algo

Deployment from Ansible

Before you begin, make sure you have installed all the dependencies necessary for your operating system as described in the README.

You can deploy Algo non-interactively by running the Ansible playbooks directly with ansible-playbook.

ansible-playbook accepts variables via the -e or --extra-vars option. You can pass variables as space separated key=value pairs. Algo requires certain variables that are listed below. You can also use the --skip-tags option to skip certain parts of the install, such as iptables (overwrite iptables rules), ipsec (install strongSwan), wireguard (install Wireguard). We don’t recommend using the -t option as it will only include the tagged portions of the deployment, and skip certain necessary roles (such as common).

Here is a full example for DigitalOcean:

ansible-playbook main.yml -e "provider=digitalocean
                                server_name=algo
                                ondemand_cellular=false
                                ondemand_wifi=false
                                dns_adblocking=true
                                ssh_tunneling=true
                                store_pki=true
                                region=ams3
                                do_token=token"

See below for more information about variables and roles.

Variables

If any of the above variables are unspecified, ansible will ask the user to input them.

Ansible roles

Cloud roles can be activated by specifying an extra variable provider.

Cloud roles:

Server roles:

Note: The strongswan role generates Apple profiles with On-Demand Wifi and Cellular if you pass the following variables:

Local Installation

This role is intended to be run for local install onto an Ubuntu server, or onto an unsupported cloud provider’s Ubuntu instance. Required variables:

Note that by default, the iptables rules on your existing server will be overwritten. If you don’t want to overwrite the iptables rules, you can use the --skip-tags iptables flag.

Digital Ocean

Required variables:

Possible options can be gathered calling to https://api.digitalocean.com/v2/regions

Amazon EC2

Required variables:

Possible options can be gathered via cli aws ec2 describe-regions

Additional variables:

Minimum required IAM permissions for deployment:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PreDeployment",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeImages",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeRegions",
                "ec2:ImportKeyPair",
                "ec2:CopyImage"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "DeployCloudFormationStack",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeStacks",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ListStackResources"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "CloudFormationEC2Access",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateInternetGateway",
                "ec2:DescribeVpcs",
                "ec2:CreateVpc",
                "ec2:DescribeInternetGateways",
                "ec2:ModifyVpcAttribute",
                "ec2:createTags",
                "ec2:CreateSubnet",
                "ec2:Associate*",
                "ec2:CreateRouteTable",
                "ec2:AttachInternetGateway",
                "ec2:DescribeRouteTables",
                "ec2:DescribeSubnets",
                "ec2:ModifySubnetAttribute",
                "ec2:CreateRoute",
                "ec2:CreateSecurityGroup",
                "ec2:DescribeSecurityGroups",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:RunInstances",
                "ec2:DescribeInstances",
                "ec2:AllocateAddress",
                "ec2:DescribeAddresses"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Google Compute Engine

Required variables:

Vultr

Required variables:

Azure

Required variables:

Lightsail

Required variables:

Possible options can be gathered via cli aws lightsail get-regions

Minimum required IAM permissions for deployment:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "LightsailDeployment",
            "Effect": "Allow",
            "Action": [
                "lightsail:GetRegions",
                "lightsail:GetInstance",
                "lightsail:CreateInstances",
                "lightsail:OpenInstancePublicPorts"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Scaleway

Required variables:

OpenStack

You need to source the rc file prior to run Algo. Download it from the OpenStack dashboard->Compute->API Access and source it in the shell (eg: source /tmp/dhc-openrc.sh)

CloudStack

Required variables:

The first two can also be defined in your environment, using the variables CLOUDSTACK_CONFIG and CLOUDSTACK_REGION.

Hetzner

Required variables:

Update users

Playbook:

users.yml

Required variables:

Tags required: