I tried to install from WSL then I created a new Ubuntu 18.04 instance on Lightsail and ran the instructions as I usually do. On the new Ubuntu instance I used the default config.
Everytime I tried to run the algo command I ended up getting the below error:
Unable to start service wg-quick@wg0: Job for [email protected] failed because the control process exited with error code.\nSee \"systemctl status [email protected]\" and \"journalctl -xe\" for details.\n
A clear and concise description of what the bug is.
To Reproduce
user@server:~$ sudo apt update && sudo apt full-upgrade --assume-yes
Hit:1 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:3 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:5 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/main Sources [318 kB]
Get:6 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/restricted Sources [7444 B]
Get:7 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe Sources [283 kB]
Get:8 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [947 kB]
Get:9 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/main Translation-en [322 kB]
Get:10 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [54.9 kB]
Get:11 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/restricted Translation-en [13.7 kB]
Get:12 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1075 kB]
Get:13 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [334 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/universe Sources [169 kB]
Get:15 http://security.ubuntu.com/ubuntu bionic-security/restricted Sources [5376 B]
Get:16 http://security.ubuntu.com/ubuntu bionic-security/main Sources [150 kB]
Get:17 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [720 kB]
Get:18 http://security.ubuntu.com/ubuntu bionic-security/main Translation-en [227 kB]
Get:19 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [43.5 kB]
Get:20 http://security.ubuntu.com/ubuntu bionic-security/restricted Translation-en [10.8 kB]
Get:21 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [666 kB]
Get:22 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [221 kB]
Fetched 5821 kB in 3s (2107 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
After this operation, 5139 kB of additional disk space will be used.
Get:1 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 python-pip-whl all 9.0.1-2.3~ubuntu1.18.04.1 [1653 kB]
Get:2 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-lib2to3 all 3.6.9-1~18.04 [77.4 kB]
Get:3 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-distutils all 3.6.9-1~18.04 [144 kB]
---
Get:4 http://eu-west-3.ec2.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-virtualenv all 15.1.0+ds-1.1 [43.4 kB]
Fetched 1918 kB in 0s (5076 kB/s)
Selecting previously unselected package python-pip-whl.
(Reading database ... 85108 files and directories currently installed.)
Preparing to unpack .../python-pip-whl_9.0.1-2.3~ubuntu1.18.04.1_all.deb ...
Unpacking python-pip-whl (9.0.1-2.3~ubuntu1.18.04.1) ...
Selecting previously unselected package python3-lib2to3.
Preparing to unpack .../python3-lib2to3_3.6.9-1~18.04_all.deb ...
Unpacking python3-lib2to3 (3.6.9-1~18.04) ...
Selecting previously unselected package python3-distutils.
Preparing to unpack .../python3-distutils_3.6.9-1~18.04_all.deb ...
Unpacking python3-distutils (3.6.9-1~18.04) ...
Selecting previously unselected package python3-virtualenv.
Preparing to unpack .../python3-virtualenv_15.1.0+ds-1.1_all.deb ...
Unpacking python3-virtualenv (15.1.0+ds-1.1) ...
Setting up python-pip-whl (9.0.1-2.3~ubuntu1.18.04.1) ...
Setting up python3-lib2to3 (3.6.9-1~18.04) ...
Setting up python3-distutils (3.6.9-1~18.04) ...
Setting up python3-virtualenv (15.1.0+ds-1.1) ...
user@server:~$ git clone https://github.com/trailofbits/algo
Cloning into 'algo'...
remote: Enumerating objects: 1, done.
remote: Counting objects: 100% (1/1), done.
remote: Total 6748 (delta 0), reused 0 (delta 0), pack-reused 6747
Receiving objects: 100% (6748/6748), 2.78 MiB | 4.35 MiB/s, done.
