From 90c2b1bbebfb8763a3d0d07cf6a3defaea4fa375 Mon Sep 17 00:00:00 2001 From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com> Date: Thu, 7 Dec 2023 17:54:08 -0500 Subject: [PATCH 1/4] upgrade ansible to 9.1.0 (#14673) * upgrade to 9.1.0 * python version * 3.11-alpine * missed python version --- .github/workflows/main.yml | 6 +++--- Dockerfile | 2 +- requirements.txt | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index dad810f..143ccb5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,7 +9,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-python@v2.3.2 with: - python-version: '3.9' + python-version: '3.11' cache: 'pip' - name: Install dependencies @@ -37,7 +37,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-python@v2.3.2 with: - python-version: '3.9' + python-version: '3.11' cache: 'pip' - name: Install dependencies @@ -101,7 +101,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-python@v2.3.2 with: - python-version: '3.9' + python-version: '3.11' cache: 'pip' - name: Install dependencies diff --git a/Dockerfile b/Dockerfile index 387d42e..84a9afa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3-alpine +FROM python:3.11-alpine ARG VERSION="git" ARG PACKAGES="bash libffi openssh-client openssl rsync tini gcc libffi-dev linux-headers make musl-dev openssl-dev rust cargo" diff --git a/requirements.txt b/requirements.txt index 886f8b4..6ef66f0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -ansible==6.1.0 +ansible==9.1.0 jinja2~=3.0.3 netaddr From a6ad0adc942fa32855b8027d6d80d87695109188 Mon Sep 17 00:00:00 2001 From: Alex Oswald Date: Thu, 7 Dec 2023 17:56:17 -0500 Subject: [PATCH 2/4] update digitalocean docs on droplets (#14659) Make note of smaller/cheaper droplets for DigitalOcean and document it. --- config.cfg | 2 ++ docs/cloud-do.md | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/config.cfg b/config.cfg index f1e102f..e8b6559 100644 --- a/config.cfg +++ b/config.cfg @@ -176,6 +176,8 @@ cloud_providers: sku: minimal-22_04-daily-lts version: latest digitalocean: + # See docs for extended droplet options, pricing, and availability. + # Possible values: 's-1vcpu-512mb-10gb', 's-1vcpu-1gb', ... size: s-1vcpu-1gb image: "ubuntu-22-04-x64" ec2: diff --git a/docs/cloud-do.md b/docs/cloud-do.md index 59596e0..88ec8e9 100644 --- a/docs/cloud-do.md +++ b/docs/cloud-do.md @@ -18,6 +18,18 @@ You will be returned to the **Tokens/Keys** tab, and your new key will be shown Copy or note down the hash that shows below the name you entered, as this will be necessary for the steps below. This value will disappear if you leave this page, and you'll need to regenerate it if you forget it. +## Select a Droplet (optional) + +The default option is the `s-1vcpu-1gb` because it is available in all regions. However, you may want to switch to a cheaper droplet such as `s-1vcpu-512mb-10gb` even though it is not available in all regions. This can be edited in the [Configuration File](config.cfg) under `cloud_providers > digitalocean > size`. See this brief comparison between the two droplets below: + +| Droplet Type | Monthly Cost | Bandwidth | Availability | +|:--|:-:|:-:|:--| +| `s-1vcpu-512mb-10gb` | $4/month | 0.5 TB | Limited | +| `s-1vcpu-1gb` | $6/month | 1.0 TB | All regions | +| ... | ... | ... | ... | + +*Note: Exceeding bandwidth limits costs $0.01/GiB at time of writing ([docs](https://docs.digitalocean.com/products/billing/bandwidth/#droplets)). See the live list of droplets [here](https://slugs.do-api.dev/).* + ## Using DigitalOcean with Algo (interactive) These steps are for those who run Algo using Docker or using the `./algo` command. From 67aa5fe881baffb2da70a4c971a2dab57e273288 Mon Sep 17 00:00:00 2001 From: Pavel Mishkovich Date: Thu, 7 Dec 2023 22:57:57 +0000 Subject: [PATCH 3/4] Add a linode entry to troubleshooting.md (#14632) --- docs/troubleshooting.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 75c73c6..5d6d488 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -23,6 +23,7 @@ First of all, check [this](https://github.com/trailofbits/algo#features) and ens * [Wireguard: Unable to find 'configs/...' in expected paths](#wireguard-unable-to-find-configs-in-expected-paths) * [Ubuntu Error: "unable to write 'random state'" when generating CA password](#ubuntu-error-unable-to-write-random-state-when-generating-ca-password) * [Timeout when waiting for search string OpenSSH in xxx.xxx.xxx.xxx:4160](#old-networking-firewall-in-place) + * [Linode Error: "Unable to query the Linode API. Saw: 400: The requested distribution is not supported by this stackscript.; "](#linode-error-uable-to-query-the-linode-api-saw-400-the-requested-distribution-is-not-supported-by-this-stackscript) * [Connection Problems](#connection-problems) * [I'm blocked or get CAPTCHAs when I access certain websites](#im-blocked-or-get-captchas-when-i-access-certain-websites) * [I want to change the list of trusted Wifi networks on my Apple device](#i-want-to-change-the-list-of-trusted-wifi-networks-on-my-apple-device) @@ -384,6 +385,11 @@ ok: [localhost] => { If you see this error then one possible explanation is that you have a previous firewall configured in your cloud hosting provider which needs to be either updated or ideally removed. Removing this can often fix this issue. +### Linode Error: "Unable to query the Linode API. Saw: 400: The requested distribution is not supported by this stackscript.; " + +StackScript is a custom deployment script that defines a set of configurations for a Linode instance (e.g. which distribution, specs, etc.). if you used algo with default values in the past deployments, a stackscript that would've been created is 're-used' in the deployment process (in fact, go see 'create Linodes' and under 'StackScripts' tab). Thus, there's a little chance that your deployment process will generate this 'unsupported stackscript' error due to a pre-existing StackScript that doesn't support a particular configuration setting or value due to an 'old' stackscript. The quickest solution is just to change the name of your deployment from the default value of 'algo' (or any other name that you've used before, again see the dashboard) and re-run the deployment. + + ## Connection Problems Look here if you deployed an Algo server but now have a problem connecting to it with a client. From c9352a180190275cef0715d18c798c3ffb604fb0 Mon Sep 17 00:00:00 2001 From: Disconnect3d Date: Tue, 12 Dec 2023 17:05:13 +0100 Subject: [PATCH 4/4] cloud-pre.yml: use 4096 bits for ssh rsa key (#14674) The ssh-key we generated used 2048 bits while even openssh's ssh-keygen defaults to 3072 nowadays [0]. While RSA-2048 is probably ok (?) and what NIST recommends for keys until around 2030, its probably better to switch to more bits. This is also just a temporary solution as we should also switch to ed25519. Thanks to Dan M (@dmur1 or dan@hexarcana.ch) for pointing this out. [0] https://github.com/openssh/openssh-portable/blob/19d3ee2f3adf7d9a606ff015c1e153744702c4c9/ssh-keygen.c#L83 --- playbooks/cloud-pre.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/cloud-pre.yml b/playbooks/cloud-pre.yml index da0019d..d513412 100644 --- a/playbooks/cloud-pre.yml +++ b/playbooks/cloud-pre.yml @@ -32,7 +32,7 @@ - name: Generate the SSH private key openssl_privatekey: path: "{{ SSH_keys.private }}" - size: 2048 + size: 4096 mode: "0600" type: RSA