSL (>= 0.6) #1920

Closed
maraboshi opened this issue Nov 30, 2020 · 11 comments · Fixed by #1921
Closed

Can't detect any of the required Python libraries cryptography (>= 1.2.3) or PyOpenSSL (>= 0.6) #1920

maraboshi opened this issue Nov 30, 2020 · 11 comments · Fixed by #1921
Assignees
@jackivanov

Comments

@maraboshi
Copy link

I have an install of Algo on Amazon Linux, that I use to manage another server in AWS, all setup by the Algo script:

Algo running on: Amazon Linux AMI 2017.09
ZIP file created: 2020-05-30 12:57:34.000000000 +0000
Python 3.6.10
Runtime variables:
    algo_provider "ec2"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "False"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_dns_adblocking "False"
    algo_ssh_tunneling "True"
    wireguard_enabled "True"
    dns_encryption "True"

I never touched anything else than adding/removing new users (also nothing was touched anywhere else in the management server) and it worked last week. Today suddenly I get the error:

TASK [Generate the SSH private key] ********************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Can't detect any of the required Python libraries cryptography (>= 1.2.3) or PyOpenSSL (>= 0.6)"}
included: /root/algo-master/playbooks/rescue.yml for localhost

To Reproduce

  1. SSH into the server
  2. cd into the algo install directory
  3. add a user in config.cfg
  4. source .env/bin/activate
  5. ./algo update-users

Expected behavior

the script completes successfully

Full log

ansible-playbook 2.8.8
  config file = /root/algo-master/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /root/algo-master/.env/local/lib/python3.6/site-packages/ansible
  executable location = /root/algo-master/.env/bin/ansible-playbook
  python version = 3.6.10 (default, Feb 10 2020, 19:55:14) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Using /root/algo-master/ansible.cfg as config file
host_list declined parsing /root/algo-master/inventory as it did not pass it's verify_file() method
script declined parsing /root/algo-master/inventory as it did not pass it's verify_file() method
auto declined parsing /root/algo-master/inventory as it did not pass it's verify_file() method
Parsed /root/algo-master/inventory inventory source with ini plugin
Read vars_file 'config.cfg'
statically imported: /root/algo-master/playbooks/cloud-pre.yml
Read vars_file 'config.cfg'
[WARNING]: Could not match supplied host pattern, ignoring: vpn-host

Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
statically imported: /root/algo-master/roles/wireguard/tasks/keys.yml
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
statically imported: /root/algo-master/roles/strongswan/tasks/ipsec_configuration.yml
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
statically imported: /root/algo-master/roles/strongswan/tasks/openssl.yml
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
statically imported: /root/algo-master/roles/strongswan/tasks/distribute_keys.yml
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
Read vars_file 'configs/{{ inventory_hostname }}/.config.yml'
statically imported: /root/algo-master/roles/strongswan/tasks/client_configs.yml
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable
Read vars_file 'config.cfg'
skipping vars_file 'configs/{{ inventory_hostname }}/.config.yml' due to an undefined variable

PLAYBOOK: users.yml ************************************************************************************************************************************************************
2 plays in users.yml
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'

PLAY [localhost] ***************************************************************************************************************************************************************
META: ran handlers
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1606765154.9047067-271035120405416 `" && echo ansible-tmp-1606765154.9047067-271035120405416="` echo /root/.ansible/tmp/ansible-tmp-1606765154.9047067-271035120405416 `" ) && sleep 0'
Using module file /root/algo-master/.env/local/lib/python3.6/site-packages/ansible/modules/files/find.py
<localhost> PUT /root/.ansible/tmp/ansible-local-18172ympt0ala/tmp7zb12zag TO /root/.ansible/tmp/ansible-tmp-1606765154.9047067-271035120405416/AnsiballZ_find.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1606765154.9047067-271035120405416/ /root/.ansible/tmp/ansible-tmp-1606765154.9047067-271035120405416/AnsiballZ_find.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /root/.ansible/tmp/ansible-tmp-1606765154.9047067-271035120405416/AnsiballZ_find.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1606765154.9047067-271035120405416/ > /dev/null 2>&1 && sleep 0'

TASK [Get list of installed config files] **************************************************************************************************************************************
task path: /root/algo-master/users.yml:10
ok: [localhost] => {
    "changed": false,
    "examined": 9,
    "files": [
        {
            "atime": 1591827629.9481418,
            "ctime": 1591827630.1321397,
            "dev": 51713,
            "gid": 0,
            "gr_name": "root",
            "inode": 268963,
            "isblk": false,
            "ischr": false,
            "isdir": false,
            "isfifo": false,
            "isgid": false,
            "islnk": false,
            "isreg": true,
            "issock": false,
            "isuid": false,
            "mode": "0644",
            "mtime": 1591827629.9481418,
            "nlink": 1,
            "path": "configs/XXX.XXX.XXX.XXX/.config.yml",
            "pw_name": "root",
            "rgrp": true,
            "roth": true,
            "rusr": true,
            "size": 398,
            "uid": 0,
            "wgrp": false,
            "woth": false,
            "wusr": true,
            "xgrp": false,
            "xoth": false,
            "xusr": false
        }
    ],
    "invocation": {
        "module_args": {
            "age": null,
            "age_stamp": "mtime",
            "contains": null,
            "depth": 2,
            "excludes": null,
            "file_type": "file",
            "follow": false,
            "get_checksum": false,
            "hidden": true,
            "paths": [
                "configs/"
            ],
            "patterns": [
                ".config.yml"
            ],
            "recurse": true,
            "size": null,
            "use_regex": false
        }
    },
    "matched": 1,
    "msg": ""
}
Read vars_file 'config.cfg'

TASK [Verify servers] **********************************************************************************************************************************************************
task path: /root/algo-master/users.yml:19
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
Read vars_file 'config.cfg'

TASK [Build list of installed servers] *****************************************************************************************************************************************
task path: /root/algo-master/users.yml:24
ok: [localhost] => {
    "ansible_facts": {
        "server_list": [
            "XXX.XXX.XXX.XXX"
        ]
    },
    "changed": false
}
Read vars_file 'config.cfg'
[Server address prompt]
Select the server to update user list below:
    1. XXX.XXX.XXX.XXX
  
:

TASK [Server address prompt] ***************************************************************************************************************************************************
task path: /root/algo-master/users.yml:33
ok: [localhost] => {
    "changed": false,
    "delta": 1,
    "echo": true,
    "rc": 0,
    "start": "2020-11-30 19:39:15.343610",
    "stderr": "",
    "stdout": "Paused for 0.03 minutes",
    "stop": "2020-11-30 19:39:16.993924",
    "user_input": "1"
}
Read vars_file 'config.cfg'

TASK [Set facts based on the input] ********************************************************************************************************************************************
task path: /root/algo-master/users.yml:44
ok: [localhost] => {
    "ansible_facts": {
        "algo_server": "XXX.XXX.XXX.XXX"
    },
    "changed": false
}
Read vars_file 'config.cfg'

TASK [Import host specific variables] ******************************************************************************************************************************************
task path: /root/algo-master/users.yml:51
ok: [localhost] => {
    "ansible_facts": {
        "IP_subject_alt_name": "XXX.XXX.XXX.XXX",
        "algo_dns_adblocking": false,
        "algo_ondemand_cellular": false,
        "algo_ondemand_wifi": false,
        "algo_ondemand_wifi_exclude": "X251bGw=",
        "algo_provider": "ec2",
        "algo_server_name": "algovpn",
        "algo_ssh_tunneling": true,
        "algo_store_pki": true,
        "ansible_ssh_port": "4160",
        "ansible_ssh_private_key_file": "configs/algo.pem",
        "ipsec_enabled": true,
        "server": "XXX.XXX.XXX.XXX",
        "server_user": "algo",
        "wireguard_enabled": true
    },
    "ansible_included_var_files": [
        "/root/algo-master/configs/XXX.XXX.XXX.XXX/.config.yml"
    ],
    "changed": false
}
Read vars_file 'config.cfg'
[CA password prompt]
Enter the password for the private CA key (output is hidden):

TASK [CA password prompt] ******************************************************************************************************************************************************
task path: /root/algo-master/users.yml:57
ok: [localhost] => {
    "changed": false,
    "delta": 4,
    "echo": true,
    "rc": 0,
    "start": "2020-11-30 19:39:17.064138",
    "stderr": "",
    "stdout": "Paused for 0.08 minutes",
    "stop": "2020-11-30 19:39:21.802350",
    "user_input": "XXXXXXXXXXXX"
}
Read vars_file 'config.cfg'

TASK [Set facts based on the input] ********************************************************************************************************************************************
task path: /root/algo-master/users.yml:64
ok: [localhost] => {
    "ansible_facts": {
        "CA_password": "XXXXXXXXXXXX"
    },
    "changed": false
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1606765161.8548005-190884228480630 `" && echo ansible-tmp-1606765161.8548005-190884228480630="` echo /root/.ansible/tmp/ansible-tmp-1606765161.8548005-190884228480630 `" ) && sleep 0'
Using module file /root/algo-master/.env/local/lib/python3.6/site-packages/ansible/modules/commands/command.py
<localhost> PUT /root/.ansible/tmp/ansible-local-18172ympt0ala/tmpuy4ywuku TO /root/.ansible/tmp/ansible-tmp-1606765161.8548005-190884228480630/AnsiballZ_command.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1606765161.8548005-190884228480630/ /root/.ansible/tmp/ansible-tmp-1606765161.8548005-190884228480630/AnsiballZ_command.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /root/.ansible/tmp/ansible-tmp-1606765161.8548005-190884228480630/AnsiballZ_command.py && sleep 0'

--> Please include the following block of text when reporting issues:

Algo running on: Amazon Linux AMI 2017.09
ZIP file created: 2020-05-30 12:57:34.000000000 +0000
Python 3.6.10
Runtime variables:
    algo_provider "ec2"
    algo_ondemand_cellular "False"
    algo_ondemand_wifi "False"
    algo_ondemand_wifi_exclude "X251bGw="
    algo_dns_adblocking "False"
    algo_ssh_tunneling "True"
    wireguard_enabled "True"
    dns_encryption "True"
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1606765161.8548005-190884228480630/ > /dev/null 2>&1 && sleep 0'

TASK [Display the invocation environment] **************************************************************************************************************************************
task path: /root/algo-master/playbooks/cloud-pre.yml:3
changed: [localhost -> localhost] => {
    "changed": true,
    "cmd": "./algo-showenv.sh  'algo_provider \"ec2\"'    'algo_ondemand_cellular \"False\"'  'algo_ondemand_wifi \"False\"'  'algo_ondemand_wifi_exclude \"X251bGw=\"'    'algo_dns_adblocking \"False\"'  'algo_ssh_tunneling \"True\"'  'wireguard_enabled \"True\"'  'dns_encryption \"True\"'  > /dev/tty\n",
    "delta": "0:00:00.009667",
    "end": "2020-11-30 19:39:22.213619",
    "invocation": {
        "module_args": {
            "_raw_params": "./algo-showenv.sh  'algo_provider \"ec2\"'    'algo_ondemand_cellular \"False\"'  'algo_ondemand_wifi \"False\"'  'algo_ondemand_wifi_exclude \"X251bGw=\"'    'algo_dns_adblocking \"False\"'  'algo_ssh_tunneling \"True\"'  'wireguard_enabled \"True\"'  'dns_encryption \"True\"'  > /dev/tty\n",
            "_uses_shell": true,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "rc": 0,
    "start": "2020-11-30 19:39:22.203952",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "",
    "stdout_lines": []
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1606765162.2537773-160584107553774 `" && echo ansible-tmp-1606765162.2537773-160584107553774="` echo /root/.ansible/tmp/ansible-tmp-1606765162.2537773-160584107553774 `" ) && sleep 0'
Using module file /root/algo-master/.env/local/lib/python3.6/site-packages/ansible/modules/packaging/language/pip.py
<localhost> PUT /root/.ansible/tmp/ansible-local-18172ympt0ala/tmpn8i1q8hd TO /root/.ansible/tmp/ansible-tmp-1606765162.2537773-160584107553774/AnsiballZ_pip.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1606765162.2537773-160584107553774/ /root/.ansible/tmp/ansible-tmp-1606765162.2537773-160584107553774/AnsiballZ_pip.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /root/.ansible/tmp/ansible-tmp-1606765162.2537773-160584107553774/AnsiballZ_pip.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1606765162.2537773-160584107553774/ > /dev/null 2>&1 && sleep 0'

TASK [Install the requirements] ************************************************************************************************************************************************
task path: /root/algo-master/playbooks/cloud-pre.yml:19
changed: [localhost -> localhost] => {
    "changed": true,
    "cmd": [
        "/root/algo-master/.env/bin/pip3",
        "install",
        "-U",
        "pyOpenSSL",
        "jinja2==2.8",
        "segno"
    ],
    "invocation": {
        "module_args": {
            "chdir": null,
            "editable": false,
            "executable": null,
            "extra_args": null,
            "name": [
                "pyOpenSSL",
                "jinja2==2.8",
                "segno"
            ],
            "requirements": null,
            "state": "latest",
            "umask": null,
            "use_mirrors": true,
            "version": null,
            "virtualenv": null,
            "virtualenv_command": "virtualenv",
            "virtualenv_python": null,
            "virtualenv_site_packages": false
        }
    },
    "name": [
        "pyOpenSSL",
        "jinja2==2.8",
        "segno"
    ],
    "requirements": null,
    "state": "latest",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "Requirement already satisfied: pyOpenSSL in /root/algo-master/.env/lib/python3.6/dist-packages (20.0.0)\nRequirement already satisfied: jinja2==2.8 in /root/algo-master/.env/lib/python3.6/dist-packages (2.8)\nRequirement already satisfied: segno in /root/algo-master/.env/lib/python3.6/dist-packages (1.3.1)\nRequirement already satisfied: MarkupSafe in /root/algo-master/.env/lib64/python3.6/site-packages (from jinja2==2.8) (1.1.1)\nRequirement already satisfied: six>=1.5.2 in /root/algo-master/.env/lib/python3.6/site-packages (from pyOpenSSL) (1.15.0)\nCollecting cryptography>=3.2\n  Using cached cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6 MB)\nRequirement already satisfied: cffi!=1.11.3,>=1.8 in /root/algo-master/.env/lib64/python3.6/site-packages (from cryptography>=3.2->pyOpenSSL) (1.14.0)\nRequirement already satisfied: six>=1.5.2 in /root/algo-master/.env/lib/python3.6/site-packages (from pyOpenSSL) (1.15.0)\nRequirement already satisfied: pycparser in /root/algo-master/.env/lib/python3.6/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=3.2->pyOpenSSL) (2.20)\nInstalling collected packages: cryptography\nSuccessfully installed cryptography-3.2.1\n",
    "stdout_lines": [
        "Requirement already satisfied: pyOpenSSL in /root/algo-master/.env/lib/python3.6/dist-packages (20.0.0)",
        "Requirement already satisfied: jinja2==2.8 in /root/algo-master/.env/lib/python3.6/dist-packages (2.8)",
        "Requirement already satisfied: segno in /root/algo-master/.env/lib/python3.6/dist-packages (1.3.1)",
        "Requirement already satisfied: MarkupSafe in /root/algo-master/.env/lib64/python3.6/site-packages (from jinja2==2.8) (1.1.1)",
        "Requirement already satisfied: six>=1.5.2 in /root/algo-master/.env/lib/python3.6/site-packages (from pyOpenSSL) (1.15.0)",
        "Collecting cryptography>=3.2",
        "  Using cached cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6 MB)",
        "Requirement already satisfied: cffi!=1.11.3,>=1.8 in /root/algo-master/.env/lib64/python3.6/site-packages (from cryptography>=3.2->pyOpenSSL) (1.14.0)",
        "Requirement already satisfied: six>=1.5.2 in /root/algo-master/.env/lib/python3.6/site-packages (from pyOpenSSL) (1.15.0)",
        "Requirement already satisfied: pycparser in /root/algo-master/.env/lib/python3.6/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=3.2->pyOpenSSL) (2.20)",
        "Installing collected packages: cryptography",
        "Successfully installed cryptography-3.2.1"
    ],
    "version": null,
    "virtualenv": null
}
Read vars_file 'config.cfg'
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1606765165.5687642-232901693811199 `" && echo ansible-tmp-1606765165.5687642-232901693811199="` echo /root/.ansible/tmp/ansible-tmp-1606765165.5687642-232901693811199 `" ) && sleep 0'
Using module file /root/algo-master/.env/local/lib/python3.6/site-packages/ansible/modules/crypto/openssl_privatekey.py
<localhost> PUT /root/.ansible/tmp/ansible-local-18172ympt0ala/tmpa4v72st0 TO /root/.ansible/tmp/ansible-tmp-1606765165.5687642-232901693811199/AnsiballZ_openssl_privatekey.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1606765165.5687642-232901693811199/ /root/.ansible/tmp/ansible-tmp-1606765165.5687642-232901693811199/AnsiballZ_openssl_privatekey.py && sleep 0'
<localhost> EXEC /bin/sh -c 'python3 /root/.ansible/tmp/ansible-tmp-1606765165.5687642-232901693811199/AnsiballZ_openssl_privatekey.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1606765165.5687642-232901693811199/ > /dev/null 2>&1 && sleep 0'

TASK [Generate the SSH private key] ********************************************************************************************************************************************
task path: /root/algo-master/playbooks/cloud-pre.yml:33
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": false,
            "cipher": null,
            "content": null,
            "curve": null,
            "delimiter": null,
            "directory_mode": null,
            "follow": false,
            "force": false,
            "group": null,
            "mode": "0600",
            "owner": null,
            "passphrase": null,
            "path": "configs/algo.pem",
            "regexp": null,
            "remote_src": null,
            "select_crypto_backend": "auto",
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "size": 2048,
            "src": null,
            "state": "present",
            "type": "RSA",
            "unsafe_writes": null
        }
    },
    "msg": "Can't detect any of the required Python libraries cryptography (>= 1.2.3) or PyOpenSSL (>= 0.6)"
}
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'
included: /root/algo-master/playbooks/rescue.yml for localhost
Read vars_file 'config.cfg'
Read vars_file 'config.cfg'

TASK [debug] *******************************************************************************************************************************************************************
task path: /root/algo-master/playbooks/rescue.yml:2
ok: [localhost] => {
    "fail_hint": [
        "Sorry, but something went wrong!",
        "Please check the troubleshooting guide.",
        "https://trailofbits.github.io/algo/troubleshooting.html"
    ]
}
Read vars_file 'config.cfg'

TASK [Fail the installation] ***************************************************************************************************************************************************
task path: /root/algo-master/playbooks/rescue.yml:5
fatal: [localhost]: FAILED! => {
    "changed": false,
    "msg": "Failed as requested from task"
}

PLAY RECAP *********************************************************************************************************************************************************************
localhost                  : ok=12   changed=2    unreachable=0    failed=1    skipped=0    rescued=1    ignored=0
@davidemyers
Copy link
Contributor

I see that pyOpenSSL was updated to version 20.0.0 on 2020-11-27 and the Changelog says:

Drop support for OpenSSL 1.0.1 and 1.0.2

The Release Notes for Amazon Linux AMI 2017.09 say:

The Amazon Linux AMI now uses OpenSSL 1.0.2k

So maybe that version of Linux is now too old to use for Algo.

I'm not sure of the best way forward that will allow you to continue to manage users on your existing AlgoVPN(s). You might try editing playbooks/cloud-pre.yml and specifying a specific version of pyOpenSSL, like 19.1.0. I've not tried messing with package versions in this file so I don't know if this will work.

@maraboshi
Copy link
Author

Thanks @davidemyers for the reply, but I don't understand, I didn't update anything anywhere and this "management server" was already working (I manage only one VPN server with it).
Not sure what happened, I was able to add and remove users last week?

@davidemyers
Copy link
Contributor

In your detailed log (thanks for that) we see:

Requirement already satisfied: pyOpenSSL in /root/algo-master/.env/lib/python3.6/dist-packages (20.0.0)

I'm guessing it was upgraded to the just released version 20.0.0 when you ran ./algo and first encountered this error, and this new version is causing the problem.

@maraboshi
Copy link
Author

Would a normal ./algo update-users update the packages too? Because this is all I ran this morning when trying to add a new team mate. I did not run ./algo

Only after getting the error I did python3 -m pip install -r requirements.txt which might have updated it, so I'm very confused now :-)

Thank you :-)

@davidemyers
Copy link
Contributor

Based on your log it looks like:

TASK [Install the requirements]

is run when running ./algo update-users, so I'm guessing that was when the package was upgraded.

@maraboshi
Copy link
Author

I see, that's not really good...I will check if there is any way to block these updates.
Thanks again.

@davidemyers
Copy link
Contributor

I'm also surprised that packages in the virtual environment can be upgraded by ./algo update-users. That could be considered a bug.

@maraboshi
Copy link
Author

David, thanks to your hint I've restored a backup from last night on a temporary directory and swapped it with the current, then removed the section

   - name: Install the requirements
    pip:
      state: forcereinstall
      name:
        - pyOpenSSL==19.1.0
    tags:
      - always
      - skip_ansible_lint
  delegate_to: localhost
  become: false

from playbooks/cloud-pre.yml and run again the command.

This time it worked (or at least it went through and I can still connect with my user).

Obviously a workaround. Do I keep this issue open as you mentioned it might be a bug or shall I close it?
Sorry, not too familiar with the process, please let me know :-)

@davidemyers
Copy link
Contributor

Leave this issue open. I'll try to come up with a fix, and if I do and it's accepted it will close the issue.

@davidemyers
Copy link
Contributor

I don't understand Ansible well enough to come up with a solution so I'll defer to @jackivanov as to how to fix this, if indeed a fix is appropriate.

Jack, I believe the issues are:

  1. A previously working copy of Algo that is kept around in order to manage users can break during update-users if cloud-pre.yml upgrades some of the packages in the virtualenv.

  2. Using PyOpenSSL 20 or later appears to fail on systems with older versions of OpenSSL. Perhaps Algo should require an older version of PyOpenSSL, though it sounds like Ansible is dropping support for PyOpenSSL in future versions.

@jackivanov jackivanov added the bug label Dec 5, 2020
@jackivanov jackivanov self-assigned this Dec 5, 2020
@jackivanov jackivanov removed the bug label Dec 5, 2020
@jackivanov jackivanov mentioned this issue Dec 5, 2020
Merged
3 tasks
@jackivanov
Copy link
Collaborator

Thanks for the debug @davidemyers @maraboshi!

I don't think we can add backward compatibility for older versions of openssl, because they are out of support.

I sent a PR to disable requirements upgrade in the update-users playbook

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jackivanov jackivanov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

skip pre tasks in update-users trailofbits/algo
3 participants
@maraboshi @jackivanov @davidemyers