Installation Fails

[slips01]

Additional information on the failed install:

TASK [cloud-digitalocean : Get regions] ********************************************************************************************
fatal: [localhost]: FAILED! => {"cf_cache_status": "DYNAMIC", "cf_ray": "69b1d6518f19195d-EWR", "changed": false, "connection": "close", "content": "{"id": "Unauthorized", "message": "Unable to authenticate you" }", "content_length": "64", "content_type": "application/json", "date": "Fri, 08 Oct 2021 19:39:46 GMT", "elapsed": 0, "expect_ct": "max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"", "json": {"id": "Unauthorized", "message": "Unable to authenticate you"}, "msg": "Status code was 401 and not [200]: HTTP Error 401: Unauthorized", "redirected": false, "server": "cloudflare", "set_cookie": "__cf_bm=eExq3LkK_7MQvDWOGoJ2puHkK3TnYk57z5O4tdOfxAo-1633721986-0-AUQdv6dkoJIxptdjbt+cP4kyXVHco5pjDHH8cuuHAIiKhZCq6POtKjpSnEnYOPgwnm+tJPCkOXPkgaPQBAedjUBC1lRtbL439ZFinr52Vwia; path=/; expires=Fri, 08-Oct-21 20:09:46 GMT; domain=.digitalocean.com; HttpOnly; Secure; SameSite=None", "status": 401, "url": "https://api.digitalocean.com/v2/regions", "x_gateway": "Edge-Gateway", "x_request_id": "fea251e6-276e-4084-bdd8-858bd6a87459", "x_response_from": "Edge-Gateway"}
included: /Users/slips/algo-master/playbooks/rescue.yml for localhost

[davidemyers]

Make sure there's no problem with your DigitalOcean token, such as an issue with copying and pasting it correctly. See DigitalOcean cloud setup for how to create the token.

[slips01]

I had to download the DigitalOcean token a second time, and it seemed to work perfectly when I copied and pasted. Everything seemed to be downloading properly, and it took a while to get to the end, when it advised that the installation had failed. I am fairly incompetent technically, and trying to do this may be a bridge too far for me. Thanks for your help, though.

[davidemyers]

There should have been an error message of some kind prior to Algo printing "Sorry, but something went wrong!". Try to find it and post it here.

[slips01]

I seem to have lost the Terminal window with all the data and I don’t know how to retrieve that. I could start all over, I guess.

[slips01]

I am trying again to install and will save any error messages.

[slips01]