Resolving deltas: 100% (3860/3860), done.
user@server:~$ cd algo/
user@server:~/algo$ vim config.cfg
user@server:~/algo$ python3 -m virtualenv --python="$(command -v python3)" .env &&
> source .env/bin/activate &&
> python3 -m pip install -U pip virtualenv &&
> python3 -m pip install -r requirements.txt
Already using interpreter /usr/bin/python3
Using base prefix '/usr'
New python executable in /home/ubuntu/algo/.env/bin/python3
Also creating executable in /home/ubuntu/algo/.env/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
Requirement already up-to-date: pip in ./.env/lib/python3.6/site-packages (20.1.1)
Collecting virtualenv
Downloading virtualenv-20.0.21-py2.py3-none-any.whl (4.7 MB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 4.7 MB 11.3 MB/s
Collecting appdirs<2,>=1.4.3
Downloading appdirs-1.4.4-py2.py3-none-any.whl (9.6 kB)
Collecting filelock<4,>=3.0.0
Downloading filelock-3.0.12-py3-none-any.whl (7.6 kB)
Collecting importlib-resources<2,>=1.0; python_version < "3.7"
Downloading importlib_resources-1.5.0-py2.py3-none-any.whl (21 kB)
Collecting six<2,>=1.9.0
Downloading six-1.14.0-py2.py3-none-any.whl (10 kB)
Collecting importlib-metadata<2,>=0.12; python_version < "3.8"
Downloading importlib_metadata-1.6.0-py2.py3-none-any.whl (30 kB)
Collecting distlib<1,>=0.3.0
Downloading distlib-0.3.0.zip (571 kB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 571 kB 44.1 MB/s
Collecting zipp>=0.4; python_version < "3.8"
Downloading zipp-3.1.0-py3-none-any.whl (4.9 kB)
Building wheels for collected packages: distlib
Building wheel for distlib (setup.py) ... done
Created wheel for distlib: filename=distlib-0.3.0-py3-none-any.whl size=340427 sha256=7a99c8206e2f98885e9bfe9a840e3f64907640b64b351f212e3988395abad540
Stored in directory: /home/ubuntu/.cache/pip/wheels/33/d9/71/e4e3cac73529e1947df418af0f140cd7589d5d9ec0e17ecfc2
Successfully built distlib
Installing collected packages: appdirs, filelock, zipp, importlib-metadata, importlib-resources, six, distlib, virtualenv
Successfully installed appdirs-1.4.4 distlib-0.3.0 filelock-3.0.12 importlib-metadata-1.6.0 importlib-resources-1.5.0 six-1.14.0 virtualenv-20.0.21 zipp-3.1.0
Collecting ansible==2.8.8
Downloading ansible-2.8.8.tar.gz (12.7 MB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 12.7 MB 11.4 MB/s
Collecting netaddr
Downloading netaddr-0.7.19-py2.py3-none-any.whl (1.6 MB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 1.6 MB 31.7 MB/s
Collecting jinja2
Downloading Jinja2-2.11.2-py2.py3-none-any.whl (125 kB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 125 kB 53.5 MB/s
Collecting PyYAML
Downloading PyYAML-5.3.1.tar.gz (269 kB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 269 kB 37.3 MB/s
Collecting cryptography
Downloading cryptography-2.9.2-cp35-abi3-manylinux2010_x86_64.whl (2.7 MB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 2.7 MB 29.1 MB/s
Collecting MarkupSafe>=0.23
Downloading MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl (27 kB)
Collecting cffi!=1.11.3,>=1.8
Downloading cffi-1.14.0-cp36-cp36m-manylinux1_x86_64.whl (399 kB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 399 kB 27.5 MB/s
Requirement already satisfied: six>=1.4.1 in ./.env/lib/python3.6/site-packages (from cryptography->ansible==2.8.8->-r requirements.txt (line 1)) (1.14.0)
Collecting pycparser
Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)
|鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅鈻堚枅| 112 kB 51.5 MB/s
Building wheels for collected packages: ansible, PyYAML
Building wheel for ansible (setup.py) ... done
Created wheel for ansible: filename=ansible-2.8.8-py3-none-any.whl size=12650706 sha256=41870833ca1ab43c145ab10eabd0292ac7178547f806008a0a1d77c429da175e
Stored in directory: /home/ubuntu/.cache/pip/wheels/f5/3b/6b/6e4fc9377e5e6d2bc064d5eadea8cb84ab620d276cbd0e185c
Building wheel for PyYAML (setup.py) ... done
Created wheel for PyYAML: filename=PyYAML-5.3.1-cp36-cp36m-linux_x86_64.whl size=44621 sha256=ca57d7cc6e89717064bf498ea10a182c59441d107dac57ab347e7297b7c24ece
Stored in directory: /home/ubuntu/.cache/pip/wheels/e5/9d/ad/2ee53cf262cba1ffd8afe1487eef788ea3f260b7e6232a80fc
Successfully built ansible PyYAML
Installing collected packages: MarkupSafe, jinja2, PyYAML, pycparser, cffi, cryptography, ansible, netaddr
Successfully installed MarkupSafe-1.1.1 PyYAML-5.3.1 ansible-2.8.8 cffi-1.14.0 cryptography-2.9.2 jinja2-2.11.2 netaddr-0.7.19 pycparser-2.20
(.env) user@server:~/algo$ ./algo
[WARNING]: Could not match supplied host pattern, ignoring: vpn-host
PLAY [localhost] *******************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [localhost]
TASK [Playbook dir stat] ***********************************************************************************************
ok: [localhost]
