Streisand: AWS Security Group inbound rules incorrectly configured

Created on 17 Jul 2017  路  8Comments  路  Source: StreisandEffect/streisand

Expected behavior:

./streisand completes successfully

Actual Behavior:

It hangs whilst waiting to connect to the EC2 Instance, because the Security Group does not allow communication on SSH ports. Whilst the playbook appears to define many inbound rules, the actual Security Group seems to only contain a single rule.

Steps to Reproduce:

  1. ./streisand, selecting AWS when prompted

Additional Details:

Log output from Ansible or other relevant services (link to Gist for longer output):

Target Cloud Provider:

AWS

Operating System of target host:

streisand default, I believe this is Ubuntu

Operating System of client:

Ubuntu for Windows

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:        16.04
Codename:       xenial
Version of Ansible, using ansible --version :
$ ansible --version
ansible 2.3.1.0
  config file =
  configured module search path = Default w/o overrides
  python version = 2.7.13 (default, Apr  8 2017, 16:53:37) [GCC 4.8.4]
arefirewall aressh kinbug provideamazon

All 8 comments

I am seeing the same problem.

TASK [genesis-amazon : Wait until the server has finished booting and OpenSSH is accepting connections] *
fatal: [localhost]: FAILED! => {"changed": false, "elapsed": 600, "failed": true, "msg": "Timeout when waiting for search string OpenSSH in..."}

The created security group only has a single inbound custom UDP rule for port 51820.

Operating System of client is Ubnutu 16.04.2 LTS (running on a separate EC2 instance)

Version of Ansible is 2.3.1.0

I won't have time to look into this for a day or so.

If someone affected could try cloning the Streisand repo at bfa8b66e2f0d632b895ad6def30de1251bed149e and testing to see if the problem persists I would appreciate it. I touched the AWS security group role for the modular shadowsocks & wireguard PRs that landed on master and I'm guessing at face-value that it may have introduced this bug.

I checked out that repo ( https://github.com/jlund/streisand/commit/bfa8b66e2f0d632b895ad6def30de1251bed149e )and it did indeed work.

TASK [streisand-gateway : Success!] **********************
[streisand-gateway : Success!]
Server setup is complete. The streisand.html instructions file in the generated-docs folder is ready to give to friends, family members, and fellow activists. Press Enter to continue.:

I was able to reproduce this and merged a short term fix to master with #814. Thanks for reporting, apologies about the inconvenience!

@gpcrawford @jokeyrhyme You should be able to git pull the tip of master and create EC2 instances without running into this error.

Thanks for the quick work, @cpu :) Don't apologise, you don't owe anybody anything :)

Many thanks for the quick response, @cpu! I'll give it a try first thing tomorrow.

Tried it this morning and it worked great! Thanks.

@gpcrawford Perfect! Thanks for verifying!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

NightMachinary picture NightMachinary  路  5Comments

psionic12 picture psionic12  路  5Comments

obilodeau picture obilodeau  路  4Comments

TheNomad11 picture TheNomad11  路  5Comments

wicknet picture wicknet  路  5Comments