Error messages: [Aster:~] slips% cd algo-master [Aster:~/algo-master] slips% ./algo [WARNING]: Could not match supplied host pattern, ignoring: vpn-host TASK [Verify Ansible meets Algo VPN requirements] ********************************************************************************** ok: [localhost] => { "changed": false, "msg": "All assertions passed" } [WARNING]: Found variable using reserved name: no_log TASK [dnscrypt-proxy configured] *************************************************************************************************** ok: [139.59.66.103] [WARNING]: flush_handlers task does not support when conditional TASK [strongswan : Build the client's pair] **************************************************************************************** failed: [139.59.66.103] (item=steve iphone) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:steve ***@***.***\")) -keyout private/steve iphone.key -out reqs/steve iphone.req -nodes -passin ***@***.***\" -subj \"/CN=steve iphone\" -batch && openssl ca -utf8 -in reqs/steve iphone.req -out certs/steve iphone.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:steve ***@***.***\")) -days 3650 -batch -passin ***@***.***\" -subj \"/CN=steve iphone\" && touch certs/steve iphone_crt_generated\n", "delta": "0:00:00.026824", "end": "2021-10-09 10:29:30.430625", "item": "steve iphone", "msg": "non-zero return code", "rc": 1, "start": "2021-10-09 10:29:30.403801", "stderr": "unknown option iphone.key\nreq [options] <infile >outfile\nwhere options are\n -inform arg input format - DER or PEM\n -outform arg output format - DER or PEM\n -in arg input file\n -out arg output file\n -text text form of request\n -pubkey output public key\n -noout do not output REQ\n -verify verify signature on REQ\n -modulus RSA modulus\n -nodes don't encrypt the output key\n -subject output the request's subject\n -passin private key password source\n -key file use the private key contained in file\n -keyform arg key file format\n -keyout arg file to send the key to\n -newkey rsa:bits generate a new RSA key of 'bits' in size\n -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n -[digest] Digest to sign with (md5, sha1, md4)\n -config file request template file.\n -subj arg set or modify request subject\n -multivalue-rdn enable support for multivalued RDNs\n -new new request.\n -batch do not ask anything during request generation\n -x509 output a x509 structure instead of a cert. req.\n -days number of days a certificate generated by -x509 is valid for.\n -set_serial serial number to use for a certificate generated by -x509.\n -newhdr output \"NEW\" in the header lines\n -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n have been reported as requiring\n -extensions .. specify certificate extension section (override value in config file)\n -reqexts .. specify request extension section (override value in config file)\n -utf8 input characters are UTF8 (default ASCII)\n -nameopt arg - various certificate name options\n -reqopt arg - various request text options", "stderr_lines": ["unknown option iphone.key", "req [options] <infile >outfile", "where options are", " -inform arg input format - DER or PEM", " -outform arg output format - DER or PEM", " -in arg input file", " -out arg output file", " -text text form of request", " -pubkey output public key", " -noout do not output REQ", " -verify verify signature on REQ", " -modulus RSA modulus", " -nodes don't encrypt the output key", " -subject output the request's subject", " -passin private key password source", " -key file use the private key contained in file", " -keyform arg key file format", " -keyout arg file to send the key to", " -newkey rsa:bits generate a new RSA key of 'bits' in size", " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'", " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'", " -[digest] Digest to sign with (md5, sha1, md4)", " -config file request template file.", " -subj arg set or modify request subject", " -multivalue-rdn enable support for multivalued RDNs", " -new new request.", " -batch do not ask anything during request generation", " -x509 output a x509 structure instead of a cert. req.", " -days number of days a certificate generated by -x509 is valid for.", " -set_serial serial number to use for a certificate generated by -x509.", " -newhdr output \"NEW\" in the header lines", " -asn1-kludge Output the 'request' in a format that is wrong but some CA's", " have been reported as requiring", " -extensions .. specify certificate extension section (override value in config file)", " -reqexts .. specify request extension section (override value in config file)", " -utf8 input characters are UTF8 (default ASCII)", " -nameopt arg - various certificate name options", " -reqopt arg - various request text options"], "stdout": "", "stdout_lines": []} failed: [139.59.66.103] (item=steve macbook) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:steve ***@***.***\")) -keyout private/steve macbook.key -out reqs/steve macbook.req -nodes -passin ***@***.***\" -subj \"/CN=steve macbook\" -batch && openssl ca -utf8 -in reqs/steve macbook.req -out certs/steve macbook.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:steve ***@***.***\")) -days 3650 -batch -passin ***@***.***\" -subj \"/CN=steve macbook\" && touch certs/steve macbook_crt_generated\n", "delta": "0:00:00.009729", "end": "2021-10-09 10:29:30.699854", "item": "steve macbook", "msg": "non-zero return code", "rc": 1, "start": "2021-10-09 10:29:30.690125", "stderr": "unknown option macbook.key\nreq [options] <infile >outfile\nwhere options are\n -inform arg input format - DER or PEM\n -outform arg output format - DER or PEM\n -in arg input file\n -out arg output file\n -text text form of request\n -pubkey output public key\n -noout do not output REQ\n -verify verify signature on REQ\n -modulus RSA modulus\n -nodes don't encrypt the output key\n -subject output the request's subject\n -passin private key password source\n -key file use the private key contained in file\n -keyform arg key file format\n -keyout arg file to send the key to\n -newkey rsa:bits generate a new RSA key of 'bits' in size\n -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n -[digest] Digest to sign with (md5, sha1, md4)\n -config file request template file.