Bump ansible-core from 2.11.3 to 2.12.1 (#14375)

* Bump ansible-core from 2.11.3 to 2.12.1

Bumps [ansible-core](https://github.com/ansible/ansible) from 2.11.3 to 2.12.1.
- [Release notes](https://github.com/ansible/ansible/releases)
- [Commits](https://github.com/ansible/ansible/compare/v2.11.3...v2.12.1)

---
updated-dependencies:
- dependency-name: ansible-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update requirements.txt

* python and cache for actions

* switch to python 3.8

* wait for lxc network

* no point to support 18.04 in tests

* cipher fix for openssl_privatekey

* cipher fix for openssl_privatekey

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>

.github/workflows/main.yml

@@ -9,7 +9,8 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v2.3.1
         with:
-          python-version: '3.7'
+          python-version: '3.9'
+          cache: 'pip'
 
       - name: Install dependencies
         run: |
@@ -29,12 +30,13 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        UBUNTU_VERSION: ["18.04", "20.04"]
+        UBUNTU_VERSION: ["20.04"]
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v2.3.1
         with:
-          python-version: '3.7'
+          python-version: '3.9'
+          cache: 'pip'
 
       - name: Install dependencies
         run: |
@@ -88,12 +90,13 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        UBUNTU_VERSION: ["18.04", "20.04"]
+        UBUNTU_VERSION: ["20.04"]
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v2.3.1
         with:
-          python-version: '3.7'
+          python-version: '3.9'
+          cache: 'pip'
 
       - name: Install dependencies
         run: |

README.md

@@ -37,7 +37,7 @@ The easiest way to get an Algo server running is to run it on your local system
 
     - Run the command `git clone https://github.com/trailofbits/algo.git` to create a directory named `algo` containing the Algo scripts.
 
-3. **Install Algo's core dependencies.** Algo requires that **Python 3.6 or later** and at least one supporting package are installed on your system.
+3. **Install Algo's core dependencies.** Algo requires that **Python 3.8 or later** and at least one supporting package are installed on your system.
 
     - **macOS:** Catalina (10.15) and higher includes Python 3 as part of the optional Command Line Developer Tools package. From Terminal run:
 

docs/deploy-from-redhat-centos6.md

@@ -1,97 +0,0 @@
-# RedHat/CentOS 6.x pre-installation requirements
-
-Many people prefer RedHat or CentOS 6 (or similar variants like Amazon Linux) for to their stability and lack of systemd. Unfortunately, there are a number of dated libraries, notably Python 2.6, that prevent Algo from running without errors. This script will prepare a RedHat, CentOS, or similar VM to deploy to Algo cloud instances.
-
-## Step 1: Prep for RH/CentOS 6.8/Amazon
-
-```shell
-yum -y update
-yum -y install epel-release
-```
-
-Enable any kernel updates:
-
-```shell
-reboot
-```
-
-## Step 2: Install Ansible and launch Algo
-
-RedHat/CentOS 6.x uses Python 2.6 by default, which is explicitly deprecated and produces many warnings and errors, so we must install a safe, non-invasive 3.6 tool set which has to be expressly enabled (and will not survive login sessions and reboots):
-
-- Install the Software Collections Library (to enable Python 3.6)  
-```shell
-yum -y install centos-release-SCL
-yum -y install \
-  openssl-devel \
-  libffi-devel \
-  automake \
-  gcc \
-  gcc-c++ \
-  kernel-devel \
-  rh-python36-python \
-  rh-python36-python-devel \
-  rh-python36-python-setuptools \
-  rh-python36-python-pip \
-  rh-python36-python-virtualenv \
-  rh-python36-python-crypto \
-  rh-python36-PyYAML \
-  libselinux-python \
-  python-crypto \
-  wget \
-  unzip \
-  nano
-```
-
-- 3.6 will not be used until explicitly enabled, per login session. Enable 3.6 default for this session (needs re-run between logins & reboots)  
-```
-scl enable rh-python36 bash
-```
-
-- We're now defaulted to 3.6. Upgrade required components  
-```
-python3 -m pip install -U pip virtualenv pycrypto setuptools
-```
-
-- Download and uzip Algo  
-```
-wget https://github.com/trailofbits/algo/archive/master.zip
-unzip master.zip
-cd algo-master || echo "No Algo directory found"
-```
-
-- Set up a virtualenv and install the local Algo dependencies (must be run from algo-master)  
-```
-python3 -m virtualenv --python="$(command -v python3)" .env
-source .env/bin/activate
-python3 -m pip install -U pip virtualenv
-python3 -m pip install -r requirements.txt
-```
-
-- Edit the userlist and any other settings you desire  
-```
-nano config.cfg
-```
-
-- Now you can run the Algo installer!  
-```
-./algo
-```
-
-## Post-install macOS
-
-1. Copy `./configs/*mobileconfig` to your local Mac
-
-2. Install the VPN profile on your Mac (10.10+ required)
-
-    ```shell
-    /usr/bin/profiles -I -F ./x.x.x.x_NAME.mobileconfig
-    ```
-
-3. To remove:
-
-    ```shell
-    /usr/bin/profiles -D -F ./x.x.x.x_NAME.mobileconfig
-    ```
-
-The VPN connection will now appear under Networks (which can be pinned to the top menu bar if preferred)

docs/troubleshooting.md

@@ -42,7 +42,7 @@ Look here if you have a problem running the installer to set up a new Algo serve
 
 ### Python version is not supported
 
-The minimum Python version required to run Algo is 3.6. Most modern operation systems should have it by default, but if the OS you are using doesn't meet the requirements, you have to upgrade. See the official documentation for your OS, or manual download it from https://www.python.org/downloads/. Otherwise, you may [deploy from docker](deploy-from-docker.md)
+The minimum Python version required to run Algo is 3.8. Most modern operation systems should have it by default, but if the OS you are using doesn't meet the requirements, you have to upgrade. See the official documentation for your OS, or manual download it from https://www.python.org/downloads/. Otherwise, you may [deploy from docker](deploy-from-docker.md)
 
 ### Error: "You have not agreed to the Xcode license agreements"
 

main.yml

@@ -31,10 +31,10 @@
 
     - name: Verify Python meets Algo VPN requirements
       assert:
-        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.6', '>=')
+        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.8', '>=')
         msg: >
           Python version is not supported.
-          You must upgrade to at least Python 3.6 to use this version of Algo.
+          You must upgrade to at least Python 3.8 to use this version of Algo.
           See for more details - https://trailofbits.github.io/algo/troubleshooting.html#python-version-is-not-supported
 
     - name: Verify Ansible meets Algo VPN requirements

requirements.txt

@@ -1,4 +1,4 @@
-ansible-core==2.11.3
-ansible==4.4.0
+ansible-core==2.12.1
+ansible==5.0.1
 jinja2~=3.0.3
 netaddr

roles/ssh_tunneling/tasks/main.yml

@@ -64,7 +64,7 @@
       openssl_privatekey:
         path: "{{ ssh_tunnels_config_path }}/{{ item.item }}.pem"
         passphrase: "{{ p12_export_password }}"
-        cipher: aes256
+        cipher: auto
         force: false
       no_log: "{{ no_log|bool }}"
       when: not item.stat.exists

tests/pre-deploy.sh

@@ -25,14 +25,19 @@ lxc network attach lxdbr0 algo eth0 eth0
 lxc config device set algo eth0 ipv4.address 10.0.8.100
 lxc start algo
 
-if [[ ${UBUNTU_VERSION} == "20.04" ]]; then
-  lxc exec algo -- apt remove snapd --purge -y || true
-fi
-
 ip addr
 
 until dig A +short algo.lxd @10.0.8.1 | grep -vE '^$' > /dev/null; do
   sleep 3
 done
 
+case ${UBUNTU_VERSION} in
+  20.04)
+    lxc exec algo -- apt remove snapd --purge -y || true
+    ;;
+  18.04)
+    lxc exec algo -- apt install python3.8 -y
+    ;;
+esac
+
 lxc list