关于OPENVPN 怎么报错怎么解决

[alroyso]

fatal: [vpn.saiweivpn.com] => {'msg': "AnsibleError: Failed to template {{ lookup('file', inventory_dir + '/cred/openvpn/server.key') }}: could not locate file in lookup: /root/vpn-deploy-playbook/cred/openvpn/server.key", 'failed': True}
fatal: [vpn.saiweivpn.com] => {'msg': 'One or more items failed.', 'failed': True, 'changed': False, 'results': [{'msg': "AnsibleError: Failed to template {{ lookup('file', inventory_dir + '/cred/openvpn/server.key') }}: could not locate file in lookup: /root/vpn-deploy-playbook/cred/openvpn/server.key", 'failed': True}]}

[ftao]

你跑的哪个playbook , openvpn 部分确实缺少维护。

我的经验基本openvpn 马上会被检测到.

[alroyso]

- openvpn
- nat
- role: ocserv

vpn.yml 里面的

[alroyso]

安装OPENVPN的时候 E: 未发现软件包 certified 这个没有找到怎么办呀？

[ftao]

certified 应该是这个role 去安装的， 你看看是否你的系统不支持。
https://github.com/ftao/vpn-deploy-playbook/tree/master/roles/ftao.certified

openvpn 部分好久没动， 我现在也不知道了， 需要有空的的时候重新整理一下了。

[alroyso]

An ansible role to install certified in unbuntu/debian server . 上面写的是支持的，我是debian7.0的系统的，

[ftao]

你是在跑 openvpn-server.yml 这个playbook 是吧？
目前我这里可用的正常的openvpn 的设置方法是， 手工先将证书生成好， 然后用 openvpn 这个role .
自动化的应该是上次有尝试一些， 但是没有完全完成， 所以可能有各种问题。

配置如下，

openvpn_use_radius: true
openvpn_radius_servers: "{{ radius_servers }}"
openvpn_cred:
  ca: "{{ lookup('file', inventory_dir + '/cred/openvpn/ca.crt') }}"
  cert: "{{ lookup('file', inventory_dir + '/cred/openvpn/server.crt') }}"
  key: "{{ lookup('file', inventory_dir + '/cred/openvpn/server.key') }}"
  dh: "{{ lookup('file', inventory_dir + '/cred/openvpn/dh1024.pem') }}"

[alroyso]

我跑的是openvpn.yml

[ftao]

我说错了。 openvpn.yml 使用的 role 是 openvpn-server

[alroyso]

对，在安装的过程中 提示这个 certified 没有找到

[alroyso]

手动生成证书是怎么生成的啊？

[ftao]

https://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html

[alroyso]

certified 没有找到 这个我装不上，郁闷啊。 echo "deb http://packages.rcrowley.org $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/rcrowley.list
sudo wget -O /etc/apt/trusted.gpg.d/rcrowley.gpg http://packages.rcrowley.org/keyring.gpg 这样了也不行。

[alroyso]

这个也可以用于OPENVPN？

[ftao]

现在更新了一下， 现在 openvpn.yml 应该OK了 。 之前似乎没有把 ftao.certified 加入到 openvpn.yml 中了。

https://github.com/ftao/vpn-deploy-playbook/wiki/Setup-OpenVPN-Server

[alroyso]

No package matching 'certified' 我是没有找到这个包
用http://packages.rcrowley.org 也不能安装啊。

[ftao]

似乎是没有给 最新版本的 debian 打包。
http://packages.rcrowley.org/dists/

[alroyso]

那我应该怎么去做？

[ftao]

我的建议是 系统换成 ubuntu 14.04 , 这个项目里面的 role 兼容性最好的系统肯定是 ubuntu 14.04 .

[alroyso]

failed: [vpnsaiweivpn] => {"failed": true}
msg: No package matching 'certified' is available

FATAL: all hosts have already failed

ubuntu 14.04 也是报错误

[ftao]

你去手工改跑一下 apt-get update 一下， 然后再试试？

[alroyso]

我测试过也不行 这个不能手动去安装吗？

[ftao]

cat /etc/apt/sources.list.d/packages_rcrowley_org.list
结果是什么？ 这个文件存在吗？

[ftao]

自己安装 请看 https://github.com/rcrowley/certified 的README

[alroyso]

TASK: [ftao.certified | install certified] ************************************
failed: [vpnsaiweivpn] => {"failed": true}
msg: No package matching 'certified' is available

FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
to retry, use: --limit @/root/openvpn.retry

vpnsaiweivpn : ok=10 changed=0 unreachable=0 failed=1

root@nox2008:/home/nox/vpn-deploy-playbook# cat /etc/apt/sources.list.d/packages_rcrowley_org.list
deb http://packages.rcrowley.org trusty main
root@nox2008:/home/nox/vpn-deploy-playbook#

[ftao]

apt-get update 的输出有没有报错吗？

[alroyso]

没有的。

[ftao]

贴一下下面几个命令的输出吧.

lsb_release -a
apt-get update
apt-cache search certified

[alroyso]

root@nox2008:/home/nox/vpn-deploy-playbook# apt-cache search certified
libgeronimo-jms-1.1-spec-java - Geronimo API implementation of the JMS 1.1 spec
libgeronimo-jta-1.1-spec-java - Geronimo API implementation of the JTA 1.1 spec
libgeronimo-jta-1.1-spec-java-doc - Documentation for the JTA 1.1 spec
empathy-skype - Skype plugin for libpurple messengers (Empathy-specific files)
pidgin-skype - Skype plugin for libpurple messengers (Pidgin-specific files)
pidgin-skype-common - Skype plugin for libpurple messengers (common files)
pidgin-skype-dbg - Skype plugin for libpurple messengers (debug symbols)
acl2-books - Computational Logic for Applicative Common Lisp: compiled libraries
acl2-books-certs - Computational Logic for Applicative Common Lisp: library certificates
jbossas4 - JBoss Application Server
jython - Python seamlessly integrated with Java
libctapimkt1 - Read German Krankenversichertenkarte and eGK
libctapimkt1-dev - Read German Krankenversichertenkarte and eGK (development)
libgeronimo-ejb-3.0-spec-java - Geronimo API implementation of the EJB 3.0 spec
libgeronimo-interceptor-3.0-spec-java - Geronimo API implementation of the Interceptor 3.0 spec
libgeronimo-j2ee-connector-1.5-spec-java - Geronimo API implementation of the J2EE connector 1.5 spec
libgeronimo-jacc-1.1-spec-java - Geronimo API implementation of the JACC 1.1 spec
libgeronimo-jpa-3.0-spec-java - Geronimo API implementation of the JPA 3.0 spec
libiml-dev - Integer Matrix Library, development files
libiml0 - Integer Matrix Library, runtime files
libjboss-aspects-java - JBoss Aspects
libjboss-classloader-java - JBoss Classloader
libjboss-cluster-java - JBoss Cluster
libjboss-connector-java - JBoss Connector
libjboss-deployers-java - JBoss Deployment Framework
libjboss-deployment-java - JBoss Deployment
libjboss-ejb3-java - JBoss Enterprise Java Beans (EJB) 3.0
libjboss-ejb3x-java - JBoss Enterprise Java Beans (EJB3X)
libjboss-integration-java - JBoss Integration
libjboss-j2ee-java - JBoss J2EE core libraries
libjboss-jms-java - JBoss Java Message Service (JMS)
libjboss-managed-java - JBoss Managed
libjboss-management-java - JBoss Management
libjboss-messaging-java - JBoss Messaging
libjboss-metadata-java - JBoss MetaData Repository
libjboss-naming-java - JBoss Naming
libjboss-reflect-java - JBoss Reflection api for ClassInfo and BeanInfo abstractions
libjboss-security-java - JBoss Security
libjboss-server-java - JBoss Server
libjboss-system-java - JBoss System
libjboss-transaction-java - JBoss Transaction
libjboss-vfs-java - JBoss Virtual File System
libjboss-webservices-java - JBoss Web Services
python-nss - Python bindings for Network Security Services (NSS)

[ftao]

关键是 apt-get update 的输出。

apt-get update

你这个输出肯定是这个仓库并没有起作用。

[alroyso]

