dear all,
we have implemented SASL for our alerts and proceeded with the actual installation. it installed a lot of stuff with little trouble including our ossec config. there is now just this error:
TASK [Gathering Facts] ************************************************************************************
ok: [mon]
TASK [ossec-server : Install OSSEC manager package.] ******************************************************
changed: [mon]
TASK [ossec-server : Install procmail.] *******************************************************************
changed: [mon]
TASK [ossec-server : Copy the OSSEC GPG public key for sending encrypted alerts.] *************************
changed: [mon]
TASK [ossec-server : Add the OSSEC GPG public key to the OSSEC manager keyring.] **************************
[WARNING]: Consider using ābecomeā, ābecome_methodā, and ābecome_userā rather than running su
fatal: [mon]: FAILED! => {āchangedā: false, ācmdā: [āsuā, ā-sā, ā/bin/bashā, ā-cā, āgpg --homedir /var/ossec/.gnupg --import /var/ossec//home/amnesia/Persistent/securedrop/install_files/ansible-base/ossec.pubā, āossecā], ādeltaā: ā0:00:00.014561ā, āendā: ā2018-03-01 04:26:04.545201ā, āfailedā: true, ārcā: 2, āstartā: ā2018-03-01 04:26:04.530640ā, āstderrā: āgpg: keyring /var/ossec/.gnupg/secring.gpg' created\ngpg: keyring
/var/ossec/.gnupg/pubring.gpgā created\ngpg: canāt open /var/ossec//home/amnesia/Persistent/securedrop/install_files/ansible-base/ossec.pub': No such file or directory\ngpg: Total number processed: 0", "stderr_lines": ["gpg: keyring
/var/ossec/.gnupg/secring.gpgā createdā, āgpg: keyring /var/ossec/.gnupg/pubring.gpg' created", "gpg: can't open
/var/ossec//home/amnesia/Persistent/securedrop/install_files/ansible-base/ossec.pubā: No such file or directoryā, āgpg: Total number processed: 0ā], āstdoutā: āā, āstdout_linesā: []}
to retry, use: --limit @/home/amnesia/Persistent/securedrop/install_files/ansible-base/securedrop-prod.retry
PLAY RECAP ************************************************************************************************
app : ok=65 changed=41 unreachable=0 failed=0
localhost : ok=23 changed=0 unreachable=0 failed=0
mon : ok=69 changed=44 unreachable=0 failed=1
TASK: common : Perform safe upgrade to ensure all the packages are updated. - 112.06s
TASK: tor-hidden-services : Copy torrc config file. -------------------- 56.33s
TASK: grsecurity : Check if reboot is required due to inactive grsecurity lock. ā 23.54s
TASK: grsecurity : Install the grsecurity-patched kernel from the FPF repo. ā 21.45s
TASK: grsecurity : Remove generic kernel packages. --------------------- 15.06s
TASK: ossec-server : Install OSSEC manager package. -------------------- 11.90s
TASK: install-fpf-repo : Setup FPF apt repo. ---------------------------- 9.68s
TASK: common : Set sysctl flags for net.ipv4 config. -------------------- 8.81s
TASK: ossec-server : Install procmail. ---------------------------------- 8.27s
TASK: common : Install tmux. -------------------------------------------- 7.24s
Playbook finished: Thu Mar 1 09:26:03 2018, 82 total tasks. 0:05:21 elapsed.
Traceback (most recent call last):
File ā./securedrop-adminā, line 329, in
args.func(args)
File ā./securedrop-adminā, line 215, in install_securedrop
āāask-become-passā], cwd=ANSIBLE_PATH)
File ā/usr/lib/python2.7/subprocess.pyā, line 186, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command ā[ā/home/amnesia/Persistent/securedrop/./install_files/ansible-base/securedrop-prod.ymlā, āāask-become-passā]ā returned non-zero exit status 2
so what is going with this mon server key error? where should i be checking? how do we proceed using the retry script? assuming i sort the error iād like to retry properly. thanks.