TASK [Ensure Ansible is not being run in a world writable directory] ***************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Ensure the requirements installed] *******************************************************************************
ok: [localhost]
TASK [Set required ansible version as a fact] **************************************************************************
ok: [localhost] => (item=ansible==2.8.8)
TASK [Verify Python meets Algo VPN requirements] ***********************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Verify Ansible meets Algo VPN requirements] **********************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
PLAY [Ask user for the input] ******************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Hetzner Cloud
7. Vultr
8. Scaleway
9. OpenStack (DreamCompute optimised)
10. CloudStack (Exoscale optimised)
11. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
Enter the number of your desired provider
:
TASK [Cloud prompt] ****************************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] ************************************************************************************
ok: [localhost]
[VPN server name prompt]
Name the vpn server
[algo]
:
TASK [VPN server name prompt] ******************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:
TASK [Cellular On Demand prompt] ***************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:
TASK [Wi-Fi On Demand prompt] ******************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:
TASK [Trusted Wi-Fi networks prompt] ***********************************************************************************
ok: [localhost]
[Retain the PKI prompt]
Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
[y/N]
:
TASK [Retain the PKI prompt] *******************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to enable DNS ad blocking on this VPN server?
[y/N]
:
TASK [DNS adblocking prompt] *******************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:
TASK [SSH tunneling prompt] ********************************************************************************************
ok: [localhost]
TASK [Set facts based on the input] ************************************************************************************
ok: [localhost]
PLAY [Provision the server] ********************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
ok: [localhost]
--> Please include the following block of text when reporting issues:
Algo running on: Ubuntu 18.04.4 LTS (Virtualized: xen)
Created from git fork. Last commit: 9ac64cb Document WG DNS search domain on Linux client (#1796)
Python 3.6.9
Runtime variables:
algo_provider "lightsail"
algo_ondemand_cellular "True"
algo_ondemand_wifi "True"
algo_ondemand_wifi_exclude "X251bGw="
algo_dns_adblocking "True"
algo_ssh_tunneling "False"
wireguard_enabled "True"
dns_encryption "True"
TASK [Display the invocation environment] ******************************************************************************
changed: [localhost -> localhost]
TASK [Install the requirements] ****************************************************************************************
changed: [localhost -> localhost]
TASK [Generate the SSH private key] ************************************************************************************
changed: [localhost]
TASK [Generate the SSH public key] *************************************************************************************
changed: [localhost]
TASK [Copy the private SSH key to /tmp] ********************************************************************************
changed: [localhost -> localhost]
TASK [cloud-lightsail : Install requirements] **************************************************************************
changed: [localhost]
[cloud-lightsail : pause]
Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md)
(output is hidden):
TASK [cloud-lightsail : pause] *****************************************************************************************
ok: [localhost]
[cloud-lightsail : pause]
Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
(output is hidden):
TASK [cloud-lightsail : pause] *****************************************************************************************
ok: [localhost]
TASK [cloud-lightsail : set_fact] **************************************************************************************
ok: [localhost]
TASK [cloud-lightsail : Get regions] ***********************************************************************************
ok: [localhost]
TASK [cloud-lightsail : Set facts about the regions] *******************************************************************
ok: [localhost]
TASK [cloud-lightsail : Set the default region] ************************************************************************
ok: [localhost]
[cloud-lightsail : pause]
What region should the server be located in?
(https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/)
1. ap-northeast-1 Tokyo
2. ap-northeast-2 Seoul
3. ap-south-1 Mumbai
4. ap-southeast-1 Singapore
5. ap-southeast-2 Sydney
6. ca-central-1 Montreal
7. eu-central-1 Frankfurt
8. eu-west-1 Ireland
9. eu-west-2 London
10. eu-west-3 Paris
11. us-east-1 Virginia
12. us-east-2 Ohio
13. us-west-2 Oregon
Enter the number of your desired region
[11]
:
TASK [cloud-lightsail : pause] *****************************************************************************************
ok: [localhost]
TASK [cloud-lightsail : set_fact] **************************************************************************************
ok: [localhost]
TASK [cloud-lightsail : Create an instance] ****************************************************************************
changed: [localhost]
TASK [cloud-lightsail : set_fact] **************************************************************************************
ok: [localhost]
TASK [Set subjectAltName as a fact] ************************************************************************************
ok: [localhost]
TASK [Add the server to an inventory group] ****************************************************************************
changed: [localhost]
TASK [Additional variables for the server] *****************************************************************************
changed: [localhost]
TASK [Wait until SSH becomes ready...] *********************************************************************************
ok: [localhost]
TASK [Linux | set OS specific facts] ***********************************************************************************
ok: [localhost]
TASK [Set config paths as facts] ***************************************************************************************
ok: [localhost]
TASK [Update config paths] *********************************************************************************************
changed: [localhost]
TASK [debug] ***********************************************************************************************************
ok: [localhost] => {
"IP_subject_alt_name": "35.180.51.183"
}
TASK [Wait 600 seconds for target connection to become reachable/usable] ***********************************************
ok: [localhost -> 35.180.51.183] => (item=35.180.51.183)
PLAY [Configure the server and install required software] **************************************************************
TASK [Wait until the cloud-init completed] *****************************************************************************
ok: [35.180.51.183]
TASK [Ensure the config directory exists] ******************************************************************************
changed: [35.180.51.183 -> localhost]
TASK [Dump the ssh config] *********************************************************************************************
changed: [35.180.51.183 -> localhost]
TASK [common : Check the system] ***************************************************************************************
ok: [35.180.51.183]
included: /home/ubuntu/algo/roles/common/tasks/ubuntu.yml for 35.180.51.183
TASK [common : Gather facts] *******************************************************************************************
ok: [35.180.51.183]
TASK [common : Install software updates] *******************************************************************************
changed: [35.180.51.183]
TASK [common : Check if reboot is required] ****************************************************************************
changed: [35.180.51.183]
TASK [common : Reboot] *************************************************************************************************
changed: [35.180.51.183]
TASK [common : Wait until the server becomes ready...] *****************************************************************
ok: [35.180.51.183]
TASK [common : Install unattended-upgrades] ****************************************************************************
ok: [35.180.51.183]
TASK [common : Configure unattended-upgrades] **************************************************************************
changed: [35.180.51.183]
TASK [common : Periodic upgrades configured] ***************************************************************************
changed: [35.180.51.183]
TASK [common : Disable MOTD on login and SSHD] *************************************************************************
changed: [35.180.51.183] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/login'})
changed: [35.180.51.183] => (item={'regexp': '^session.*optional.*pam_motd.so.*', 'line': '# MOTD DISABLED', 'file': '/etc/pam.d/sshd'})
TASK [common : Loopback for services configured] ***********************************************************************
changed: [35.180.51.183]
TASK [common : systemd services enabled and started] *******************************************************************
ok: [35.180.51.183] => (item=systemd-networkd)
ok: [35.180.51.183] => (item=systemd-resolved)
RUNNING HANDLER [common : restart systemd-networkd] ********************************************************************
changed: [35.180.51.183]
TASK [common : Check apparmor support] *********************************************************************************
ok: [35.180.51.183]
TASK [common : Set fact if apparmor enabled] ***************************************************************************
ok: [35.180.51.183]
TASK [common : Define facts] *******************************************************************************************
ok: [35.180.51.183]
TASK [common : Set facts] **********************************************************************************************
ok: [35.180.51.183]
TASK [common : Set IPv6 support as a fact] *****************************************************************************
ok: [35.180.51.183]
TASK [common : Check size of MTU] **************************************************************************************
ok: [35.180.51.183]
TASK [common : Set OS specific facts] **********************************************************************************
ok: [35.180.51.183]
TASK [common : Install tools] ******************************************************************************************
changed: [35.180.51.183]
TASK [common : Install headers] ****************************************************************************************
changed: [35.180.51.183]
included: /home/ubuntu/algo/roles/common/tasks/iptables.yml for 35.180.51.183
TASK [common : Iptables configured] ************************************************************************************
changed: [35.180.51.183] => (item={'src': 'rules.v4.j2', 'dest': '/etc/iptables/rules.v4'})
TASK [common : Sysctl tuning] ******************************************************************************************
changed: [35.180.51.183] => (item={'item': 'net.ipv4.ip_forward', 'value': 1})
changed: [35.180.51.183] => (item={'item': 'net.ipv4.conf.all.forwarding', 'value': 1})
RUNNING HANDLER [common : restart iptables] ****************************************************************************
changed: [35.180.51.183]
included: /home/ubuntu/algo/roles/dns/tasks/ubuntu.yml for 35.180.51.183
TASK [dns : Add the repository] ****************************************************************************************
changed: [35.180.51.183]
TASK [dns : Install dnscrypt-proxy] ************************************************************************************
changed: [35.180.51.183]
TASK [dns : Configure unattended-upgrades] *****************************************************************************
changed: [35.180.51.183]
TASK [dns : Ubuntu | Configure AppArmor policy for dnscrypt-proxy] *****************************************************
changed: [35.180.51.183]
TASK [dns : Ubuntu | Enforce the dnscrypt-proxy AppArmor policy] *******************************************************
ok: [35.180.51.183]
TASK [dns : Ubuntu | Ensure that the dnscrypt-proxy service directory exist] *******************************************
changed: [35.180.51.183]
TASK [dns : Ubuntu | Add custom requirements to successfully start the unit] *******************************************
changed: [35.180.51.183]
TASK [dns : dnscrypt-proxy ip-blacklist configured] ********************************************************************
changed: [35.180.51.183]
TASK [dns : dnscrypt-proxy configured] *********************************************************************************
changed: [35.180.51.183]
TASK [dns : Adblock script created] ************************************************************************************
changed: [35.180.51.183]
TASK [dns : Adblock script added to cron] ******************************************************************************
changed: [35.180.51.183]
TASK [dns : Update adblock hosts] **************************************************************************************
ok: [35.180.51.183]
[WARNING]: flush_handlers task does not support when conditional
RUNNING HANDLER [dns : restart dnscrypt-proxy] *************************************************************************
changed: [35.180.51.183]
TASK [dns : dnscrypt-proxy enabled and started] ************************************************************************
ok: [35.180.51.183]
TASK [wireguard : Ensure the required directories exist] ***************************************************************
changed: [35.180.51.183 -> localhost] => (item=configs/35.180.51.183/wireguard//.pki//preshared)
changed: [35.180.51.183 -> localhost] => (item=configs/35.180.51.183/wireguard//.pki//private)
changed: [35.180.51.183 -> localhost] => (item=configs/35.180.51.183/wireguard//.pki//public)
changed: [35.180.51.183 -> localhost] => (item=configs/35.180.51.183/wireguard//apple/ios)
changed: [35.180.51.183 -> localhost] => (item=configs/35.180.51.183/wireguard//apple/macos)
included: /home/ubuntu/algo/roles/wireguard/tasks/ubuntu.yml for 35.180.51.183
TASK [wireguard : WireGuard repository configured] *********************************************************************
changed: [35.180.51.183]
TASK [wireguard : Configure unattended-upgrades] ***********************************************************************
changed: [35.180.51.183]
TASK [wireguard : WireGuard installed] *********************************************************************************
changed: [35.180.51.183]
TASK [wireguard : WireGuard reload-module-on-update] *******************************************************************
changed: [35.180.51.183]
TASK [wireguard : Set OS specific facts] *******************************************************************************
ok: [35.180.51.183]
TASK [wireguard : Generate private keys] *******************************************************************************
changed: [35.180.51.183] => (item=phone)
changed: [35.180.51.183] => (item=laptop)
changed: [35.180.51.183] => (item=35.180.51.183)
TASK [wireguard : Save private keys] ***********************************************************************************
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183]
TASK [wireguard : Touch the lock file] *********************************************************************************
changed: [35.180.51.183] => (item=phone)
changed: [35.180.51.183] => (item=laptop)
changed: [35.180.51.183] => (item=35.180.51.183)
