Streisand: Install fails on ubuntu 16.04 minimal

Created on 2 Jan 2018  Â·  10Comments  Â·  Source: StreisandEffect/streisand

Expected behavior: installation completes without errors on fresh ubuntu 16.04 install

Actual Behavior: it doesn't, problem with the UFW

TASK [ufw : Ensure UFW is enabled and denies by default] **********************************
fatal: [XX.XX.186.136]: FAILED! => {"changed": false, "failed": true, "msg": "ERROR: problem running ufw-init\nmodprobe: ERROR: ../libkmod/libkmod.c:514 lookup_builtin_file() could not open builtin file '/lib/modules/4.4.0-042stab125.5/modules.builtin.bin'\nmodprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/4.4.0-042stab125.5\nmodprobe: ERROR: ../libkmod/libkmod.c:514 lookup_builtin_file() could not open builtin file '/lib/modules/4.4.0-042stab125.5/modules.builtin.bin'\nmodprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/4.4.0-042stab125.5\nmodprobe: ERROR: ../libkmod/libkmod.c:514 lookup_builtin_file() could not open builtin file '/lib/modules/4.4.0-042stab125.5/modules.builtin.bin'\nmodprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/4.4.0-042stab125.5\niptables-restore: line 30 failed\niptables-restore: line 10 failed\niptables-restore: line 35 failed\niptables-restore v1.6.0: Couldn't load target ufw-user-input':No such file or directory\n\nError occurred at line: 2\nTryiptables-restore -h' or 'iptables-restore --help' for more information.\nip6tables-restore: line 42 failed\nip6tables-restore: line 2 failed\nip6tables-restore: line 2 failed\nip6tables-restore: line 4 failed\nip6tables-restore: line 8 failed\nip6tables-restore v1.6.0: Couldn't load target ufw6-logging-deny':No such file or directory\n\nError occurred at line: 34\nTryip6tables-restore -h' or 'ip6tables-restore --help' for more information.\nip6tables-restore v1.6.0: Couldn't load target ufw6-skip-to-policy-input':No such file or directory\n\nError occurred at line: 19\nTryip6tables-restore -h' or 'ip6tables-restore --help' for more information.\nip6tables-restore: line 10 failed\nip6tables-restore: line 35 failed\nip6tables-restore v1.6.0: Couldn't load target ufw6-user-input':No such file or directory\n\nError occurred at line: 2\nTryip6tables-restore -h' or 'ip6tables-restore --help' for more information.\nsysctl: permission denied on key 'net.ipv4.tcp_sack'\n\nProblem running '/etc/ufw/after.rules'\nProblem running '/etc/ufw/user.rules'\nProblem running '/etc/ufw/before6.rules'\nProblem running '/etc/ufw/after6.rules'\nProblem running '/etc/ufw/user6.rules'\n\n"}

RUNNING HANDLER [ssh : Restart SSH] *****************************************
to retry, use: --limit @/home/user/streisand/playbooks/existing-server.retry

PLAY RECAP **************************************************
XX.XX.186.136 : ok=35 changed=21 unreachable=0 failed=1
localhost : ok=5 changed=1 unreachable=0 failed=0

Steps to Reproduce:

  1. install ubuntu 16.04 minimal with option 8
  2. install streisand with all default options
  • Shadowsocks enabled: True
  • Wireguard enabled: True
  • OpenVPN enabled: True
  • stunnel enabled: True
  • Tor enabled: True
  • Openconnect enabled: True
  • TinyProxy enabled: True
  • SSH forward user enabled: True
  • L2TP enabled: True
  • Configured number of VPN clients: 1

Additional Details:

Log output from Ansible or other relevant services (link to Gist for longer output):

Target Cloud Provider:
Operating System of target host:
Operating System of client:
Version of Ansible, using ansible --version :
Output from git rev-parse HEAD in your Streisand directory :
arefirewall kinquestion provideunsupported

Most helpful comment

so, cycling back on the issue.

HostEurope support have explained that UFW exceeds the server limits on the small Vservers (similar computing power of digitalocean entry level servers). Hence, UFW won't work and it's not an issue with streisand. Adding the provider URLs in case it can help other customers in the future. Thanks guys for your stellar support!

https://www.server4you.de/
https://www.hosteurope.de/en/

All 10 comments

Do you have a streisand-diagnostics.md file in your Streisand directory?

sorry, I thought I attached it earlier (but didn't)

Ansible Information

  • Ansible version: 2.4.1.0
  • Ansible system: Linux
  • Host OS: Ubuntu
  • Host OS version: 16.04
  • Python interpreter: python
  • Python version: 2.7.12

Streisand Information

  • Streisand Git revision: 59c3e94bf4504b667a537fb722119d887f777b70
  • Streisand Git clone has untracked changes: no
  • Genesis role: existing-server
  • Custom SSH key: False

Enabled Roles

  • Shadowsocks enabled: True
  • Wireguard enabled: True
  • OpenVPN enabled: True
  • stunnel enabled: True
  • Tor enabled: True
  • Openconnect enabled: True
  • TinyProxy enabled: True
  • SSH forward user enabled: True
  • L2TP enabled: True
  • Configured number of VPN clients: 1

Thanks for the diagnostics. Sometimes GitHub text entry boxes suck.

Just out of curiosity, which cloud provider were you targeting? I can try to reproduce on Vultr, which is normally the nastiest case.

Looks like errors related to ufw - I agree with @nopdotcom's assessment that this seems to be a provider specific "quirk".

It’s a German isp Server4You, belongs to host Europe afaik. Usually works
fine with everything. I had your application working on Digital ocean but
the speed was slow because I only had one core there.

On Tue, Jan 2, 2018 at 22:44 Jay Carlson notifications@github.com wrote:

Thanks for the diagnostics. Sometimes GitHub text entry boxes suck.

Just out of curiosity, which cloud provider were you targeting? I can try
to reproduce on Vultr, which is normally the nastiest case.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/StreisandEffect/streisand/issues/1131#issuecomment-354843373,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AScj9IYOSvbmfvPPK74qL0e1DkDLlbg-ks5tGniOgaJpZM4RQ5va
.

I had to reinstall because of the bug with the 30 days on the certificate

On Tue, Jan 2, 2018 at 22:58 Titus Hanke titus.hanke@gmail.com wrote:

It’s a German isp Server4You, belongs to host Europe afaik. Usually works
fine with everything. I had your application working on Digital ocean but
the speed was slow because I only had one core there.

On Tue, Jan 2, 2018 at 22:44 Jay Carlson notifications@github.com wrote:

Thanks for the diagnostics. Sometimes GitHub text entry boxes suck.

Just out of curiosity, which cloud provider were you targeting? I can try
to reproduce on Vultr, which is normally the nastiest case.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/StreisandEffect/streisand/issues/1131#issuecomment-354843373,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AScj9IYOSvbmfvPPK74qL0e1DkDLlbg-ks5tGniOgaJpZM4RQ5va
.

It’s a German isp Server4You, belongs to host Europe afaik.

@softwareuser99 Are you able to apt-get install ufw , ufw enable and ufw status without error on this server?

For what it's worth, http://cloud-images.ubuntu.com/xenial/20171221/ (aka current as of now) doesn't have a problem with a remote deploy as far as I can tell. Should I try a different one?

Hi both, thanks for your feedback. I can't select the image that the provider uses, however the UFW does indeed not enable without errors. I have contacted support accordingly and will update the thread once I hear back from them.

so, cycling back on the issue.

HostEurope support have explained that UFW exceeds the server limits on the small Vservers (similar computing power of digitalocean entry level servers). Hence, UFW won't work and it's not an issue with streisand. Adding the provider URLs in case it can help other customers in the future. Thanks guys for your stellar support!

https://www.server4you.de/
https://www.hosteurope.de/en/

Was this page helpful?
0 / 5 - 0 ratings

Related issues

hamidzr picture hamidzr  Â·  3Comments

sudoyum999 picture sudoyum999  Â·  4Comments

tomchiverton picture tomchiverton  Â·  6Comments

NightMachinary picture NightMachinary  Â·  5Comments

ape364 picture ape364  Â·  5Comments