-
Notifications
You must be signed in to change notification settings - Fork 2k
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information #1836
Comments
This appears to be affecting AWS targets as well. For reference: Ansible Information
Streisand Information
Untracked git changes:diff --git a/util/dependencies.txt b/util/dependencies.txt
index a7a5f9b..7b40033 100644
--- a/util/dependencies.txt
+++ b/util/dependencies.txt
@@ -4,6 +4,6 @@ python3-openssl
python3-dev
python3-setuptools
python3-venv
-python-cffi libffi-dev
+python3-cffi libffi-dev
libssl-dev
libcurl4-openssl-dev Enabled Roles
|
Honestly, at this point, I think the project has sadly been largely abandoned and we're just shouting into a black hole and hoping that someone will see it |
I'm still in the process and getting it back up and running fully. In my case the install succeed and serve the documentation and configs file, but iptables do not have adequat configuration. For you particular issues, I did the following workaround. ssh to the target :
|
This is due to a long-standing PGP key server vulnerability, triggered starting almost 2 years ago: There's a mitigation fix in GnuPG 2.2.17, however Ubuntu 16.04 has version 2.1.11: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html Fixed by commenting out the refresh for now.
Then got to another error:
Here it turns out the OpenVPN signing public key being installed is outdated:
Found a fix here: https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#Notesonexpiredkeys Updated like this:
The V2Ray option for shadowsocks also did not work. I've yet to retry without it.
Note: These Ansible playbooks are not idempotent, and not setup to allow the --start-at-task option to work. Configuration choices are not stored anywhere. Fixing bugs involves manually terminating instances and other things and restarting from scratch, answering all prompts (some in the middle), every time. Not the fastest. Perhaps there are tricks to debug and fix these scripts quickly I'm not aware of. The following is apparently needed for --start-at-task and doesn't seem to help:
|
FYI, retrying without V2Ray (as per my last post), the process went further and failed trying to install the WireGuard PPA. Which led me to this web page: https://computingforgeeks.com/setup-vpn-server-on-linux-using-streisand/ WireGuard is now part of standard repos and the attempt to to add a custom package archive (PPA) can simply be removed. Install succeeded after that fix. That page also suggests a solution similar to the last post for the GPG keyring issue. |
@HN-Smith But at the end I end-up with a running streissand UI serving the config and doc, but the client can't reach the openVPN server. I suspect something is wrong between iptable and ufw. I'm a bit stretch out by the amount of manual tweak I had to do. Streissand does provide very neat documentation and serve the client configs in a neat way. But... I'm starting to loose confidence in the setup, I don't trust myself to review the change I'm doing and I'm afraid to provide only a sense of privacy ( = a leaky VPN ) In addition, It's starting to be challenging to run the ansible script against the 16.04 as well, for instance my server provider don't propose that version anymore. I had to adapt to 18.04. Shame, I like that project and used it successfully for a long time. |
Expected behavior:
Refreshed the Streisand GPG keyring
Actual Behavior:
TASK [gpg : Refresh the Streisand GPG keyring with keyserver information] ************************************************************************************************************************************************************
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (10 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (9 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (8 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (7 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (6 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (5 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (4 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (3 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (2 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (1 retries left).
fatal: [localhost]: FAILED! => {"attempts": 10, "changed": true, "cmd": ["gpg2", "--no-default-keyring", "--keyring", "/root/.gnupg/streisand/pubring.gpg", " --keyserver-options", "timeout=120", "--refresh"], "delta": "0:00:00.529998", "end": "2021-03-10 13:07:32.375476", "msg": "non-zero return code", "rc": 2, "s tart": "2021-03-10 13:07:31.845478", "stderr": "gpg: refreshing 10 keys from hkps://gpg.mozilla.org\ngpg: keyserver refresh failed: General error", "stderr_l ines": ["gpg: refreshing 10 keys from hkps://gpg.mozilla.org", "gpg: keyserver refresh failed: General error"], "stdout": "", "stdout_lines": []}
Steps to Reproduce:
[ contents of
streisand-diagnostics.md
here ]Additional Details:
Log output from Ansible or other relevant services (link to Gist for longer output):
Target Cloud Provider:
Oracle Cloud (Localhost)
Operating System of target host:
Ubuntu 16.04
Operating System of client:
Localhost
Version of Ansible, using
ansible --version
:/home/ubuntu/streisand/venv/lib/python3.5/site-packages/ansible/parsing/vault/init.py:41: CryptographyDeprecationWarning: Python 3.5 support will be dropped in the next release of cryptography. Please upgrade your Python.
from cryptography.exceptions import InvalidSignature
ansible 2.8.4
config file = /home/ubuntu/streisand/ansible.cfg
configured module search path = ['/home/ubuntu/streisand/library']
ansible python module location = /home/ubuntu/streisand/venv/lib/python3.5/site-packages/ansible
executable location = /home/ubuntu/streisand/venv/bin/ansible
python version = 3.5.2 (default, Jan 26 2021, 13:30:48) [GCC 5.4.0 20160609]
Output from
git rev-parse HEAD
in your Streisand directory :af5eb7d
The text was updated successfully, but these errors were encountered: