So, people everywhere are wondering how to take advantage of Amazon's new Lightsail pricing by setting up an Algo instance. Although it's not officially supported, it's actually really easy and only takes like 15 minutes to get up and running.
do-release-upgrade - this will update the 16.04 instance to 18.04This is a nice breakdown but for some reason even following these instructions I get stuck here:
TASK [dns_encryption : Include tasks for Ubuntu] ***********************************
included: /home/axiomdata/algo/roles/dns_encryption/tasks/ubuntu.yml for 52.38.3.195
FAILED - RETRYING: Add the repository (10 retries left).
It fails after 10 retries.
Any help getting past this spot would be great!
Thanks!
@axiomdata Could you file a separate issue, please? That's probably related to resolv.conf
@jackivanov Issue has been filed separately. Thanks.
Tried to run this today, some notes:
After run do-release-upgrade, it will prompt you to choose the "sshd_config", choose keep the local version, otherwise you will not be able to use Lightsail to SSH to this instance.
When following the Algo README.md to deploy the Algo server, download master.zip using wget and unzip it with unzip in the Lightsail Ubuntu server. Do NOT download and unzip it in your local machine and upload to Lightsail, it will cause privilege problem and chmod will NOT save you.
However, the installation always stopped at the following stage without any warning or error.
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
TASK [A short pause, in order to be sure the instance is ready] ***************************
ok: [localhost]
PLAY [Configure the server and install required software] *********************************
I thought it was "installing required software", but it took way too long (more than 1 hour) that it seems like it has stopped.
I wiped out the whole Lightsail and started from scratch again, but it still stopped at the same line. @cdolle Do you know where I did wrong?
Also, what is the purpose of the "key pair" mentioned in your step1? So far I only use the key pair to SSH to the Lightsail Ubuntu instance. Does it has something to do with the Algo VPN installation?
Tried the above in post #1. Installs OK. But can anyone share how to open upd ports 500 and 4500? Tried iptables -A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT but it doesn't do the trick as my iphone still can't connect to the server.
@johnyluyte
worked for me as below:
when prompted 'enter the IP address' type: localhost
when prompted 'enter the public IP address' type your stastic ip address assigned to the instance
@xytzw I remember entering both prompts with my public static IP address. That might be the problem. Thanks!
You can login to the AWS Lightsail web console, click your instance, click Network, and open both UDP ports there.
https://lightsail.aws.amazon.com/ls/webapp/home/instances
@xytzw @johnyluyte Not sure if this is relevant but I've been having issues getting this to work for a while. I finally got it to work on Android Wireguard by also opening up port 51820 which is the port wireguard tries to connect on.
if you notice package installations failing due to version incompatibilities, selectively upgrade the failed packages:
sudo -H python -m pip install [package] --upgrade
tends to happen with MarkupSafe, azure-cli-core, pyopenssl, azure-mgmt-resource
Thanks, works perfectly!
I just checked the list of Lightsail Blueprint list.
For Ubuntu, the list now includes Ubuntu 18.04 LTS (blueprintId: ubuntu_18_04).
Here's the entry from aws lightsail get-blueprints:
{
"group": "ubuntu_18",
"description": "Ubuntu 18.04 LTS - Bionic. Lean, fast and powerful, Ubuntu Server delivers services reliably, predictably and economically. It is the perfect base on which to build your instances. Ubuntu is free and will always be, and you have the option to get support and Landscape from Canonical.",
"platform": "LINUX_UNIX",
"productUrl": "https://aws.amazon.com/marketplace/pp/B07CQ33QKV",
"version": "18.04 LTS",
"licenseUrl": "https://d7umqicpi7263.cloudfront.net/eula/product/3b73ef49-208f-47e1-8a6e-4ae768d8a333/7ca21cd7-5be3-43be-8e43-07809b2ea410.txt",
"versionCode": "1",
"blueprintId": "ubuntu_18_04",
"minPower": 0,
"type": "os",
"isActive": true,
"name": "Ubuntu"
},
Anyone know what the CLI name is for the $5 instance? I know it can be modified in library/lightsail.py but for the life of me I can't find the correct CLI name in any of the documentation.
I installed the aws-cli tool and ran aws lightsail get-bundles. Based on the output I think the bundle you want is micro_2_0. You can change the bundle name used by Algo in config.cfg.
Perfect, thanks.
From: David Myers notifications@github.com
Reply-To: trailofbits/algo reply@reply.github.com
Date: Tuesday, January 29, 2019 at 12:26 PM
To: trailofbits/algo algo@noreply.github.com
Cc: Moshe Siegel moshesiegel@gmail.com, Comment comment@noreply.github.com
Subject: Re: [trailofbits/algo] Installing to Lightsail (documentation) (#1094)
I installed the aws-clihttps://github.com/aws/aws-cli tool and ran aws lightsail get-bundles. Based on the output I think the bundle you want is micro_2_0. You can change the bundle name used by Algo in config.cfg.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/trailofbits/algo/issues/1094#issuecomment-458629967, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AOQ-vusjvdBYcZzkBlzz5BEqpDDImObQks5vIIQvgaJpZM4WWcY5.
Note that deploying to Lightsail requires extra IAM policy rules, the ones recommended in docs for EC2 do not suffice.
As of now Lightsail installation will fail if user follows the docs (assuming IAM user, it will probably work if AWS root credentials are given).
I am not sure what is the minimum of policies required to deploy Algo to Lightsail. To make it work in meantime, I added "lightsail:*" to action list somewhere in the policy. Far from the best, but possibly better than root credentials.
@strogonoff That's because you have to use the policy for Lightsail, not EC2. 😄
Agreed that this should be more obvious, perhaps by adding onto the EC2 install instructions page, or making a separate one for Lightsail.
Ahh I see, didn’t find it at the time.
I believe, since minimal policies differ, it might make sense to either have one doc for AWS split into subsections, or separate docs where one handles the EC2+CloudFormation policies & the other Lightsail’s.
Either way should be discoverable enough (OTOH if the doc with Lightsail’s policies is called EC2, they might take a few extra minutes to locate)
On 30 Mar 2019, at 2:39 AM, TC1977 notifications@github.com wrote:
@strogonoff That's because you have to use the policy for Lightsail, not EC2. 😄
Agreed that this should be more obvious, perhaps by adding onto the EC2 install instructions page, or making a separate one for Lightsail.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
Most helpful comment
Tried to run this today, some notes:
After run
do-release-upgrade, it will prompt you to choose the "sshd_config", choosekeep the local version, otherwise you will not be able to use Lightsail to SSH to this instance.When following the Algo
README.mdto deploy the Algo server, downloadmaster.zipusingwgetand unzip it withunzipin the Lightsail Ubuntu server. Do NOT download and unzip it in your local machine and upload to Lightsail, it will cause privilege problem andchmodwill NOT save you.However, the installation always stopped at the following stage without any warning or error.
I thought it was "installing required software", but it took way too long (more than 1 hour) that it seems like it has stopped.
I wiped out the whole Lightsail and started from scratch again, but it still stopped at the same line. @cdolle Do you know where I did wrong?
Also, what is the purpose of the "key pair" mentioned in your step1? So far I only use the key pair to SSH to the Lightsail Ubuntu instance. Does it has something to do with the Algo VPN installation?