Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failures on Ubuntu 16.04 on Hetzner #972

Closed
dafacto opened this issue May 28, 2018 · 5 comments
Closed

Failures on Ubuntu 16.04 on Hetzner #972

dafacto opened this issue May 28, 2018 · 5 comments

Comments

@dafacto
Copy link

dafacto commented May 28, 2018
edited
Loading

OS / Environment (where do you run Algo on)

Linux vpn 4.4.0-127-generic #153-Ubuntu SMP Sat May 19 10:58:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Cloud Provider (where do you deploy Algo to)

Hetzner

Summary of the problem

There are two problems I'm seeing:

TASK [wireguard : WireGuard enabled and started] *******************************************************
fatal: [195.201.121.2]: FAILED! => {"changed": false, "msg": "Unable to start service wg-quick@wg0: Job for [email protected] failed because the control process exited with error code. See \"systemctl status [email protected]\" and \"journalctl -xe\" for details.\n"}

PLAY RECAP *********************************************************************************************
195.201.121.2              : ok=28   changed=6    unreachable=0    failed=1   
localhost                  : ok=13   changed=1    unreachable=0    failed=0   ```

And secondly, on my local Mac, there are no .mobileconfig files created. I'm only seeing .ssh_config and .pem files for each user.

Steps to reproduce the behavior

  1. Do this..
  2. Do that..

Full log

(env) mbp13:algo-master mhenders$ ./algo

  What provider would you like to use?
    1. DigitalOcean
    2. Amazon EC2
    3. Microsoft Azure
    4. Google Compute Engine
    5. Scaleway
    6. OpenStack (DreamCompute optimised)
    7. Install to existing Ubuntu 16.04 server (Advanced)

Enter the number of your desired provider
: 7

Enter the IP address of your server: (or use localhost for local installation)
[localhost]: 195.201.121.2


What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
[root]: 


Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)
[195.201.121.2]: 


Was this server deployed by Algo previously?
[y/N]: y

Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]: y

Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]: y

List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
: 

Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]: 

Do you want each user to have their own account for SSH tunneling?
[y/N]: 

Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]: 

Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]: 


PLAY [Configure the server] ****************************************************************************

TASK [Gathering Facts] *********************************************************************************
ok: [localhost]

TASK [Local pre-tasks] *********************************************************************************
included: /Users/mhenders/Documents/Algo/algo-master/playbooks/local.yml for localhost

TASK [Generate the SSH private key] ********************************************************************
ok: [localhost]

TASK [Generate the SSH public key] *********************************************************************
ok: [localhost]

TASK [Change mode for the SSH private key] *************************************************************
ok: [localhost]

TASK [Ensure the dynamic inventory exists] *************************************************************
ok: [localhost]

TASK [Local pre-tasks] *********************************************************************************
included: /Users/mhenders/Documents/Algo/algo-master/playbooks/local_ssh.yml for localhost

TASK [Ensure the local ssh directory is exist] *********************************************************
ok: [localhost]

TASK [Copy the algo ssh key to the local ssh directory] ************************************************
ok: [localhost]

TASK [local : Add the instance to an inventory group] **************************************************
changed: [localhost]

TASK [local : Add the instance to an inventory group] **************************************************
skipping: [localhost]

TASK [local : set_fact] ********************************************************************************
ok: [localhost]

TASK [local : Ensure the group local exists in the dynamic inventory file] *****************************
ok: [localhost]

TASK [local : Populate the dynamic inventory] **********************************************************
ok: [localhost]

PLAY [Configure the server and install required software] **********************************************

TASK [Common pre-tasks] ********************************************************************************
included: /Users/mhenders/Documents/Algo/algo-master/playbooks/common.yml for 195.201.121.2

TASK [Check the system] ********************************************************************************
changed: [195.201.121.2]

TASK [Ubuntu pre-tasks] ********************************************************************************
included: /Users/mhenders/Documents/Algo/algo-master/playbooks/ubuntu.yml for 195.201.121.2

TASK [Ubuntu | Install prerequisites] ******************************************************************
changed: [195.201.121.2] => (item=sleep 10)
changed: [195.201.121.2] => (item=apt-get update -qq)
changed: [195.201.121.2] => (item=apt-get install -qq -y python2.7 sudo)

TASK [FreeBSD pre-tasks] *******************************************************************************
skipping: [195.201.121.2]

TASK [include_tasks] ***********************************************************************************
included: /Users/mhenders/Documents/Algo/algo-master/playbooks/facts/main.yml for 195.201.121.2

TASK [Gather Facts] ************************************************************************************
ok: [195.201.121.2]

TASK [Check if IPv6 configured] ************************************************************************
ok: [195.201.121.2]

TASK [Generate password for the CA key] ****************************************************************
changed: [195.201.121.2 -> localhost]

TASK [Generate p12 export password] ********************************************************************
changed: [195.201.121.2 -> localhost]

TASK [Define password facts] ***************************************************************************
ok: [195.201.121.2]

TASK [Define the commonName] ***************************************************************************
ok: [195.201.121.2]

TASK [common : Install tools] **************************************************************************

TASK [common : Sysctl tuning] **************************************************************************

TASK [common : Install tools] **************************************************************************

TASK [common : Sysctl tuning] **************************************************************************

TASK [common : Install tools] **************************************************************************

TASK [common : Sysctl tuning] **************************************************************************

TASK [common : include_tasks] **************************************************************************
included: /Users/mhenders/Documents/Algo/algo-master/roles/common/tasks/ubuntu.yml for 195.201.121.2

TASK [common : Loopback for services configured] *******************************************************
ok: [195.201.121.2]

TASK [common : systemd-networkd enabled and started] ***************************************************
ok: [195.201.121.2]

TASK [common : Check apparmor support] *****************************************************************
changed: [195.201.121.2]

TASK [common : set_fact] *******************************************************************************
ok: [195.201.121.2]

TASK [common : set_fact] *******************************************************************************
ok: [195.201.121.2]

TASK [common : include_tasks] **************************************************************************
skipping: [195.201.121.2]

TASK [common : Install tools] **************************************************************************
ok: [195.201.121.2] => (item=git)
ok: [195.201.121.2] => (item=screen)
ok: [195.201.121.2] => (item=apparmor-utils)
ok: [195.201.121.2] => (item=uuid-runtime)
ok: [195.201.121.2] => (item=coreutils)
ok: [195.201.121.2] => (item=iptables-persistent)
ok: [195.201.121.2] => (item=cgroup-tools)
ok: [195.201.121.2] => (item=openssl)

TASK [common : Sysctl tuning] **************************************************************************
ok: [195.201.121.2] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
ok: [195.201.121.2] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
ok: [195.201.121.2] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})

TASK [wireguard : WireGuard repository configured] *****************************************************
ok: [195.201.121.2]

TASK [wireguard : WireGuard installed] *****************************************************************
ok: [195.201.121.2]

TASK [wireguard : Ensure the required directories exist] ***********************************************
ok: [195.201.121.2 -> localhost] => (item=private)
ok: [195.201.121.2 -> localhost] => (item=public)

TASK [wireguard : Delete the lock files] ***************************************************************
skipping: [195.201.121.2] => (item=matt) 
skipping: [195.201.121.2] => (item=pino) 
skipping: [195.201.121.2] => (item=andrea) 
skipping: [195.201.121.2] => (item=lance) 
skipping: [195.201.121.2] => (item=195.201.121.2) 

TASK [wireguard : Generate private keys] ***************************************************************
ok: [195.201.121.2] => (item=matt)
ok: [195.201.121.2] => (item=pino)
ok: [195.201.121.2] => (item=andrea)
ok: [195.201.121.2] => (item=lance)
ok: [195.201.121.2] => (item=195.201.121.2)
 [WARNING]: As of Ansible 2.4, the parameter 'executable' is no longer supported with the 'command'
module. Not using 'bash'.


TASK [wireguard : Save private keys] *******************************************************************
skipping: [195.201.121.2] => (item=None) 
skipping: [195.201.121.2] => (item=None) 
skipping: [195.201.121.2] => (item=None) 
skipping: [195.201.121.2] => (item=None) 
skipping: [195.201.121.2] => (item=None) 

TASK [wireguard : Touch the lock file] *****************************************************************
skipping: [195.201.121.2] => (item=matt) 
skipping: [195.201.121.2] => (item=pino) 
skipping: [195.201.121.2] => (item=andrea) 
skipping: [195.201.121.2] => (item=lance) 
skipping: [195.201.121.2] => (item=195.201.121.2) 

TASK [wireguard : Generate public keys] ****************************************************************
ok: [195.201.121.2] => (item=matt)
ok: [195.201.121.2] => (item=pino)
ok: [195.201.121.2] => (item=andrea)
ok: [195.201.121.2] => (item=lance)
ok: [195.201.121.2] => (item=195.201.121.2)

TASK [wireguard : Save public keys] ********************************************************************
ok: [195.201.121.2] => (item=None)
ok: [195.201.121.2] => (item=None)
ok: [195.201.121.2] => (item=None)
ok: [195.201.121.2] => (item=None)
ok: [195.201.121.2] => (item=None)

TASK [wireguard : WireGuard configured] ****************************************************************
ok: [195.201.121.2]

TASK [wireguard : WireGuard reload-module-on-update] ***************************************************
changed: [195.201.121.2]

TASK [wireguard : WireGuard users config generated] ****************************************************
ok: [195.201.121.2 -> localhost] => (item=(0, u'matt'))
ok: [195.201.121.2 -> localhost] => (item=(1, u'pino'))
ok: [195.201.121.2 -> localhost] => (item=(2, u'andrea'))
ok: [195.201.121.2 -> localhost] => (item=(3, u'lance'))

TASK [wireguard : WireGuard enabled and started] *******************************************************
fatal: [195.201.121.2]: FAILED! => {"changed": false, "msg": "Unable to start service wg-quick@wg0: Job for [email protected] failed because the control process exited with error code. See \"systemctl status [email protected]\" and \"journalctl -xe\" for details.\n"}

PLAY RECAP *********************************************************************************************
195.201.121.2              : ok=28   changed=6    unreachable=0    failed=1   
localhost                  : ok=13   changed=1    unreachable=0    failed=0
@kotfenix
Copy link

systemctl status [email protected]\ says that RTNETLINK answers: Operation not supported wireguard
I think hetzner's ubuntu contains not properly installed wireguard kernel modules. I built wireguard from source and it helped

@jackivanov
Copy link
Collaborator

We don't officially support Hetzner, and you choosed to deploy as an advanced, so you need to debug it somehow yourself

@ealeksandrov
Copy link
Contributor

I built wireguard from source and it helped

I confirm, building WireGuard from source before installing Algo prevents error.

https://www.wireguard.com/install/
It shows couple of OpenSSL errors on make install but still works fine.

@ealeksandrov ealeksandrov mentioned this issue May 28, 2018
Closed
@jackivanov jackivanov mentioned this issue May 29, 2018
Merged
@ghost
Copy link

ghost commented Nov 12, 2018

I'm just stuck at PLAY [Configure the server] on both Debian or Ubuntu 18.04 on Hetzer, I'm surprised what Algo says about passwordless login, I think this may be the culprit but it did not prompt me to supply ssh keys or anything, just the name of the user it should use to login.

@ghost
Copy link

ghost commented Nov 14, 2018

systemctl status [email protected]\

this works for me now by default so your workaround may not be needed anymore

[email protected] - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
   Active: active (exited) since Wed 2018-11-14 15:04:46 CET; 26min ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
 Main PID: 1025 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 2299)
   CGroup: /system.slice/system-wg\x2dquick.slice/[email protected]

@kotfenix was there something else you needed to do because it does not yet work for me
#1130 (comment)

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ealeksandrov @jackivanov @kotfenix @dafacto