Describe the bug
Provisioning in EC2 causes the error EC2Instance CREATE_FAILED: The requested configuration is currently not supported. (Service: AmazonEC2; Status Code: 400; Error Code: Unsupported;}. Tried a couple of times.
To Reproduce
Steps to reproduce the behavior: See log below.
Full log
(env) $ ./algo (master✱)
PLAY [Ask user for the input] **********************************************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[pause]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Vultr
5. Microsoft Azure
6. Google Compute Engine
7. Scaleway
8. OpenStack (DreamCompute optimised)
9. Install to existing Ubuntu 18.04 server (Advanced)
Enter the number of your desired provider
:
3
TASK [pause] ***************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] ****************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[pause]
Name the vpn server
[algo]
:
algovpn
TASK [pause] ***************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]
:
n
TASK [pause] ***************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]
:
n
TASK [pause] ***************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]
:
n
TASK [pause] ***************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
n
TASK [pause] ***************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:
n
TASK [pause] ***************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[pause]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:
y
TASK [pause] ***************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] ****************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
PLAY [Provision the server] ************************************************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
--> Please include the following block of text when reporting issues:
Algo running on: Mac OS X 10.14.2
Created from git clone. Last commit: 5981bb9 Replace 'max_mss' with 'reduce_mtu' (#1253)
Python 2.7.15
Runtime variables:
algo_provider "ec2"
algo_ondemand_cellular "False"
algo_ondemand_wifi "False"
algo_ondemand_wifi_exclude "_null"
algo_local_dns "False"
algo_ssh_tunneling "False"
algo_windows "False"
wireguard_enabled "True"
dns_encryption "True"
TASK [Display the invocation environment] **********************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]
TASK [Install the requirements] ********************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost -> localhost]
TASK [Generate the SSH private key] ****************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [Generate the SSH public key] *****************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cloud-ec2 : Install requirements] ************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
[cloud-ec2 : pause]
Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md)
(output is hidden):
TASK [cloud-ec2 : pause] ***************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[cloud-ec2 : pause]
Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
(output is hidden):
TASK [cloud-ec2 : pause] ***************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-ec2 : set_fact] ************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-ec2 : Get regions] *********************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-ec2 : Set facts about the regions] *****************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-ec2 : Set the default region] **********************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
[cloud-ec2 : pause]
What region should the server be located in?
(https://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
1. ap-northeast-1
2. ap-northeast-2
3. ap-south-1
4. ap-southeast-1
5. ap-southeast-2
6. ca-central-1
7. eu-central-1
8. eu-north-1
9. eu-west-1
10. eu-west-2
11. eu-west-3
12. sa-east-1
13. us-east-1
14. us-east-2
15. us-west-1
16. us-west-2
Enter the number of your desired region
[13]
:
8
TASK [cloud-ec2 : pause] ***************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-ec2 : set_fact] ************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-ec2 : Locate official AMI for region] **************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-ec2 : Set the ami id as a fact] ********************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cloud-ec2 : Deploy the template] *************************************************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "events": ["StackEvent AWS::CloudFormation::Stack algovpn ROLLBACK_COMPLETE", "StackEvent AWS::EC2::VPC VPC DELETE_COMPLETE", "StackEvent AWS::EC2::InternetGateway InternetGateway DELETE_COMPLETE", "StackEvent AWS::EC2::InternetGateway InternetGateway DELETE_IN_PROGRESS", "StackEvent AWS::EC2::VPC VPC DELETE_IN_PROGRESS", "StackEvent AWS::EC2::VPCGatewayAttachment VPCGatewayAttachment DELETE_COMPLETE", "StackEvent AWS::EC2::RouteTable RouteTable DELETE_COMPLETE", "StackEvent AWS::EC2::VPCGatewayAttachment VPCGatewayAttachment DELETE_IN_PROGRESS", "StackEvent AWS::EC2::RouteTable RouteTable DELETE_IN_PROGRESS", "StackEvent AWS::EC2::VPCCidrBlock VPCIPv6 DELETE_COMPLETE", "StackEvent AWS::EC2::Subnet Subnet DELETE_COMPLETE", "StackEvent AWS::EC2::Route RouteIPv6 DELETE_COMPLETE", "StackEvent AWS::EC2::Route Route DELETE_COMPLETE", "StackEvent AWS::EC2::VPCCidrBlock VPCIPv6 DELETE_IN_PROGRESS", "StackEvent AWS::EC2::Subnet Subnet DELETE_IN_PROGRESS", "StackEvent AWS::EC2::Route RouteIPv6 DELETE_IN_PROGRESS", "StackEvent AWS::EC2::SubnetCidrBlock SubnetIPv6 DELETE_COMPLETE", "StackEvent AWS::EC2::Route Route DELETE_IN_PROGRESS", "StackEvent AWS::EC2::SubnetRouteTableAssociation RouteSubnet DELETE_COMPLETE", "StackEvent AWS::EC2::SecurityGroup InstanceSecurityGroup DELETE_COMPLETE", "StackEvent AWS::EC2::SubnetCidrBlock SubnetIPv6 DELETE_IN_PROGRESS", "StackEvent AWS::EC2::SecurityGroup InstanceSecurityGroup DELETE_IN_PROGRESS", "StackEvent AWS::EC2::SubnetRouteTableAssociation RouteSubnet DELETE_IN_PROGRESS", "StackEvent AWS::EC2::Instance EC2Instance DELETE_COMPLETE", "StackEvent AWS::CloudFormation::Stack algovpn ROLLBACK_IN_PROGRESS", "StackEvent AWS::EC2::Instance EC2Instance CREATE_FAILED", "StackEvent AWS::EC2::Instance EC2Instance CREATE_IN_PROGRESS", "StackEvent AWS::EC2::SubnetCidrBlock SubnetIPv6 CREATE_COMPLETE", "StackEvent AWS::EC2::SubnetRouteTableAssociation RouteSubnet CREATE_COMPLETE", "StackEvent AWS::EC2::SubnetCidrBlock SubnetIPv6 CREATE_IN_PROGRESS", "StackEvent AWS::EC2::SubnetRouteTableAssociation RouteSubnet CREATE_IN_PROGRESS", "StackEvent AWS::EC2::SubnetCidrBlock SubnetIPv6 CREATE_IN_PROGRESS", "StackEvent AWS::EC2::SubnetRouteTableAssociation RouteSubnet CREATE_IN_PROGRESS", "StackEvent AWS::EC2::Route RouteIPv6 CREATE_COMPLETE", "StackEvent AWS::EC2::Route Route CREATE_COMPLETE", "StackEvent AWS::EC2::SecurityGroup InstanceSecurityGroup CREATE_COMPLETE", "StackEvent AWS::EC2::SecurityGroup InstanceSecurityGroup CREATE_IN_PROGRESS", "StackEvent AWS::EC2::SecurityGroup InstanceSecurityGroup CREATE_IN_PROGRESS", "StackEvent AWS::EC2::Route RouteIPv6 CREATE_IN_PROGRESS", "StackEvent AWS::EC2::Route Route CREATE_IN_PROGRESS", "StackEvent AWS::EC2::Route RouteIPv6 CREATE_IN_PROGRESS", "StackEvent AWS::EC2::Route Route CREATE_IN_PROGRESS", "StackEvent AWS::EC2::Subnet Subnet CREATE_COMPLETE", "StackEvent AWS::EC2::VPCCidrBlock VPCIPv6 CREATE_COMPLETE", "StackEvent AWS::EC2::VPCGatewayAttachment VPCGatewayAttachment CREATE_COMPLETE", "StackEvent AWS::EC2::RouteTable RouteTable CREATE_COMPLETE", "StackEvent AWS::EC2::Subnet Subnet CREATE_IN_PROGRESS", "StackEvent AWS::EC2::VPCGatewayAttachment VPCGatewayAttachment CREATE_IN_PROGRESS", "StackEvent AWS::EC2::RouteTable RouteTable CREATE_IN_PROGRESS", "StackEvent AWS::EC2::VPCCidrBlock VPCIPv6 CREATE_IN_PROGRESS", "StackEvent AWS::EC2::Subnet Subnet CREATE_IN_PROGRESS", "StackEvent AWS::EC2::VPCGatewayAttachment VPCGatewayAttachment CREATE_IN_PROGRESS", "StackEvent AWS::EC2::RouteTable RouteTable CREATE_IN_PROGRESS", "StackEvent AWS::EC2::VPCCidrBlock VPCIPv6 CREATE_IN_PROGRESS", "StackEvent AWS::EC2::VPC VPC CREATE_COMPLETE", "StackEvent AWS::EC2::InternetGateway InternetGateway CREATE_COMPLETE", "StackEvent AWS::EC2::VPC VPC CREATE_IN_PROGRESS", "StackEvent AWS::EC2::InternetGateway InternetGateway CREATE_IN_PROGRESS", "StackEvent AWS::EC2::VPC VPC CREATE_IN_PROGRESS", "StackEvent AWS::EC2::InternetGateway InternetGateway CREATE_IN_PROGRESS", "StackEvent AWS::CloudFormation::Stack algovpn CREATE_IN_PROGRESS"], "log": ["AWS::EC2::Instance EC2Instance CREATE_FAILED: The requested configuration is currently not supported. Please check the documentation for supported configurations. (Service: AmazonEC2; Status Code: 400; Error Code: Unsupported; Request ID: 96718e93-34cf-47f2-8daf-5332298e37ab)"], "output": "Problem with CREATE. Rollback complete", "stack_outputs": {}, "stack_resources": [{"last_updated_time": "2019-01-02T08:40:00.351000+00:00", "logical_resource_id": "EC2Instance", "physical_resource_id": "", "resource_type": "AWS::EC2::Instance", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:03.667000+00:00", "logical_resource_id": "InstanceSecurityGroup", "physical_resource_id": "sg-024cdb3880833c0c2", "resource_type": "AWS::EC2::SecurityGroup", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:41:08.059000+00:00", "logical_resource_id": "InternetGateway", "physical_resource_id": "igw-0dea1620848fafb03", "resource_type": "AWS::EC2::InternetGateway", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:32.599000+00:00", "logical_resource_id": "Route", "physical_resource_id": "algov-Route-1K10GGDINSRYA", "resource_type": "AWS::EC2::Route", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:34.503000+00:00", "logical_resource_id": "RouteIPv6", "physical_resource_id": "algov-Route-UJC5SP8K1WK", "resource_type": "AWS::EC2::Route", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:15.993000+00:00", "logical_resource_id": "RouteSubnet", "physical_resource_id": "rtbassoc-06810358e6375c930", "resource_type": "AWS::EC2::SubnetRouteTableAssociation", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:35.973000+00:00", "logical_resource_id": "RouteTable", "physical_resource_id": "rtb-09a2745c447e1d508", "resource_type": "AWS::EC2::RouteTable", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:34.792000+00:00", "logical_resource_id": "Subnet", "physical_resource_id": "subnet-0053f9f22bf765bc3", "resource_type": "AWS::EC2::Subnet", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:17.991000+00:00", "logical_resource_id": "SubnetIPv6", "physical_resource_id": "subnet-cidr-assoc-0e604b6ba33e785f2", "resource_type": "AWS::EC2::SubnetCidrBlock", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:41:08.330000+00:00", "logical_resource_id": "VPC", "physical_resource_id": "vpc-06796d05e1af7f07c", "resource_type": "AWS::EC2::VPC", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:51.239000+00:00", "logical_resource_id": "VPCGatewayAttachment", "physical_resource_id": "algov-VPCGa-NLH4UK0N7SAM", "resource_type": "AWS::EC2::VPCGatewayAttachment", "status": "DELETE_COMPLETE", "status_reason": null}, {"last_updated_time": "2019-01-02T08:40:35.037000+00:00", "logical_resource_id": "VPCIPv6", "physical_resource_id": "vpc-cidr-assoc-045f6f2e27b1d4dff", "resource_type": "AWS::EC2::VPCCidrBlock", "status": "DELETE_COMPLETE", "status_reason": null}]}
TASK [cloud-ec2 : debug] ***************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
"fail_hint": [
"Sorry, but something went wrong!",
"Please check the troubleshooting guide.",
"https://trailofbits.github.io/algo/troubleshooting.html"
]
}
TASK [cloud-ec2 : fail] ****************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP *****************************************************************************************************************************************************************************************************************************************************************************************************************
localhost : ok=28 changed=5 unreachable=0 failed=2
Looking for easy fixes as always, I just wonder if it's a CloudFormation issue, given all the "ROLLBACK_COMPLETE" and "DELETE_IN_PROGRESS" messages.
Try deploying with a new name for your server other than "algovpn".
I believe it is eu-north-1 that's causing the issues. I've tried with another name but that resulted in the same error. Trying in eu-west-3 worked without issues.
Interesting, thanks for documenting a workaround.
Can you manually create an Ubuntu 18.04 instance on eu-north-1? Is the region shut down temporarily? Were you encrypting the volume perhaps?
I can create a an 18.04 instance manually without issues. Nothing on AWS status page about recent issues, and I ran algo several times over a 48h period.
The region was launched in late December, might be something that's not yet available there?
T2 is not available in eu-north-1. We don't have an auto discovery, so you would need to change the region to T3 in the config manually
Most helpful comment
T2 is not available in eu-north-1. We don't have an auto discovery, so you would need to change the region to T3 in the config manually