Merge branch 'master' into ocserv_cli_instructions

alimakki · web-flow · commit e902ba99bd40 · 2018-09-22T19:07:56.000-04:00
diff --git a/global_vars/default-site.yml b/global_vars/default-site.yml
@@ -20,5 +20,5 @@ streisand_ssh_forward_enabled: yes
 streisand_sshuttle_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_wireguard_enabled: yes
diff --git a/global_vars/integration/test-site.yml b/global_vars/integration/test-site.yml
@@ -16,7 +16,7 @@ streisand_ssh_forward_enabled: yes
 streisand_openvpn_enabled: yes
 streisand_wireguard_enabled: yes
 streisand_openconnect_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
 # TODO(@cpu): The services below need some manner of integration test written
diff --git a/global_vars/noninteractive/amazon-site.yml b/global_vars/noninteractive/amazon-site.yml
@@ -23,7 +23,7 @@ streisand_ssh_forward_enabled: yes
 streisand_sshuttle_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_wireguard_enabled: yes
 
 # The AWS region number.
diff --git a/global_vars/noninteractive/azure-site.yml b/global_vars/noninteractive/azure-site.yml
@@ -23,7 +23,7 @@ streisand_ssh_forward_enabled: yes
 streisand_sshuttle_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_wireguard_enabled: yes
 
 # The region to deploy into.
diff --git a/global_vars/noninteractive/digitalocean-site.yml b/global_vars/noninteractive/digitalocean-site.yml
@@ -27,7 +27,7 @@ streisand_ssh_forward_enabled: yes
 streisand_sshuttle_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_wireguard_enabled: yes
 
 # The Digital Ocean region number.
diff --git a/global_vars/noninteractive/google-site.yml b/global_vars/noninteractive/google-site.yml
@@ -22,7 +22,7 @@ streisand_ssh_forward_enabled: yes
 streisand_sshuttle_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_wireguard_enabled: yes
 
 # Server location:
diff --git a/global_vars/noninteractive/linode-site.yml b/global_vars/noninteractive/linode-site.yml
@@ -21,7 +21,7 @@ streisand_ssh_forward_enabled: yes
 streisand_sshuttle_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_wireguard_enabled: yes
 
 # Choose the server location.
diff --git a/global_vars/noninteractive/local-site.yml b/global_vars/noninteractive/local-site.yml
@@ -22,7 +22,7 @@ streisand_ssh_forward_enabled: yes
 streisand_sshuttle_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_wireguard_enabled: yes
 
 # Definitions needed for Let's Encrypt HTTPS (or TLS) certificate setup.
diff --git a/global_vars/noninteractive/rackspace-site.yml b/global_vars/noninteractive/rackspace-site.yml
@@ -21,7 +21,7 @@ streisand_ssh_forward_enabled: yes
 streisand_sshuttle_enabled: no
 streisand_stunnel_enabled: yes
 streisand_tinyproxy_enabled: yes
-streisand_tor_enabled: yes
+streisand_tor_enabled: no
 streisand_wireguard_enabled: yes
 
 # Choose the region to deploy into.
diff --git a/playbooks/customize.yml b/playbooks/customize.yml
@@ -41,8 +41,8 @@
       default: "yes"
       private: no
     - name: streisand_tor_enabled
-      prompt: "Enable Tor? Press enter for default "
-      default: "yes"
+      prompt: "Enable Tor? (UPSTREAM IS BROKEN) Press enter for default "
+      default: "no"
       private: no
     - name: streisand_wireguard_enabled
       prompt: "Enable WireGuard? Press enter for default "
diff --git a/playbooks/roles/common/vars/main.yml b/playbooks/roles/common/vars/main.yml
@@ -126,3 +126,6 @@ streisand_my_ip_url: https://duckduckgo.com/?q=ip+address
 # Ciphersuites recommended from Mozilla's Modern compatibility profile
 # https://wiki.mozilla.org/Security/Server_Side_TLS
 streisand_tls_ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256"
+
+apt_repository_retries: 10
+apt_repository_delay: 20
diff --git a/playbooks/roles/lets-encrypt/tasks/install.yml b/playbooks/roles/lets-encrypt/tasks/install.yml
@@ -8,6 +8,10 @@
 - name: Add the official acmetool repository
   apt_repository:
     repo: "deb http://ppa.launchpad.net/hlandau/rhea/{{ ansible_distribution|lower }} {{ ansible_lsb.codename }} main"
+  register: le_add_apt_repository
+  until: not le_add_apt_repository.failed
+  retries: "{{ apt_repository_retries }}"
+  delay: "{{ apt_repository_delay }}"
 
 - name: Install acmetool
   apt:
diff --git a/playbooks/roles/nginx/tasks/main.yml b/playbooks/roles/nginx/tasks/main.yml
@@ -15,6 +15,11 @@
 - name: Add the official Nginx repository
   apt_repository:
     repo: "deb https://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_lsb.codename }} nginx"
+  register: nginx_add_apt_repository
+  until: not nginx_add_apt_repository.failed
+  retries: "{{ apt_repository_retries }}"
+  delay: "{{ apt_repository_delay }}"
+
 
 - name: Install Nginx
   apt:
diff --git a/playbooks/roles/openconnect/tasks/install.yml b/playbooks/roles/openconnect/tasks/install.yml
@@ -1,8 +1,18 @@
 ---
+
+# It *shouldn't* be necessary to run this particular apt_repository
+# call in a "retry" loop; enabling Universe doesn't reach out to the
+# network, so this shouldn't have transient failures. For the sake of
+# consistency with the other apt_repository calls, it does retry.
+
 - name: Enable the Universe repository
   apt_repository:
     repo: "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} universe"
     state: present
+  register: openconnect_add_apt_repository
+  until: not openconnect_add_apt_repository.failed
+  retries: "{{ apt_repository_retries }}"
+  delay: "{{ apt_repository_delay }}"
 
 - name: Install ocserv
   apt:
diff --git a/playbooks/roles/openvpn/tasks/install.yml b/playbooks/roles/openvpn/tasks/install.yml
@@ -10,6 +10,10 @@
   apt_repository:
     repo: 'deb https://build.openvpn.net/debian/openvpn/stable {{ ansible_lsb.codename }} main'
     state: present
+  register: openvpn_add_apt_repository
+  until: not openvpn_add_apt_repository.failed
+  retries: "{{ apt_repository_retries }}"
+  delay: "{{ apt_repository_delay }}"
 
 - name: Install OpenVPN and its dependencies from APT
   apt:
diff --git a/playbooks/roles/shadowsocks/tasks/main.yml b/playbooks/roles/shadowsocks/tasks/main.yml
@@ -9,6 +9,10 @@
 - name: Add the Shadowsocks PPA
   apt_repository:
     repo: 'ppa:max-c-lv/shadowsocks-libev'
+  register: shadowsocks_add_apt_repository
+  until: not shadowsocks_add_apt_repository.failed
+  retries: "{{ apt_repository_retries }}"
+  delay: "{{ apt_repository_delay }}"
 
 - name: Install shadowsocks-libev
   apt:
diff --git a/playbooks/roles/streisand-gateway/tasks/main.yml b/playbooks/roles/streisand-gateway/tasks/main.yml
@@ -58,6 +58,10 @@
   # TODO:
   #   Add to CI testing https://github.com/StreisandEffect/streisand/issues/643
 - block:
+    - name: Keep a copy of our diagnostics on the server
+      copy:
+        src: ../../../../streisand-diagnostics.md
+        dest: "{{ streisand_gateway_location }}/streisand-diagnostics.md"
 
     # generate the streisand server instructions and documentation
     - include_tasks: docs.yml
diff --git a/playbooks/roles/tor-bridge/tasks/main.yml b/playbooks/roles/tor-bridge/tasks/main.yml
@@ -9,6 +9,10 @@
 - name: Add the Tor repository
   apt_repository:
     repo: 'deb https://deb.torproject.org/torproject.org {{ ansible_lsb.codename }} main'
+  register: tor_add_apt_repository
+  until: not tor_add_apt_repository.failed
+  retries: "{{ apt_repository_retries }}"
+  delay: "{{ apt_repository_delay }}"
 
 - name: Install the package to keep the Tor signing key current
   apt:
diff --git a/playbooks/roles/wireguard/tasks/install.yml b/playbooks/roles/wireguard/tasks/install.yml
@@ -7,6 +7,10 @@
 - name: Add the WireGuard PPA
   apt_repository:
     repo: 'ppa:wireguard/wireguard'
+  register: wireguard_add_apt_repository
+  until: not wireguard_add_apt_repository.failed
+  retries: "{{ apt_repository_retries }}"
+  delay: "{{ apt_repository_delay }}"
 
 - name: Install the WireGuard packages
   apt:
