Streisand: Cannot default deploy on DigitalOcean from CentOS7

Created on 20 Jun 2018  路  6Comments  路  Source: StreisandEffect/streisand

Expected behavior:

Create instance on DO

Actual Behavior:

Cannot

Steps to Reproduce:

  1. Default steps for DO

[ contents of streisand-diagnostics.md here ]

Additional Details:

Log output from Ansible or other relevant services (link to Gist for longer output):

$ ./streisand 

  S T R E I S A N D  

Which provider are you using?
  1. Amazon
  2. Azure
  3. DigitalOcean
  4. Google
  5. Linode
  6. Rackspace
  7. localhost (Advanced)
  8. Existing Server (Advanced)
: 3

Do you wish to customize which services Streisand will install?
By saying 'no' Streisand will use the settings configured in /home/user/.streisand/site.yml

Press enter to customize your installation: 

Confirmed. Customizing Streisand services.


 [WARNING]: Found both group and host with same name: localhost

/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
Enter the path to your SSH private key, or press enter for default  [~/.ssh/id_rsa]: 
How many VPN client profiles should be generated per-service (min: 1 max: 20)? Press enter for default  [5]: 10
Enable OpenConnect? Press enter for default  [yes]: 
Enable OpenVPN? Press enter for default  [yes]: 
Enable stunnel service (only allowed for OpenVPN)? Press enter for default  [yes]: 
Enable Shadowsocks? Press enter for default  [yes]: 
Enable SSH Forward User? (Note: A SOCKS proxy only user will be added, no shell). Press enter for default  [yes]: 
Enable sshuttle? (Note: A full shell access user will be added) Press enter for default  [no]: 
Enable tinyproxy? Press enter for default  [yes]: 
Enable Tor? Press enter for default  [yes]: 
Enable WireGuard? Press enter for default  [yes]: 

PLAY [Customize enabled Streisand services] *****************************************************************************************************************

TASK [lineinfile] *******************************************************************************************************************************************
changed: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

TASK [lineinfile] *******************************************************************************************************************************************
ok: [localhost]

PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=11   changed=1    unreachable=0    failed=0   



 [WARNING]: Found both group and host with same name: localhost

/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)

PLAY [Perform global variables validation] ******************************************************************************************************************

TASK [validation : Stat the Streisand SSH private key] ******************************************************************************************************
ok: [localhost]

TASK [validation : Fail if the Streisand SSH private key file doesn't exist] ********************************************************************************
skipping: [localhost]

TASK [validation : Stat the Streisand SSH public key] *******************************************************************************************************
ok: [localhost]

TASK [validation : Fail if the Streisand SSH public key file doesn't exist] *********************************************************************************
skipping: [localhost]

TASK [validation : Validate that OpenVPN optional variables are rational] ***********************************************************************************
skipping: [localhost]

TASK [validation : Validate that Tinyproxy optional variables are rational] *********************************************************************************
skipping: [localhost]

TASK [validation : Validate that sshutle optional variables are rational] ***********************************************************************************
skipping: [localhost]

TASK [validation : Validate that the maximum number of clients is set to a reasonable amount] ***************************************************************
skipping: [localhost]

TASK [validation : Validate that at least one VPN is specified] *********************************************************************************************
skipping: [localhost]

PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0   



 [WARNING]: Found both group and host with same name: localhost

/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
/usr/lib/python2.7/site-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.10.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
What region should the server be located in?
  1.  Amsterdam        (Datacenter 2)
  2.  Amsterdam        (Datacenter 3)
  3.  Bangalore
  4.  Frankfurt
  5.  London
  6.  New York         (Datacenter 1)
  7.  New York         (Datacenter 2)
  8.  New York         (Datacenter 3)
  9.  San Francisco    (Datacenter 1)
  10. San Francisco    (Datacenter 2)
  11. Singapore
  12. Toronto
Please choose the number of your region. Press enter for default (#2) region.
 [2]: 10

What should the server be named? Press enter for default (streisand).
 [streisand]: satan

Personal Access Tokens allow Streisand to create a droplet for you.
New Personal Access Tokens can be generated in the DigitalOcean control panel.
To generate a new token please do the following:
      * Go to https://cloud.digitalocean.com/settings/applications
      * Click 'Generate New Token'
      * Give the token a name (it is arbitrary)
      * Be sure to select the 'Write' scope as well (this is not optional)
      * Click 'Generate Token'
      * Copy the long string that is generated and paste it below.
If this field is left blank, the environment variable DO_API_KEY will be used.

What is your DigitalOcean Personal Access Token?
: *****


The following information can be found on your DigitalOcean control panel.
https://cloud.digitalocean.com/settings/security

What is the name of the DigitalOcean SSH key that you would like to use?
  * If you have never uploaded an SSH key to DigitalOcean then the default
    value will work!
  * This key should match your Streisand SSH key file (default: ~/.ssh/id_rsa.pub).
  * DigitalOcean requires SSH keys to be unique. You cannot upload multiple
    keys that have the same value under different names.

    If you see an error that says 'SSH Key failed to be created' once the setup
    process starts, then this is the problem. You can retry the setup process
    using the name of the existing SSH key from the DigitalOcean control panel
    that matches the contents of your RSA public key.
 [streisand]: 

Streisand will now set up your server. This process usually takes around ten minutes. Press Enter to begin setup...
: 

PLAY [Provision the DigitalOcean Server] ********************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************
ok: [localhost]

TASK [genesis-digitalocean : set_fact] **********************************************************************************************************************
ok: [localhost]

TASK [genesis-digitalocean : Get the ~/.ssh/id_rsa.pub contents] ********************************************************************************************
ok: [localhost]

TASK [genesis-digitalocean : Set the DigitalOcean Access Token fact to the value that was entered, or attempt to retrieve it from the environment if the entry is blank] ***
ok: [localhost]

TASK [genesis-digitalocean : Add the SSH key to DigitalOcean if it doesn't already exist] *******************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "dopy >= 0.3.2 required for this module"}

TASK [genesis-digitalocean : fail] **************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "* The API Access Token might be incorrect or missing the Write Scope. OR * The SSH key may already exist in the DigitalOcean Control Panel under a different name. OR * The dopy Python module might not be installed. Use `pip install dopy==0.3.5` to install this module. On the latest version of macOS, dopy > 0.3.5 is currently broken."}
    to retry, use: --limit @/home/user/proj/streisand/playbooks/digitalocean.retry

PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=4    changed=0    unreachable=0    failed=2   


Target Cloud Provider:

DigitalOcean

Operating System of target host:

default

Operating System of client:

CentOS7 - where I run ./streisand

Version of Ansible, using ansible --version :
$ ansible --version
ansible 2.5.5
  config file = /home/user/proj/streisand/ansible.cfg
  configured module search path = [u'/home/user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Output from git rev-parse HEAD in your Streisand directory :

e5ba596fef3299b3a0887aca14f1d558163f2144

arepython-deps providedigital-ocean statublockedep

Most helpful comment

@antmak I edited your original post to mask the digital ocean access token, as that should remain private to you only. Since it has already been posted, I would recommend deleting and create a fresh one.

All 6 comments

I thinks the problem with pip dependencies. Fedora27 works fine

Yeah. I've added CentOS 7 instructions to #1347.

Thanks! I have to check on a clean system, because I tried to use your branch (virtualenv) and had some issues on authentication stage, and some other warnings on python packages...

(I installed streisand via fedora) Sadly many features doesn't work on CentOS 7 clients: sstunel is too old (minor, need to fix a client config explicitly to 'TLSv1.3'), NetworkManager too old (doesn't support tls-cipher [i used tls-auth instead] ). Finally I couldn't get to work openvpn over sstunel - connection was established but packages didn't pass. Without sstunel the openvpn works (via NM, with workarounds in configs).

If i'll have time I take a look on this later

@antmak I edited your original post to mask the digital ocean access token, as that should remain private to you only. Since it has already been posted, I would recommend deleting and create a fresh one.

Thank you for your vigilance!

I'm going to claim this was resolved by #1347. Could you reopen if there's still a problem?

Was this page helpful?
0 / 5 - 0 ratings