How do I uninstall Algo? #407
Comments
|
We don't support uninstalls |
|
Nevermind :). I've cloned my server and am back online. |
|
It is insane for a product with no uninstall instructions. |
|
You must put a huge warning that this cannot be uninstalled. That way I would have at least made a snapshot (I wanted to try this server out... It's simple to install, impossible to remove, my soon-arriving Raspberry Pi will never see this one installed... I'm pissed that my Linux VM is permanently screwed due to not having a snapshot to roll back to -- I had deleted them for space :( ) |
It isn't impossible to remove, just difficult as you'll have to remove each piece separately. And try to roll back iptables. See #1280. SOP for any vital computer, always, is to make backups first. |
|
For what its worth, i spent hours trying to fix my VPS where i tried installing algo, without knowing it can messup everything else. My server had a docker setup, and i had to do a lot of hit and try(given my lack of experience in handling network interface configurations) to get my server back to accept input connections for the site it was hosting(in a dockerized environment). Following is summary: 1- It messed up my docker's network interfaces, my docker images were not able to access internet, fixed it by stopping docker and resetting docker network. This is where i knew i was onto something, as it was clearly dropping input packets. Again followed a random advice to change input policy to ACCEPT I hope it helps. |
You essentially disabled the firewall. Might be what you want, might be not. I'd recommend default drop and explicit rules for the services you want to export. Alternatively you can have your router play the firewall instead. |
Thanks for the guidance, any guidance on how to do that? |
If you have a router, ensure it only does NAT and only port forwards what you need, nothing else. Also ensure it doesn't have IPv6, otherwise you need to use the built in firewall properly as well which is nontrivial (I had 3 weeks (9 hours theory, 9 practice) worth of lessons at a subject in college dedicated to proper usage of iptables) |
|
Uninstall script would have saved my life ! |
|
If you installed Algo on AWS EC2 with the installer, you can go to the AWS Cloudformation Console and just delete the stack. That will delete the resources that were created by Algo. |
|
I had the same problem recently and I simply checked my firewall and allowed port 80. all my services started working fine. also ensure you have ssh allowed so you dont get locked out. |
|
bro... I'm on a VDS.. u should rlly give a big telling-off |
OS / Environment
local environment - ubuntu 16 on an aws ec2 (webserver).
Ansible version
ansible --version
ansible 2.0.0.2
config file = /home/ubuntu/algo-master/ansible.cfg
configured module search path = Default w/o overrides
Version of components from
requirements.txtDoesn't really show anything...
pip show msrestazure
You are using pip version 8.1.1, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Summary of the problem
I would like to remove Algo (configs and running services) as I think it messed up my server :) as my websites are not accessible anymore, although I can telnet to the server port 80/443.
Steps to reproduce the behavior
Downloaded Algo;
Ran the 3 commands from the readme;
Ran ./algo;
The way of deployment (cloud or local)
local (ubuntu 16 web server on aws)
Expected behavior
Expected Algo to work as a simple vpn server service, not mess up with the entire server config.
Actual behavior
Had a failure in the install process (because I used a user that was already logged in (ubuntu), thought it needed an existing user as it wasn't clear - and didn't want to use the default root user) - see below the log.
Full log
What provider would you like to use?
1. DigitalOcean
2. Amazon EC2
3. Microsoft Azure
4. Google Compute Engine (only for testing, see issue #369)
5. Install to existing Ubuntu 16.04 server
Enter the number of your desired provider
: 2
Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
Note: Make sure to use either your root key (recommended) or an IAM user with an acceptable policy attached
[pasted values will not be displayed]
[AKIA...]:
(env) ubuntu@ip-172-31-4-75:~/algo-master$ ./algo
What provider would you like to use?
1. DigitalOcean
2. Amazon EC2
3. Microsoft Azure
4. Google Compute Engine (only for testing, see issue #369)
5. Install to existing Ubuntu 16.04 server
Enter the number of your desired provider
: 5
Enter the IP address of your server: (or use localhost for local installation)
: localhost
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
[root]: ubuntu
Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)
[localhost]: 35.157.108.101
Was this server deployed by Algo previously?
[y/N]: n
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]: y
Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]: y
List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:
Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]: n
Do you want each user to have their own account for SSH tunneling?
[y/N]: y
Do you want to apply operating system security enhancements on the server? (warning: replaces your sshd_config)
[y/N]: n
Do you want the VPN to support Windows 10 clients? (requires RSA certificates and key exchange, less secure)
[y/N]: n
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]: n
PLAY [Configure the server] ****************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [Generate the SSH private key] ********************************************
changed: [localhost -> localhost]
TASK [Generate the SSH public key] *********************************************
ok: [localhost -> localhost]
TASK [Change mode for the SSH private key] *************************************
ok: [localhost -> localhost]
TASK [Ensure the dynamic inventory exists] *************************************
changed: [localhost]
TASK [Ensure the local ssh directory is exist] *********************************
skipping: [localhost]
TASK [Copy the algo ssh key to the local ssh directory] ************************
skipping: [localhost]
TASK [Configure the local ssh config] ******************************************
skipping: [localhost]
TASK [local : Add the instance to an inventory group] **************************
skipping: [localhost]
TASK [local : Add the instance to an inventory group] **************************
changed: [localhost]
TASK [local : set_fact] ********************************************************
ok: [localhost]
TASK [local : Ensure the group local exists in the dynamic inventory file] *****
changed: [localhost]
TASK [local : Populate the dynamic inventory] **********************************
changed: [localhost]
PLAY [Configure the server and install required software] **********************
TASK [Check the system] ********************************************************
changed: [localhost]
TASK [Ubuntu | Install prerequisites] ******************************************
changed: [localhost]
TASK [FreeBSD / HardenedBSD | Install prerequisites] ***************************
skipping: [localhost]
TASK [FreeBSD / HardenedBSD | Configure defaults] ******************************
skipping: [localhost]
TASK [set_fact] ****************************************************************
skipping: [localhost]
TASK [common : Gather Facts] ***************************************************
ok: [localhost]
TASK [common : Loopback for services configured] *******************************
changed: [localhost]
TASK [common : Loopback included into the network config] **********************
changed: [localhost]
RUNNING HANDLER [common : restart loopback] ************************************
changed: [localhost]
TASK [common : set_fact] *******************************************************
ok: [localhost]
TASK [common : set_fact] *******************************************************
skipping: [localhost]
TASK [common : Loopback included into the rc config] ***************************
skipping: [localhost]
TASK [common : Enable the gateway features] ************************************
skipping: [localhost] => (item={u'value': u'"open"', u'param': u'firewall_type'})
skipping: [localhost] => (item={u'value': u'"YES"', u'param': u'firewall_enable'})
skipping: [localhost] => (item={u'value': u'"YES"', u'param': u'gateway_enable'})
skipping: [localhost] => (item={u'value': u'"YES"', u'param': u'natd_enable'})
skipping: [localhost] => (item={u'value': u'""', u'param': u'natd_interface'})
skipping: [localhost] => (item={u'value': u'"-dynamic -m"', u'param': u'natd_flags'})