\n -subj arg set or modify request subject\n -multivalue-rdn enable support for multivalued RDNs\n -new new request.\n -batch do not ask anything during request generation\n -x509 output a x509 structure instead of a cert. req.\n -days number of days a certificate generated by -x509 is valid for.\n -set_serial serial number to use for a certificate generated by -x509.\n -newhdr output \"NEW\" in the header lines\n -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n have been reported as requiring\n -extensions .. specify certificate extension section (override value in config file)\n -reqexts .. specify request extension section (override value in config file)\n -utf8 input characters are UTF8 (default ASCII)\n -nameopt arg - various certificate name options\n -reqopt arg - various request text options", "stderr_lines": ["unknown option macbook.key", "req [options] <infile >outfile", "where options are", " -inform arg input format - DER or PEM", " -outform arg output format - DER or PEM", " -in arg input file", " -out arg output file", " -text text form of request", " -pubkey output public key", " -noout do not output REQ", " -verify verify signature on REQ", " -modulus RSA modulus", " -nodes don't encrypt the output key", " -subject output the request's subject", " -passin private key password source", " -key file use the private key contained in file", " -keyform arg key file format", " -keyout arg file to send the key to", " -newkey rsa:bits generate a new RSA key of 'bits' in size", " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'", " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'", " -[digest] Digest to sign with (md5, sha1, md4)", " -config file request template file.", " -subj arg set or modify request subject", " -multivalue-rdn enable support for multivalued RDNs", " -new new request.", " -batch do not ask anything during request generation", " -x509 output a x509 structure instead of a cert. req.", " -days number of days a certificate generated by -x509 is valid for.", " -set_serial serial number to use for a certificate generated by -x509.", " -newhdr output \"NEW\" in the header lines", " -asn1-kludge Output the 'request' in a format that is wrong but some CA's", " have been reported as requiring", " -extensions .. specify certificate extension section (override value in config file)", " -reqexts .. specify request extension section (override value in config file)", " -utf8 input characters are UTF8 (default ASCII)", " -nameopt arg - various certificate name options", " -reqopt arg - various request text options"], "stdout": "", "stdout_lines": []} failed: [139.59.66.103] (item=barbara macbook) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:barbara ***@***.***\")) -keyout private/barbara macbook.key -out reqs/barbara macbook.req -nodes -passin ***@***.***\" -subj \"/CN=barbara macbook\" -batch && openssl ca -utf8 -in reqs/barbara macbook.req -out certs/barbara macbook.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:barbara ***@***.***\")) -days 3650 -batch -passin ***@***.***\" -subj \"/CN=barbara macbook\" && touch certs/barbara macbook_crt_generated\n", "delta": "0:00:00.009645", "end": "2021-10-09 10:29:30.969563", "item": "barbara macbook", "msg": "non-zero return code", "rc": 1, "start": "2021-10-09 10:29:30.959918", "stderr": "unknown option macbook.key\nreq [options] <infile >outfile\nwhere options are\n -inform arg input format - DER or PEM\n -outform arg output format - DER or PEM\n -in arg input file\n -out arg output file\n -text text form of request\n -pubkey output public key\n -noout do not output REQ\n -verify verify signature on REQ\n -modulus RSA modulus\n -nodes don't encrypt the output key\n -subject output the request's subject\n -passin private key password source\n -key file use the private key contained in file\n -keyform arg key file format\n -keyout arg file to send the key to\n -newkey rsa:bits generate a new RSA key of 'bits' in size\n -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n -[digest] Digest to sign with (md5, sha1, md4)\n -config file request template file.\n -subj arg set or modify request subject\n -multivalue-rdn enable support for multivalued RDNs\n -new new request.\n -batch do not ask anything during request generation\n -x509 output a x509 structure instead of a cert. req.\n -days number of days a certificate generated by -x509 is valid for.\n -set_serial serial number to use for a certificate generated by -x509.\n -newhdr output \"NEW\" in the header lines\n -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n have been reported as requiring\n -extensions .. specify certificate extension section (override value in config file)\n -reqexts .. specify request extension section (override value in config file)\n -utf8 input characters are UTF8 (default ASCII)\n -nameopt arg - various certificate name options\n -reqopt arg - various request text options", "stderr_lines": ["unknown option macbook.key", "req [options] <infile >outfile", "where options are", " -inform arg input format - DER or PEM", " -outform arg output format - DER or PEM", " -in arg input file", " -out arg output file", " -text text form of request", " -pubkey output public key", " -noout do not output REQ", " -verify verify signature on REQ", " -modulus RSA modulus", " -nodes don't encrypt the output key", " -subject output the request's subject", " -passin private key password source", " -key file use the private key contained in file", " -keyform arg key file format", " -keyout arg file to send the key to", " -newkey rsa:bits generate a new RSA key of 'bits' in size", " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'", " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'", " -[digest] Digest to sign with (md5, sha1, md4)", " -config file request template file.", " -subj arg set or modify request subject", " -multivalue-rdn enable support for multivalued RDNs", " -new new request.", " -batch do not ask anything during request generation", " -x509 output a x509 structure instead of a cert. req.", " -days number of days a certificate generated by -x509 is valid for.", " -set_serial serial number to use for a certificate generated by -x509.", " -newhdr output \"NEW\" in the header lines", " -asn1-kludge Output the 'request' in a format that is wrong but some CA's", " have been reported as requiring", " -extensions .. specify certificate extension section (override value in config file)", " -reqexts .. specify request extension section (override value in config file)", " -utf8 input characters are UTF8 (default ASCII)", " -nameopt arg - various certificate name options", " -reqopt arg - various request text options"], "stdout": "", "stdout_lines": []} failed: [139.59.66.103] (item=barbara iphone) => {"ansible_loop_var": "item", "changed": true, "cmd": "umask 077; openssl req -utf8 -new -newkey ec:ecparams/secp384r1.pem -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:barbara ***@***.***\")) -keyout private/barbara iphone.key -out reqs/barbara iphone.req -nodes -passin ***@***.***\" -subj \"/CN=barbara iphone\" -batch && openssl ca -utf8 -in reqs/barbara iphone.req -out certs/barbara iphone.crt -config <(cat openssl.cnf <(printf \"[basic_exts]\\nsubjectAltName=email:barbara ***@***.***\")) -days 3650 -batch -passin ***@***.***\" -subj \"/CN=barbara iphone\" && touch certs/barbara iphone_crt_generated\n", "delta": "0:00:00.009688", "end": "2021-10-09 10:29:31.238703", "item": "barbara iphone", "msg": "non-zero return code", "rc": 1, "start": "2021-10-09 10:29:31.229015", "stderr": "unknown option iphone.key\nreq [options] <infile >outfile\nwhere options are\n -inform arg input format - DER or PEM\n -outform arg output format - DER or PEM\n -in arg input file\n -out arg output file\n -text text form of request\n -pubkey output public key\n -noout do not output REQ\n -verify verify signature on REQ\n -modulus RSA modulus\n -nodes don't encrypt the output key\n -subject output the request's subject\n -passin private key password source\n -key file use the private key contained in file\n -keyform arg key file format\n -keyout arg file to send the key to\n -newkey rsa:bits generate a new RSA key of 'bits' in size\n -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n -[digest] Digest to sign with (md5, sha1, md4)\n -config file request template file.\n -subj arg set or modify request subject\n -multivalue-rdn enable support for multivalued RDNs\n -new new request.\n -batch do not ask anything during request generation\n -x509 output a x509 structure instead of a cert. req.\n -days number of days a certificate generated by -x509 is valid for.\n -set_serial serial number to use for a certificate generated by -x509.\n -newhdr output \"NEW\" in the header lines\n -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n have been reported as requiring\n -extensions .. specify certificate extension section (override value in config file)\n -reqexts .. specify request extension section (override value in config file)\n -utf8 input characters are UTF8 (default ASCII)\n -nameopt arg - various certificate name options\n -reqopt arg - various request text options", "stderr_lines": ["unknown option iphone.key", "req [options] <infile >outfile", "where options are", " -inform arg input format - DER or PEM", " -outform arg output format - DER or PEM", " -in arg input file", " -out arg output file", " -text text form of request", " -pubkey output public key", " -noout do not output REQ", " -verify verify signature on REQ", " -modulus RSA modulus", " -nodes don't encrypt the output key", " -subject output the request's subject", " -passin private key password source", " -key file use the private key contained in file", " -keyform arg key file format", " -keyout arg file to send the key to", " -newkey rsa:bits generate a new RSA key of 'bits' in size", " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'", " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'", " -[digest] Digest to sign with (md5, sha1, md4)", " -config file request template file.", " -subj arg set or modify request subject", " -multivalue-rdn enable support for multivalued RDNs", " -new new request.", " -batch do not ask anything during request generation", " -x509 output a x509 structure instead of a cert. req.", " -days number of days a certificate generated by -x509 is valid for.", " -set_serial serial number to use for a certificate generated by -x509.", " -newhdr output \"NEW\" in the header lines", " -asn1-kludge Output the 'request' in a format that is wrong but some CA's", " have been reported as requiring", " -extensions .. specify certificate extension section (override value in config file)", " -reqexts .. specify request extension section (override value in config file)", " -utf8 input characters are UTF8 (default ASCII)", " -nameopt arg - various certificate name options", " -reqopt arg - various request text options"], "stdout": "", "stdout_lines": []} included: /Users/slips/algo-master/playbooks/rescue.yml for 139.59.66.103

[davidemyers]

Don't use spaces in user names.

[slips01]

Thanks for trying, but that didn’t work. I guess I will go back to one of the other VPN companies.