From 7203f33f2e1d81e06d90ad2a48be8f57b19ef5d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Dec 2021 23:52:34 +0300 Subject: [PATCH] Bump ansible-core from 2.11.3 to 2.12.1 (#14375) * Bump ansible-core from 2.11.3 to 2.12.1 Bumps [ansible-core](https://github.com/ansible/ansible) from 2.11.3 to 2.12.1. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/compare/v2.11.3...v2.12.1) --- updated-dependencies: - dependency-name: ansible-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * Update requirements.txt * python and cache for actions * switch to python 3.8 * wait for lxc network * no point to support 18.04 in tests * cipher fix for openssl_privatekey * cipher fix for openssl_privatekey Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jack Ivanov <17044561+jackivanov@users.noreply.github.com> --- .github/workflows/main.yml | 13 ++-- README.md | 2 +- docs/deploy-from-redhat-centos6.md | 97 ------------------------------ docs/troubleshooting.md | 2 +- main.yml | 4 +- requirements.txt | 4 +- roles/ssh_tunneling/tasks/main.yml | 2 +- tests/pre-deploy.sh | 13 ++-- 8 files changed, 24 insertions(+), 113 deletions(-) delete mode 100644 docs/deploy-from-redhat-centos6.md diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ac975df..527f7ed 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,7 +9,8 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-python@v2.3.1 with: - python-version: '3.7' + python-version: '3.9' + cache: 'pip' - name: Install dependencies run: | @@ -29,12 +30,13 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - UBUNTU_VERSION: ["18.04", "20.04"] + UBUNTU_VERSION: ["20.04"] steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2.3.1 with: - python-version: '3.7' + python-version: '3.9' + cache: 'pip' - name: Install dependencies run: | @@ -88,12 +90,13 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - UBUNTU_VERSION: ["18.04", "20.04"] + UBUNTU_VERSION: ["20.04"] steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2.3.1 with: - python-version: '3.7' + python-version: '3.9' + cache: 'pip' - name: Install dependencies run: | diff --git a/README.md b/README.md index a4c5b47..2c07fe0 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ The easiest way to get an Algo server running is to run it on your local system - Run the command `git clone https://github.com/trailofbits/algo.git` to create a directory named `algo` containing the Algo scripts. -3. **Install Algo's core dependencies.** Algo requires that **Python 3.6 or later** and at least one supporting package are installed on your system. +3. **Install Algo's core dependencies.** Algo requires that **Python 3.8 or later** and at least one supporting package are installed on your system. - **macOS:** Catalina (10.15) and higher includes Python 3 as part of the optional Command Line Developer Tools package. From Terminal run: diff --git a/docs/deploy-from-redhat-centos6.md b/docs/deploy-from-redhat-centos6.md deleted file mode 100644 index a0e6fb9..0000000 --- a/docs/deploy-from-redhat-centos6.md +++ /dev/null @@ -1,97 +0,0 @@ -# RedHat/CentOS 6.x pre-installation requirements - -Many people prefer RedHat or CentOS 6 (or similar variants like Amazon Linux) for to their stability and lack of systemd. Unfortunately, there are a number of dated libraries, notably Python 2.6, that prevent Algo from running without errors. This script will prepare a RedHat, CentOS, or similar VM to deploy to Algo cloud instances. - -## Step 1: Prep for RH/CentOS 6.8/Amazon - -```shell -yum -y update -yum -y install epel-release -``` - -Enable any kernel updates: - -```shell -reboot -``` - -## Step 2: Install Ansible and launch Algo - -RedHat/CentOS 6.x uses Python 2.6 by default, which is explicitly deprecated and produces many warnings and errors, so we must install a safe, non-invasive 3.6 tool set which has to be expressly enabled (and will not survive login sessions and reboots): - -- Install the Software Collections Library (to enable Python 3.6) -```shell -yum -y install centos-release-SCL -yum -y install \ - openssl-devel \ - libffi-devel \ - automake \ - gcc \ - gcc-c++ \ - kernel-devel \ - rh-python36-python \ - rh-python36-python-devel \ - rh-python36-python-setuptools \ - rh-python36-python-pip \ - rh-python36-python-virtualenv \ - rh-python36-python-crypto \ - rh-python36-PyYAML \ - libselinux-python \ - python-crypto \ - wget \ - unzip \ - nano -``` - -- 3.6 will not be used until explicitly enabled, per login session. Enable 3.6 default for this session (needs re-run between logins & reboots) -``` -scl enable rh-python36 bash -``` - -- We're now defaulted to 3.6. Upgrade required components -``` -python3 -m pip install -U pip virtualenv pycrypto setuptools -``` - -- Download and uzip Algo -``` -wget https://github.com/trailofbits/algo/archive/master.zip -unzip master.zip -cd algo-master || echo "No Algo directory found" -``` - -- Set up a virtualenv and install the local Algo dependencies (must be run from algo-master) -``` -python3 -m virtualenv --python="$(command -v python3)" .env -source .env/bin/activate -python3 -m pip install -U pip virtualenv -python3 -m pip install -r requirements.txt -``` - -- Edit the userlist and any other settings you desire -``` -nano config.cfg -``` - -- Now you can run the Algo installer! -``` -./algo -``` - -## Post-install macOS - -1. Copy `./configs/*mobileconfig` to your local Mac - -2. Install the VPN profile on your Mac (10.10+ required) - - ```shell - /usr/bin/profiles -I -F ./x.x.x.x_NAME.mobileconfig - ``` - -3. To remove: - - ```shell - /usr/bin/profiles -D -F ./x.x.x.x_NAME.mobileconfig - ``` - -The VPN connection will now appear under Networks (which can be pinned to the top menu bar if preferred) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 9bed267..75c73c6 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -42,7 +42,7 @@ Look here if you have a problem running the installer to set up a new Algo serve ### Python version is not supported -The minimum Python version required to run Algo is 3.6. Most modern operation systems should have it by default, but if the OS you are using doesn't meet the requirements, you have to upgrade. See the official documentation for your OS, or manual download it from https://www.python.org/downloads/. Otherwise, you may [deploy from docker](deploy-from-docker.md) +The minimum Python version required to run Algo is 3.8. Most modern operation systems should have it by default, but if the OS you are using doesn't meet the requirements, you have to upgrade. See the official documentation for your OS, or manual download it from https://www.python.org/downloads/. Otherwise, you may [deploy from docker](deploy-from-docker.md) ### Error: "You have not agreed to the Xcode license agreements" diff --git a/main.yml b/main.yml index 9ba9cc3..f990776 100644 --- a/main.yml +++ b/main.yml @@ -31,10 +31,10 @@ - name: Verify Python meets Algo VPN requirements assert: - that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.6', '>=') + that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.8', '>=') msg: > Python version is not supported. - You must upgrade to at least Python 3.6 to use this version of Algo. + You must upgrade to at least Python 3.8 to use this version of Algo. See for more details - https://trailofbits.github.io/algo/troubleshooting.html#python-version-is-not-supported - name: Verify Ansible meets Algo VPN requirements diff --git a/requirements.txt b/requirements.txt index 4714ad4..17ceef0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -ansible-core==2.11.3 -ansible==4.4.0 +ansible-core==2.12.1 +ansible==5.0.1 jinja2~=3.0.3 netaddr diff --git a/roles/ssh_tunneling/tasks/main.yml b/roles/ssh_tunneling/tasks/main.yml index ae9b25f..e4adb55 100644 --- a/roles/ssh_tunneling/tasks/main.yml +++ b/roles/ssh_tunneling/tasks/main.yml @@ -64,7 +64,7 @@ openssl_privatekey: path: "{{ ssh_tunnels_config_path }}/{{ item.item }}.pem" passphrase: "{{ p12_export_password }}" - cipher: aes256 + cipher: auto force: false no_log: "{{ no_log|bool }}" when: not item.stat.exists diff --git a/tests/pre-deploy.sh b/tests/pre-deploy.sh index 7f9528a..e5ce7c0 100755 --- a/tests/pre-deploy.sh +++ b/tests/pre-deploy.sh @@ -25,14 +25,19 @@ lxc network attach lxdbr0 algo eth0 eth0 lxc config device set algo eth0 ipv4.address 10.0.8.100 lxc start algo -if [[ ${UBUNTU_VERSION} == "20.04" ]]; then - lxc exec algo -- apt remove snapd --purge -y || true -fi - ip addr until dig A +short algo.lxd @10.0.8.1 | grep -vE '^$' > /dev/null; do sleep 3 done +case ${UBUNTU_VERSION} in + 20.04) + lxc exec algo -- apt remove snapd --purge -y || true + ;; + 18.04) + lxc exec algo -- apt install python3.8 -y + ;; +esac + lxc list