Problem with "dnscrypt-proxy configured" task
znb opened this issue · comments
Describe the bug
Running through a pretty basic Algo setup on Digital Ocean and I get an error on the "dnscrypt-proxy configured task"
I'm not sure what the problem is as it's not something I can find in my digging
To Reproduce
Steps to reproduce the behavior:
- Run basic algo setup to Digital Ocean
- At the "dnscrypt-proxy configured" task I get the following error
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleUndefinedVariable: 'custom_server_stamps' is undefined fatal: [46.101.101.93]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'custom_server_stamps' is undefined"}
Expected behavior
I expected the installation to complete without error
Full log
PLAY [localhost] *****************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Playbook dir stat] *********************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Ensure Ansible is not being run in a world writable directory] *************************************************************************************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: The value '' is not a valid IP address or network, passing this value to ipaddr filter might result in breaking change in future.
TASK [Ensure the requirements installed] *****************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set required ansible version as a fact] ************************************************************************************************************************************************************************************************
ok: [localhost] => (item=ansible-core==2.11.3)
TASK [Verify Python meets Algo VPN requirements] *********************************************************************************************************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Verify Ansible meets Algo VPN requirements] ********************************************************************************************************************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log
PLAY [Ask user for the input] ****************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Hetzner Cloud
7. Vultr
8. Scaleway
9. OpenStack (DreamCompute optimised)
10. CloudStack (Exoscale optimised)
11. Linode
12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
Enter the number of your desired provider
:
1^M
TASK [Cloud prompt] **************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] **********************************************************************************************************************************************************************************************************
ok: [localhost]
[VPN server name prompt]
Name the vpn server
[algo]
:
AlgoVPN-EU^M
TASK [VPN server name prompt] ****************************************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
y^M
TASK [Cellular On Demand prompt] *************************************************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
y^M
TASK [Wi-Fi On Demand prompt] ****************************************************************************************************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:
Hackeriet^M
TASK [Trusted Wi-Fi networks prompt] *********************************************************************************************************************************************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
n^M
TASK [Retain the PKI prompt] *****************************************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
y^M
TASK [DNS adblocking prompt] *****************************************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
n^M
TASK [SSH tunneling prompt] ******************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] **********************************************************************************************************************************************************************************************************
ok: [localhost]
PLAY [Provision the server] ******************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]
--> Please include the following block of text when reporting issues:
Algo running on: macOS 12.0.1
Created from git clone. Last commit: 4bed66f Fix tests (#14319)
Python 3.9.7
Runtime variables:
algo_provider "digitalocean"
algo_ondemand_cellular "True"
algo_ondemand_wifi "True"
algo_ondemand_wifi_exclude "moo"
algo_dns_adblocking "True"
algo_ssh_tunneling "False"
wireguard_enabled "True"
dns_encryption "True"
TASK [Display the invocation environment] ****************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]
TASK [Install the requirements] **************************************************************************************************************************************************************************************************************
ok: [localhost -> localhost]
TASK [Generate the SSH private key] **********************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Generate the SSH public key] ***********************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Copy the private SSH key to /tmp] ******************************************************************************************************************************************************************************************************
ok: [localhost -> localhost]
TASK [Include a provisioning role] ***********************************************************************************************************************************************************************************************************
[cloud-digitalocean : pause]
Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens):
(output is hidden):
TASK [cloud-digitalocean : pause] ************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Set the token as a fact] ******************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Get regions] ******************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Set facts about the regions] **************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Set default region] ***********************************************************************************************************************************************************************************************
ok: [localhost]
[cloud-digitalocean : pause]
What region should the server be located in?
1. ams2 Amsterdam 2
2. ams3 Amsterdam 3
3. blr1 Bangalore 1
4. fra1 Frankfurt 1
5. lon1 London 1
6. nyc1 New York 1
7. nyc2 New York 2
8. nyc3 New York 3
9. sfo1 San Francisco 1
10. sfo2 San Francisco 2
11. sfo3 San Francisco 3
12. sgp1 Singapore 1
13. tor1 Toronto 1
Enter the number of your desired region
[8]
:
4^M
TASK [cloud-digitalocean : pause] ************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Set additional facts] *********************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Upload the SSH key] ***********************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : Creating a droplet...] ********************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cloud-digitalocean : Create a Floating IP] *********************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cloud-digitalocean : Set the static ip as a fact] **************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-digitalocean : set_fact] *********************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set subjectAltName as a fact] **********************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Add the server to an inventory group] **************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [Additional variables for the server] ***************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [Wait until SSH becomes ready...] *******************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [MacOS | set OS specific facts] *********************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [MacOS | mount a ram disk] **************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [Set config paths as facts] *************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Update config paths] *******************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [debug] *********************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
"IP_subject_alt_name": "46.101.101.93"
}
TASK [Wait 600 seconds for target connection to become reachable/usable] *********************************************************************************************************************************************************************
ok: [localhost -> 46.101.101.93] => (item=46.101.101.93)
PLAY [Configure the server and install required software] ************************************************************************************************************************************************************************************
TASK [Wait until the cloud-init completed] ***************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [Ensure the config directory exists] ****************************************************************************************************************************************************************************************************
changed: [46.101.101.93 -> localhost]
TASK [Dump the ssh config] *******************************************************************************************************************************************************************************************************************
changed: [46.101.101.93 -> localhost]
TASK [common : Check the system] *************************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : include_tasks] ****************************************************************************************************************************************************************************************************************
included: /Users/matt/Tools/algo/roles/common/tasks/ubuntu.yml for 46.101.101.93
TASK [common : Gather facts] *****************************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Install software updates] *****************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Check if reboot is required] **************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : Reboot] ***********************************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : Wait until the server becomes ready...] ***************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Install unattended-upgrades] **************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Configure unattended-upgrades] ************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : Periodic upgrades configured] *************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : Disable MOTD on login and SSHD] ***********************************************************************************************************************************************************************************************
changed: [46.101.101.93] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'})
changed: [46.101.101.93] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})
[WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually
TASK [common : Ensure fallback resolvers are set] ********************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : Loopback for services configured] *********************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : systemd services enabled and started] *****************************************************************************************************************************************************************************************
ok: [46.101.101.93] => (item=systemd-networkd)
ok: [46.101.101.93] => (item=systemd-resolved)
RUNNING HANDLER [common : restart systemd-networkd] ******************************************************************************************************************************************************************************************
changed: [46.101.101.93]
RUNNING HANDLER [common : restart systemd-resolved] ******************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : Check apparmor support] *******************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Set fact if apparmor enabled] *************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Define facts] *****************************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Set facts] ********************************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Set IPv6 support as a fact] ***************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Check size of MTU] ************************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Set OS specific facts] ********************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Install tools] ****************************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : Configure the alternative ingress ip] *****************************************************************************************************************************************************************************************
included: /Users/matt/Tools/algo/roles/common/tasks/aip/main.yml for 46.101.101.93
TASK [common : Verify the provider] **********************************************************************************************************************************************************************************************************
ok: [46.101.101.93] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [common : Include alternative ingress ip configuration] *********************************************************************************************************************************************************************************
included: /Users/matt/Tools/algo/roles/common/tasks/aip/digitalocean.yml for 46.101.101.93
TASK [common : Get the anchor IP] ************************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : Set SNAT IP as a fact] ********************************************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [common : IPv6 egress alias configured] *************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [common : Verify SNAT IPv4 found] *******************************************************************************************************************************************************************************************************
ok: [46.101.101.93] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [common : include_tasks] ****************************************************************************************************************************************************************************************************************
included: /Users/matt/Tools/algo/roles/common/tasks/iptables.yml for 46.101.101.93
TASK [common : Iptables configured] **********************************************************************************************************************************************************************************************************
changed: [46.101.101.93] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})
TASK [common : Iptables configured] **********************************************************************************************************************************************************************************************************
changed: [46.101.101.93] => (item={'src': 'rules.v6.j2', 'dest': '/etc/iptables/rules.v6'})
TASK [common : Sysctl tuning] ****************************************************************************************************************************************************************************************************************
changed: [46.101.101.93] => (item={'item': 'net.ipv4.ip_forward', 'value': 1})
changed: [46.101.101.93] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})
changed: [46.101.101.93] => (item={'item': 'net.ipv6.conf.all.forwarding', 'value': 1})
RUNNING HANDLER [common : restart iptables] **************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
RUNNING HANDLER [common : netplan apply] *****************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [dns : Include tasks for Ubuntu] ********************************************************************************************************************************************************************************************************
included: /Users/matt/Tools/algo/roles/dns/tasks/ubuntu.yml for 46.101.101.93
TASK [dns : Install dnscrypt-proxy] **********************************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] ***************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] *****************************************************************************************************************************************************************************
ok: [46.101.101.93]
TASK [dns : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] *****************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [dns : Ubuntu | Add custom requirements to successfully start the unit] *****************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [dns : dnscrypt-proxy ip-blacklist configured] ******************************************************************************************************************************************************************************************
changed: [46.101.101.93]
TASK [dns : dnscrypt-proxy configured] *******************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleUndefinedVariable: 'custom_server_stamps' is undefined
fatal: [46.101.101.93]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'custom_server_stamps' is undefined"}
TASK [include_tasks] *************************************************************************************************************************************************************************************************************************
included: /Users/matt/Tools/algo/playbooks/rescue.yml for 46.101.101.93
TASK [debug] *********************************************************************************************************************************************************************************************************************************
ok: [46.101.101.93] => {
"fail_hint": [
"Sorry, but something went wrong!",
"Please check the troubleshooting guide.",
"https://trailofbits.github.io/algo/troubleshooting.html"
]
}
TASK [Fail the installation] *****************************************************************************************************************************************************************************************************************
fatal: [46.101.101.93]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
46.101.101.93 : ok=49 changed=23 unreachable=0 failed=1 skipped=6 rescued=1 ignored=0
localhost : ok=46 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
Is there any chance you're using a previously created config.cfg with a more recent version of Algo?
@davidemyers That's exactly what it was. Either I fat fingered it, or the newer config had an extra line for the 'custom_server_stamps' config directive which I missed.
Apologies for the run around here. I've updated the config and redeployed without issue.