TASK [common : Install tools] **************************************************
changed: [localhost] => (item=[u'git', u'screen', u'apparmor-utils', u'uuid-runtime', u'coreutils', u'sendmail', u'iptables-persistent', u'cgroup-tools', u'openssl'])
TASK [common : Sysctl tuning] **************************************************
changed: [localhost] => (item={u'item': u'net.ipv4.ip_forward', u'value': 1})
changed: [localhost] => (item={u'item': u'net.ipv4.conf.all.forwarding', u'value': 1})
changed: [localhost] => (item={u'item': u'net.ipv6.conf.all.forwarding', u'value': 1})
TASK [vpn : Gather Facts] ******************************************************
ok: [localhost]
TASK [vpn : Enable IPv6] *******************************************************
skipping: [localhost]
TASK [vpn : Generate password for the CA key] **********************************
changed: [localhost]
TASK [vpn : set_fact] **********************************************************
ok: [localhost]
TASK [vpn : Change the algorithm to RSA] ***************************************
skipping: [localhost]
TASK [vpn : Ensure that the strongswan group exist] ****************************
changed: [localhost]
TASK [vpn : Ensure that the strongswan user exist] *****************************
changed: [localhost]
TASK [vpn : set_fact] **********************************************************
ok: [localhost]
TASK [vpn : Ubuntu | Install strongSwan] ***************************************
changed: [localhost]
TASK [vpn : Ubuntu | Enforcing ipsec with apparmor] ****************************
skipping: [localhost] => (item=/usr/lib/ipsec/charon)
skipping: [localhost] => (item=/usr/lib/ipsec/lookip)
skipping: [localhost] => (item=/usr/lib/ipsec/stroke)
TASK [vpn : Ubuntu | Enable services] ******************************************
ok: [localhost] => (item=apparmor)
ok: [localhost] => (item=strongswan)
ok: [localhost] => (item=netfilter-persistent)
TASK [vpn : Ubuntu | Ensure that the strongswan service directory exist] *******
changed: [localhost]
TASK [vpn : Ubuntu | Setup the cgroup limitations for the ipsec daemon] ********
changed: [localhost]
TASK [vpn : Iptables configured] ***********************************************
changed: [localhost] => (item={u'dest': u'/etc/iptables/rules.v4', u'src': u'rules.v4.j2'})
TASK [vpn : Iptables configured] ***********************************************
skipping: [localhost] => (item={u'dest': u'/etc/iptables/rules.v6', u'src': u'rules.v6.j2'})
TASK [vpn : FreeBSD / HardenedBSD | Get the existing kernel parameters] ********
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | Set the rebuild_needed fact] ***************
skipping: [localhost] => (item=IPSEC_NAT_T)
skipping: [localhost] => (item=IPSEC)
skipping: [localhost] => (item=crypto)
TASK [vpn : FreeBSD / HardenedBSD | Make the kernel config] ********************
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | Ensure the all options are enabled] ********
skipping: [localhost] => (item=options IPSEC_NAT_T)
skipping: [localhost] => (item=options IPSEC)
skipping: [localhost] => (item=device crypto)
TASK [vpn : HardenedBSD | Determine the sources] *******************************
skipping: [localhost]
TASK [vpn : FreeBSD | Determine the sources] ***********************************
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | Increase the git postBuffer size] **********
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | Fetching the sources...] *******************
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | Fetching the sources...] *******************
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | The kernel is being built...] **************
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | The kernel is being built...] **************
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | Reboot] ************************************
skipping: [localhost]
TASK [vpn : FreeBSD / HardenedBSD | Enable strongswan] *************************
skipping: [localhost]
TASK [vpn : Install strongSwan] ************************************************
ok: [localhost]
TASK [vpn : Setup the config files from our templates] *************************
changed: [localhost] => (item={u'dest': u'/etc/strongswan.conf', u'src': u'strongswan.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.conf', u'src': u'ipsec.conf.j2', u'group': u'root', u'mode': u'0644', u'owner': u'root'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.secrets', u'src': u'ipsec.secrets.j2', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
TASK [vpn : Get loaded plugins] ************************************************
changed: [localhost]
TASK [vpn : Disable unneeded plugins] ******************************************
skipping: [localhost] => (item=socket-default)
changed: [localhost] => (item=constraints)
changed: [localhost] => (item=attr)
skipping: [localhost] => (item=sha2)
skipping: [localhost] => (item=stroke)
changed: [localhost] => (item=sshkey)
changed: [localhost] => (item=agent)
changed: [localhost] => (item=md4)
changed: [localhost] => (item=pkcs1)
changed: [localhost] => (item=xcbc)
skipping: [localhost] => (item=pkcs8)
skipping: [localhost] => (item=aes)
changed: [localhost] => (item=fips-prf)
changed: [localhost] => (item=dnskey)
skipping: [localhost] => (item=random)
skipping: [localhost] => (item=revocation)
changed: [localhost] => (item=gmp)
skipping: [localhost] => (item=nonce)
changed: [localhost] => (item=md5)
changed: [localhost] => (item=resolve)
changed: [localhost] => (item=test-vectors)
changed: [localhost] => (item=connmark)
skipping: [localhost] => (item=pkcs7)
skipping: [localhost] => (item=pem)
skipping: [localhost] => (item=pgp)
skipping: [localhost] => (item=kernel-netlink)
skipping: [localhost] => (item=pubkey)
changed: [localhost] => (item=updown)
skipping: [localhost] => (item=pkcs12)
changed: [localhost] => (item=rc2)
skipping: [localhost] => (item=x509)
skipping: [localhost] => (item=gcm)
changed: [localhost] => (item=sha1)
skipping: [localhost] => (item=hmac)
skipping: [localhost] => (item=openssl)
TASK [vpn : Ensure that required plugins are enabled] **************************
skipping: [localhost] => (item=constraints)
changed: [localhost] => (item=socket-default)
skipping: [localhost] => (item=attr)
changed: [localhost] => (item=sha2)
changed: [localhost] => (item=stroke)
skipping: [localhost] => (item=sshkey)
skipping: [localhost] => (item=agent)
skipping: [localhost] => (item=md4)
skipping: [localhost] => (item=pkcs1)
skipping: [localhost] => (item=xcbc)
changed: [localhost] => (item=pkcs8)
changed: [localhost] => (item=aes)
skipping: [localhost] => (item=fips-prf)
skipping: [localhost] => (item=dnskey)
changed: [localhost] => (item=random)
changed: [localhost] => (item=revocation)
skipping: [localhost] => (item=gmp)
changed: [localhost] => (item=nonce)
skipping: [localhost] => (item=md5)
skipping: [localhost] => (item=resolve)
skipping: [localhost] => (item=test-vectors)
skipping: [localhost] => (item=connmark)
changed: [localhost] => (item=pkcs7)
changed: [localhost] => (item=pem)
changed: [localhost] => (item=pgp)
changed: [localhost] => (item=kernel-netlink)
changed: [localhost] => (item=pubkey)
skipping: [localhost] => (item=updown)
changed: [localhost] => (item=pkcs12)
skipping: [localhost] => (item=rc2)
changed: [localhost] => (item=x509)
changed: [localhost] => (item=gcm)
skipping: [localhost] => (item=sha1)
changed: [localhost] => (item=hmac)
changed: [localhost] => (item=openssl)
TASK [vpn : Ensure the pki directory is not exist] *****************************
skipping: [localhost]
TASK [vpn : Ensure the pki directories are exist] ******************************
changed: [localhost -> localhost] => (item=ecparams)
changed: [localhost -> localhost] => (item=certs)
changed: [localhost -> localhost] => (item=crl)
changed: [localhost -> localhost] => (item=newcerts)
changed: [localhost -> localhost] => (item=private)
changed: [localhost -> localhost] => (item=reqs)
TASK [vpn : Ensure the files are exist] ****************************************
changed: [localhost -> localhost] => (item=.rnd)
changed: [localhost -> localhost] => (item=private/.rnd)
changed: [localhost -> localhost] => (item=index.txt)
changed: [localhost -> localhost] => (item=index.txt.attr)
changed: [localhost -> localhost] => (item=serial)
TASK [vpn : Generate the openssl server configs] *******************************
changed: [localhost -> localhost]
TASK [vpn : Build the CA pair] *************************************************