TASK [wireguard : Generate preshared keys] *****************************************************************************
changed: [35.180.51.183] => (item=phone)
changed: [35.180.51.183] => (item=laptop)
changed: [35.180.51.183] => (item=35.180.51.183)
TASK [wireguard : Save preshared keys] *********************************************************************************
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183]
TASK [wireguard : Touch the preshared lock file] ***********************************************************************
changed: [35.180.51.183] => (item=phone)
changed: [35.180.51.183] => (item=laptop)
changed: [35.180.51.183] => (item=35.180.51.183)
TASK [wireguard : Generate public keys] ********************************************************************************
ok: [35.180.51.183] => (item=phone)
ok: [35.180.51.183] => (item=laptop)
ok: [35.180.51.183] => (item=35.180.51.183)
TASK [wireguard : Save public keys] ************************************************************************************
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183 -> localhost] => (item=None)
changed: [35.180.51.183]
TASK [wireguard : WireGuard user list updated] *************************************************************************
changed: [35.180.51.183 -> localhost] => (item=phone)
changed: [35.180.51.183 -> localhost] => (item=laptop)
TASK [wireguard : set_fact] ********************************************************************************************
ok: [35.180.51.183 -> localhost]
TASK [wireguard : WireGuard users config generated] ********************************************************************
changed: [35.180.51.183 -> localhost] => (item=[0, 'phone'])
changed: [35.180.51.183 -> localhost] => (item=[1, 'laptop'])
included: /home/ubuntu/algo/roles/wireguard/tasks/mobileconfig.yml for 35.180.51.183
included: /home/ubuntu/algo/roles/wireguard/tasks/mobileconfig.yml for 35.180.51.183
TASK [wireguard : WireGuard apple mobileconfig generated] **************************************************************
changed: [35.180.51.183 -> localhost] => (item=[0, 'phone'])
changed: [35.180.51.183 -> localhost] => (item=[1, 'laptop'])
TASK [wireguard : WireGuard apple mobileconfig generated] **************************************************************
changed: [35.180.51.183 -> localhost] => (item=[0, 'phone'])
changed: [35.180.51.183 -> localhost] => (item=[1, 'laptop'])
TASK [wireguard : Generate QR codes] ***********************************************************************************
ok: [35.180.51.183 -> localhost] => (item=[0, 'phone'])
ok: [35.180.51.183 -> localhost] => (item=[1, 'laptop'])
TASK [wireguard : WireGuard configured] ********************************************************************************
changed: [35.180.51.183]
TASK [wireguard : WireGuard enabled and started] ***********************************************************************
fatal: [35.180.51.183]: FAILED! => {"changed": false, "msg": "Unable to start service wg-quick@wg0: Job for [email protected] failed because the control process exited with error code.\nSee \"systemctl status [email protected]\" and \"journalctl -xe\" for details.\n"}
included: /home/ubuntu/algo/playbooks/rescue.yml for 35.180.51.183
TASK [debug] ***********************************************************************************************************
ok: [35.180.51.183] => {
"fail_hint": [
"Sorry, but something went wrong!",
"Please check the troubleshooting guide.",
"https://trailofbits.github.io/algo/troubleshooting.html"
]
}
TASK [Fail the installation] *******************************************************************************************
fatal: [35.180.51.183]: FAILED! => {"changed": false, "msg": "Failed as requested from task"}
PLAY RECAP *************************************************************************************************************
35.180.51.183 : ok=71 changed=43 unreachable=0 failed=1 skipped=7 rescued=1 ignored=0
localhost : ok=44 changed=10 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
I usually run this on WSL and it works fine but lately I've been getting errors since I upgraded the Ubuntu WSL to 20.04 so I tried installing from a new Ubuntu 18.04 instance.
systemctl status [email protected]
Unit [email protected] could not be found.
Ubuntu just released some kernel updates for 18.04 that break WireGuard when using kernel 5.3. WireGuard's been fixed, but the repository that contains the WireGuard packages used by Algo hasn't been updated to the fixed version yet.
I'm not sure what can be done other than waiting for the repository to be updated. Or you can choose another cloud provider where Ubuntu 20.04 is available.
Ubuntu just released some kernel updates for 18.04 that break WireGuard when using kernel 5.3. WireGuard's been fixed, but the repository that contains the WireGuard packages used by Algo hasn't been updated to the fixed version yet.
I'm not sure what can be done other than waiting for the repository to be updated. Or you can choose another cloud provider where Ubuntu 20.04 is available.
I guess I'll just have to wait. Thanks
This issue still exist but it looks like enabling HWE is a workaround
Most helpful comment
Ubuntu just released some kernel updates for 18.04 that break WireGuard when using kernel 5.3. WireGuard's been fixed, but the repository that contains the WireGuard packages used by Algo hasn't been updated to the fixed version yet.
I'm not sure what can be done other than waiting for the repository to be updated. Or you can choose another cloud provider where Ubuntu 20.04 is available.