root@nox2008:/home/nox/vpn-deploy-playbook# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.2 LTS
Release: 14.04
Codename: trusty
root@nox2008:/home/nox/vpn-deploy-playbook# apt-get update
Hit http://security.ubuntu.com trusty-security InRelease
Ign http://us.archive.ubuntu.com trusty InRelease
Ign http://packages.rcrowley.org trusty InRelease
Hit http://us.archive.ubuntu.com trusty-updates InRelease
Hit http://packages.rcrowley.org trusty Release.gpg
Hit http://security.ubuntu.com trusty-security/main Sources
Hit http://us.archive.ubuntu.com trusty-backports InRelease
Hit http://packages.rcrowley.org trusty Release
Hit http://security.ubuntu.com trusty-security/restricted Sources
Hit http://us.archive.ubuntu.com trusty Release.gpg
Hit http://packages.rcrowley.org trusty/main i386 Packages
Hit http://security.ubuntu.com trusty-security/universe Sources
Hit http://us.archive.ubuntu.com trusty-updates/main Sources
Hit http://security.ubuntu.com trusty-security/multiverse Sources
Hit http://us.archive.ubuntu.com trusty-updates/restricted Sources
Hit http://security.ubuntu.com trusty-security/main i386 Packages
Hit http://us.archive.ubuntu.com trusty-updates/universe Sources
Hit http://security.ubuntu.com trusty-security/restricted i386 Packages
Hit http://us.archive.ubuntu.com trusty-updates/multiverse Sources
Hit http://security.ubuntu.com trusty-security/universe i386 Packages
Hit http://us.archive.ubuntu.com trusty-updates/main i386 Packages
Hit http://security.ubuntu.com trusty-security/multiverse i386 Packages
Hit http://us.archive.ubuntu.com trusty-updates/restricted i386 Packages
Hit http://security.ubuntu.com trusty-security/main Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/universe i386 Packages
Hit http://security.ubuntu.com trusty-security/multiverse Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/multiverse i386 Packages
Hit http://security.ubuntu.com trusty-security/restricted Translation-en
Ign http://packages.rcrowley.org trusty/main Translation-en_US
Hit http://us.archive.ubuntu.com trusty-updates/main Translation-en
Hit http://security.ubuntu.com trusty-security/universe Translation-en
Ign http://packages.rcrowley.org trusty/main Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/multiverse Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/restricted Translation-en
Hit http://us.archive.ubuntu.com trusty-updates/universe Translation-en
Hit http://us.archive.ubuntu.com trusty-backports/main Sources
Hit http://us.archive.ubuntu.com trusty-backports/restricted Sources
Hit http://us.archive.ubuntu.com trusty-backports/universe Sources
Hit http://us.archive.ubuntu.com trusty-backports/multiverse Sources
Hit http://us.archive.ubuntu.com trusty-backports/main i386 Packages
Hit http://us.archive.ubuntu.com trusty-backports/restricted i386 Packages
Hit http://us.archive.ubuntu.com trusty-backports/universe i386 Packages
Hit http://us.archive.ubuntu.com trusty-backports/multiverse i386 Packages
Hit http://us.archive.ubuntu.com trusty-backports/main Translation-en
Hit http://us.archive.ubuntu.com trusty-backports/multiverse Translation-en
Hit http://us.archive.ubuntu.com trusty-backports/restricted Translation-en
Hit http://us.archive.ubuntu.com trusty-backports/universe Translation-en
Hit http://us.archive.ubuntu.com trusty Release
Hit http://us.archive.ubuntu.com trusty/main Sources
Hit http://us.archive.ubuntu.com trusty/restricted Sources
Hit http://us.archive.ubuntu.com trusty/universe Sources
Hit http://us.archive.ubuntu.com trusty/multiverse Sources
Hit http://us.archive.ubuntu.com trusty/main i386 Packages
Hit http://us.archive.ubuntu.com trusty/restricted i386 Packages
Hit http://us.archive.ubuntu.com trusty/universe i386 Packages
Hit http://us.archive.ubuntu.com trusty/multiverse i386 Packages
Hit http://us.archive.ubuntu.com trusty/main Translation-en
Hit http://us.archive.ubuntu.com trusty/multiverse Translation-en
Hit http://us.archive.ubuntu.com trusty/restricted Translation-en
Hit http://us.archive.ubuntu.com trusty/universe Translation-en
Ign http://us.archive.ubuntu.com trusty/main Translation-en_US
Ign http://us.archive.ubuntu.com trusty/multiverse Translation-en_US
Ign http://us.archive.ubuntu.com trusty/restricted Translation-en_US
Ign http://us.archive.ubuntu.com trusty/universe Translation-en_US
Reading package lists... Done

[ftao]

明白了， 你的系统是32 位的。 http://packages.rcrowley.org/ 只提供了 64 位架构的。
你把系统改成 64位应该就好了。

[alroyso]

那debian 的系统应该也是可以的吧。

[ftao]

debian 7 wheezy 64 位应该是可以的。

http://packages.rcrowley.org/dists/wheezy/main/binary-amd64/Packages

[alroyso]

root@cqwl:~/vpn-deploy-playbook# ansible-playbook openvpn.yml -l openvpn
ERROR! The requested action was not found in configured module paths. Additionally, core modules are missing. If this is a checkout, run 'git submodule update --init --recursive' to correct this problem.

The error appears to have been in '/root/vpn-deploy-playbook/roles/ftao.certified/tasks/main.yml': line 3, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

• name: instal python-pycurl
  ^ here

[alroyso]

这是64 位系统上面的

[ftao]

Additionally, core modules are missing

感觉你ansible 没有装好啊。

pip install -U ansible 重装一下吧。 或者你看一下 ansible 的文档是否还要什么依赖包。