changed: [localhost -> localhost]
TASK [vpn : Copy the CA certificate] *******************************************
changed: [localhost -> localhost]
TASK [vpn : Generate the serial number] ****************************************
changed: [localhost -> localhost]
TASK [vpn : Build the server pair] *********************************************
changed: [localhost -> localhost]
TASK [vpn : Build the client's pair] *******************************************
changed: [localhost -> localhost] => (item=danis)
changed: [localhost -> localhost] => (item=ubuntu)
TASK [vpn : Build the client's p12] ********************************************
changed: [localhost -> localhost] => (item=danis)
changed: [localhost -> localhost] => (item=ubuntu)
TASK [vpn : Copy the p12 certificates] *****************************************
changed: [localhost -> localhost] => (item=danis)
changed: [localhost -> localhost] => (item=ubuntu)
TASK [vpn : Copy the keys to the strongswan directory] *************************
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/cacerts/ca.crt', u'src': u'configs/35.157.108.101/pki/cacert.pem', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/certs/35.157.108.101.crt', u'src': u'configs/35.157.108.101/pki/certs/35.157.108.101.crt', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
changed: [localhost] => (item={u'dest': u'/etc/ipsec.d/private/35.157.108.101.key', u'src': u'configs/35.157.108.101/pki/private/35.157.108.101.key', u'group': u'root', u'mode': u'0600', u'owner': u'strongswan'})
TASK [vpn : Register p12 PayloadContent] ***************************************
changed: [localhost -> localhost] => (item=danis)
changed: [localhost -> localhost] => (item=ubuntu)
TASK [vpn : Set facts for mobileconfigs] ***************************************
ok: [localhost]
TASK [vpn : Build the mobileconfigs] *******************************************
changed: [localhost -> localhost] => (item=(censored due to no_log))
changed: [localhost -> localhost] => (item=(censored due to no_log))
TASK [vpn : Build the strongswan app android config] ***************************
changed: [localhost -> localhost] => (item=(censored due to no_log))
changed: [localhost -> localhost] => (item=(censored due to no_log))
TASK [vpn : Build the client ipsec config file] ********************************
changed: [localhost -> localhost] => (item=danis)
changed: [localhost -> localhost] => (item=ubuntu)
TASK [vpn : Build the client ipsec secret file] ********************************
changed: [localhost -> localhost] => (item=danis)
changed: [localhost -> localhost] => (item=ubuntu)
TASK [vpn : Build the windows client powershell script] ************************
skipping: [localhost] => (item=ubuntu)
skipping: [localhost] => (item=danis)
TASK [vpn : Restrict permissions for the local private directories] ************
changed: [localhost -> localhost] => (item=configs/35.157.108.101)
RUNNING HANDLER [vpn : restart strongswan] *************************************
changed: [localhost]
RUNNING HANDLER [vpn : daemon-reload] ******************************************
changed: [localhost]
RUNNING HANDLER [vpn : restart iptables] ***************************************
changed: [localhost]
TASK [vpn : strongSwan started] ************************************************
ok: [localhost]
TASK [ssh_tunneling : set_fact] ************************************************
ok: [localhost]
TASK [ssh_tunneling : Ensure that the sshd_config file has desired options] ****
changed: [localhost]
TASK [ssh_tunneling : Ensure that the algo group exist] ************************
changed: [localhost]
TASK [ssh_tunneling : Ensure that the jail directory exist] ********************
changed: [localhost]
TASK [ssh_tunneling : Ensure that the SSH users exist] *************************
changed: [localhost] => (item=danis)
failed: [localhost] (item=ubuntu) => {"failed": true, "item": "ubuntu", "msg": "usermod: user ubuntu is currently used by process 5815\n", "name": "ubuntu", "rc": 8}
RUNNING HANDLER [security : restart ssh] ***************************************
PLAY RECAP *********************************************************************
localhost : ok=60 changed=46 unreachable=0 failed=1
The text was updated successfully, but these errors were encountered: