Alternate TLDs for development - sudo: a password is required

This is what’s happening:

1. trellis new example.com
2. vagrant up
3. vagrant provision

I don’t think there’s a verbose option for either of those vagrant commands.

Everything completes with no errors:

Vagrant Up:

PLAY RECAP *********************************************************************
default                    : ok=133  changed=88   unreachable=0    failed=0    skipped=35   rescued=0    ignored=0

Vagrant provision:

PLAY RECAP *********************************************************************
default                    : ok=118  changed=4    unreachable=0    failed=0    skipped=41   rescued=0    ignored=0

Then I try to run ansible-playbook dev.yml -vvv and it doesn’t get past the first task, python_interpreter : Get Ubuntu version

Is there someplace in vagrant up or vagrant provision that admin_user and web_user are supposed to be created? I’m not seeing it in the vagrant output.

skipped=35
skipped=41

Can you check the ansible logs what is logged for the user creation tasks (admin and web)?

I wondered about that. There doesn’t seem to be a setting for $ANSIBLE_LOG_PATH in the trellis venv, so I added log_path = ./ansible.log to ansible.cfg and am running vagrant destroy -f && vagrant up again.

You are a godsend, @strarsis

On another note, is there a way to add -vvv to the trellis commands?

In vagrant up the output contains these references to “user”:

TASK [common : Generate SSH key for vagrant user] ******************************
TASK [mariadb : Set root user password] ****************************************
TASK [mariadb : Delete anonymous MySQL server users] ***************************
with a mode of 0700, this may cause issues when running as another user. To
TASK [wordpress-setup : Create/assign database user to db and grant permissions] ***
TASK [wordpress-install : Change site owner to user] ***************************

And these references to “skip”:

skipping: [default] => (item=development)
skipping: [default] => (item=example.com)
skipping: [default] => (item={'type': 'dport_accept', 'dport': ['http', 'https'], 'filename': 'nginx_accept'})
skipping: [default] => (item={'type': 'dport_accept', 'dport': ['ssh'], 'saddr': ['127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']})
skipping: [default] => (item={'type': 'dport_limit', 'dport': ['ssh'], 'seconds': 300, 'hits': 20})
skipping: [default] => (item=example.com)
skipping: [default] => (item=no_default)
skipping: [default] => (item=example.com)
skipping: [default] => (item=no_default)
skipping: [default] => (item=example.com)
skipping: [default] => (item=example.com)
skipping: [default] => (item=example.com)
skipping: [default] => (item={'src': 'ssl.no-default.conf.j2', 'enabled': False})
skipping: [default] => (item={'src': 'ssl.no-default.conf.j2', 'enabled': False})
skipping: [default] => (item={'src': 'no-default.conf.j2'})
skipping: [default] => (item=None)
skipping: [default] => (item=example.com)
skipping: [default]

So it’s skipping all of the default tasks. Not sure why. Also tried adding to ansible.cfg:

default_verbosity=4
default_debug=true

But this doesn’t look very verbose:

TASK [connection : Set remote user for each host] ******************************
skipping: [192.168.50.5]

And I don’t know why it’s skipping, and I am not sure how to get verbose output from running vagrant commands.

Wait… Is dev.yml not supposed to have a - { role: users, tags: [users] } task in it?

Okay getting some debug output from vagrant now with VAGRANT_LOG=debug vagrant up &> debug_log or vagrant up --debug &> debug_log.

Most of the “skipping” tasks are skipped because they are using defaults.

(DEBUG subprocess: stdout: skipping: [default], etc…)

Tasks [user] doesn’t appear in the output unless I explicitly add it to dev.yml, as noted above.

When I add it, with an “inspection” debug task, users looks like:

TASK [users : Inspect users] ***************************************************
Users looks like this [{'name': 'vagrant', 'groups': ['www-data'], 'keys':
['ssh-rsa AAAAB3...uKRQrV
mike@mzoo.org']}, {'name': 'admin', 'groups': ['sudo'], 'keys': ['ssh-rsa AAA
AB3NzaC1yc2EAAAADA...KRQrV
mike@mzoo.org']}]

Additional output looks like this:

TASK [users : Ensure requested groups are present] *****************************
DEBUG subprocess: stdout: [ok: [default] => (item=www-data)[0m
 INFO interface: detail: [ok: [default] => (item=www-data)[0m

[ok: [default] => (item=www-data)[0m
DEBUG subprocess: stdout: [ok: [default] => (item=sudo)[0m
 INFO interface: detail: [ok: [default] => (item=sudo)[0m

[ok: [default] => (item=sudo)[0m
DEBUG subprocess: stdout: 
TASK [users : Ensure sudo group has sudo privileges] ***************************
 INFO interface: detail: 
TASK [users : Ensure sudo group has sudo privileges] ***************************


TASK [users : Ensure sudo group has sudo privileges] ***************************
DEBUG subprocess: stdout: [changed: [default][0m
 INFO interface: detail: [changed: [default][0m

[changed: [default][0m
DEBUG subprocess: stdout: 
TASK [users : Fail if root login will be disabled but admin_user will not be a sudoer] ***
 INFO interface: detail: 
TASK [users : Fail if root login will be disabled but admin_user will not be a sudoer] ***


TASK [users : Fail if root login will be disabled but admin_user will not be a sudoer] ***
DEBUG subprocess: stdout: [skipping: [default][0m
 INFO interface: detail: [skipping: [default][0m

[skipping: [default][0m
DEBUG subprocess: stdout: 
TASK [users : Inspect users] ***************************************************
 INFO interface: detail: 
TASK [users : Inspect users] ***************************************************

[ok: [default][0m
DEBUG subprocess: stdout: 
TASK [users : Setup users] *****************************************************
 INFO interface: detail: 
TASK [users : Setup users] *****************************************************


TASK [users : Setup users] *****************************************************
DEBUG subprocess: stdout: [changed: [default] => (item={'name': 'vagrant', 'groups': ['www-data'], 'keys': ['ssh-rsa AAAAB3...KRQrV mike@mzoo.org']})[0m
 INFO interface: detail: [changed: [default] => (item={'name': 'vagrant', 'groups': ['www-data'], 'keys': ['ssh-rsa AAAAB3...ZuKRQrV mike@mzoo.org']})[0m

[changed: [default] => (item={'name': 'vagrant', 'groups': ['www-data'], 'keys': ['ssh-rsa AAAAB3...ZuKRQrV mike@mzoo.org']})[0m
DEBUG subprocess: stdout: [changed: [default] => (item={'name': 'admin', 'groups': ['sudo'], 'keys': ['ssh-rsa AAAAB...ZuKRQrV mike@mzoo.org']})[0m
 INFO interface: detail: [changed: [default] => (item={'name': 'admin', 'groups': ['sudo'], 'keys': ['ssh-rsa AAAAB3...uKRQrV mike@mzoo.org']})[0m

[changed: [default] => (item={'name': 'admin', 'groups': ['sudo'], 'keys': ['ssh-rsa AAAAB...ZuKRQrV mike@mzoo.org']})[0m
DEBUG subprocess: stdout: 
TASK [users : Add web user sudoers items for services] *************************
 INFO interface: detail: 
TASK [users : Add web user sudoers items for services] *************************

To rule out issues from trelils-cli, can you run the ansible playbook directly on a running Vagrant box?

ansible-playbook server.yml -e env=development

Does this work?

Yes. Thank you. Running over previous vagrant up and vagrant provision server, same result:

TASK [python_interpreter : Get Ubuntu version] ***************************************************************************************
task path: example.com/trellis/roles/python_interpreter/tasks/main.yml:2
<192.168.50.5> ESTABLISH LOCAL CONNECTION FOR USER: mikekilmer
<192.168.50.5> EXEC sudo -H -S -n  -u root /bin/sh -c 'echo BECOME-SUCCESS-ghmrvlsmcvmeqvmkluaxlxmwcdqypahr ; lsb_release -rs'
System info:
  Ansible 2.10.13; Darwin
  Trellis 1.8.0: February 12th, 2021
[WARNING]: Failure using method (v2_runner_on_failed) in callback plugin (<ansible.plugins.callback.output.CallbackModule object at
0x110bc3a00>): Invalid color supplied to display: bright gray
Callback Exception:
  File "example.com/trellis/.trellis/virtualenv/lib/python3.9/site-packages/ansible/executor/task_queue_manager.py", line 389, in send_callback
    method(*new_args, **kwargs)
   File "example.com/trellis/lib/trellis/plugins/callback/output.py", line 42, in v2_runner_on_failed
    output.display_host(self, result)
   File "example.com/trellis/lib/trellis/utils/output.py", line 120, in display_host
    display(obj, result)
   File "example.com/trellis/lib/trellis/utils/output.py", line 105, in display
    display(system(obj.vagrant_version), 'bright gray')
   File "example.com/trellis/.trellis/virtualenv/lib/python3.9/site-packages/ansible/utils/display.py", line 215, in display
    raise AnsibleAssertionError('Invalid color supplied to display: %s' % color)

I’m going to try the vagrant destroy loop again, using that ansible-playbook commend rather than vagrant up and vagrant provision. Is this something that needs to be run following vagrant up? Now I’m getting that error when vagrant up hasn’t been run.

With or without vagrant up beforehand, this fails with same error.

Cloned the Trellis master directly, created my own venv for pip requirements, server.yml is looking for a swapfile role, which doesn’t seem to exist (either locally or on github).

I had forgotten to run ansible-galaxy install -r galaxy.yml.

Following that, same “password is required” when I run ansible-playbook server.yml -e env=development, both before and after vagrant up. Same error also after vagrant provision and no admin user created. Don’t know if there’s supposed to be one, or if vagrant is supposed to be the user on dev box.

Making a little progress here, I think.

It’s trying to run Get Ubuntu Version as my OSX account user, mikekilmer. Not sure why. Is that expected behavior?

<192.168.50.5> ESTABLISH LOCAL CONNECTION FOR USER: mikekilmer

I can login,

• create that account
• add to admin group
• grant sudo access
• become mikekilmer and execute the command runs without error:

sudo su mikekilmer
$ sudo -H -S  -p "[sudo via ansible, key=hohotzlimtuwzxgpajolfbnmmnnvcxtz] password:" -u root /bin/sh -c 'echo BECOME-SUCCESS-hohotzlimtuwzxgpajolfbnmmnnvcxtz ; lsb_release -rs
> '
[sudo via ansible, key=hohotzlimtuwzxgpajolfbnmmnnvcxtz] password:
BECOME-SUCCESS-hohotzlimtuwzxgpajolfbnmmnnvcxtz
20.04

When running the server.yml playbook directly with --ask-become-pass, it stalls indefinitely (ten minutes plus) on that command. I’m about ready to throw in the towel on Ansible… I mean Trellis… I mean web development… I mean computers at all.

This option will cause ansible to prompt for the sudo password interactively.
As this doesn’t work in playbooks, ansible will wait for it unsuccessfully until it times out.

Can you define the password directly in ansible config, e.g. as ansible_become_password variable?

You mean something like this?

- block:
    - name: Get Ubuntu version
      raw: lsb_release -rs
      register: ubuntu_version
      changed_when: false
    - name: Set ansible_python_interpreter for Ubuntu >= 18.04
      set_fact:
        ansible_python_interpreter: python3
        ansible_become_password: "mikekilmer"
      when: ubuntu_version.stdout | trim is version('18.04', '>=')
  when: ansible_python_interpreter is not defined
  tags: always

You can also set the ansible_become_pass (or [...]_password) in the ansible inventory:
Edit: Better link:

Adding to hosts/development? I have tried many variations of the following, all of which do not register the password:

[development]
192.168.50.5 ansible_connection=local

[development:vars]
ansible_connection=local ansible_sudo_pass=mikekilmer

[web]
192.168.50.5 ansible_connection=local

This one yields “no hosts matched”, skipping server setup altogether:

[development:mikekilmer]
ansible_connection=local ansible_sudo_pass=mikekilmer

Is there supposed to be a web user? I see www-data but not web.

I think what it comes down to is that Ansible is trying to connect as the user who runs the playbook in the host machine (mikekilmer), while that user hasn’t been created on the guest machine.

Is there supposed to be a user on the guest which matches the host? Or, is Ansible not supposed to be trying to connect as the host user who runs the playbook (mikekilmer)?

Just had an idea: You are using a fresh clone from Trellis, right? Have you also ensured that no .ansible folder from previous attempts is used? These hidden folders could still be there.

Great idea, man. There isn’t a directory (or file) named .ansible. There is a .vagrant file containing this:

Aug 30 20:29 bundler/
Aug 31 07:58 hostmanager/
Aug 30 20:29 machines/
Aug 31 07:58 provisioners/
Aug 30 20:29 rgloader/

I think that the .trellis file just has the venv in it.

The ansible.cfg makes reference to ~/.ansible which looks like this:

├── collections
│   └── ansible_collections
├── cp
├── galaxy_cache
│   └── api.json
├── galaxy_token
├── roles
│   ├── composer
│   ├── geerlingguy.daemonize
│   ├── logrotate
│   ├── mailhog
│   ├── ntp
│   └── swapfile
└── tmp
    └── ansible-local-32592z7tt26t4

I’m blowing out the .vagrant directory and building from scratch again. Will report back.

Tried blowing out trellis/.vagrant as well as ~/.ansible. Same result. After running vagrant up --provision, there is no admin user, no web user, no user matching the host machine user who runs the playbook.

And same result trying to run ansible-playbook server.yml -e env=development:

<192.168.50.5> ESTABLISH LOCAL CONNECTION FOR USER: mikekilmer
<192.168.50.5> EXEC sudo -H -S -n  -u root /bin/sh -c 'echo BECOME-SUCCESS-qlcblryqaqnlhnqrkaarqfdwxswlthyb ; lsb_release -rs'
System info:
  Ansible 2.10.13; Darwin
  Trellis version (per changelog): "Fix #1277 - Disable PHP CLI memory limit"
---------------------------------------------------
non-zero return code
sudo: a password is required
fatal: [192.168.50.5]: FAILED! => {
    "changed": false,
    "rc": 1,
    "stderr_lines": [
        "sudo: a password is required"
    ],
    "stdout": "",
    "stdout_lines": []
}

May be worth mentioning as well, that xDebug doesn’t seem to be enabled, which is what got me trying to run the provisioning tasks in the first place:

php -r "printf('xDebug does%s exists.' . PHP_EOL, > extension_loaded('xdebug') ? '' : 'n\'t');"
xDebug doesn't exists.

Here in this debug output it says

Note: Ansible will attempt connections as user = admin ok: [192.168.50.5]

But there is no admin user. Do you know if there is supposed to be an admin or a web user on the dev machine? I see that vagrant, in www-data group, owns the web files:

-rwxr--r-- 1 vagrant www-data 120 Sep  1 17:49 /srv/www/ellipticastudios.com/current/web/index.php

Additionally, I’m not sure if the IP address I have set in vagrant.default.yml is the one that should be referenced in the logs, but as you can see, it’s 192.168.50.5. Previously, I’ve been using the default IP. This time, I tried updating it to 192.168.50.9.

## /etc/hosts
## vagrant-hostmanager-start id: 326d3641-8c87-4f6f-a6cd-6eca0685c1c3
192.168.50.9	example.test
192.168.50.9	www.example.test
## vagrant-hostmanager-end

If I understand correctly, the following settings in hosts/development makes it so that within the Vagrant box, 192.168.50.5 is used, while locally, in the host, it’s 192.168.50.9:

[development]
192.168.50.5 ansible_connection=local

[web]
192.168.50.5 ansible_connection=local

In the browser, example.test is served, but I want to be able to re-provision using Ansible/Trellis, not to mention, I believe xDebug is supposed to be active “out of the box.”

This was a red herring, just telling me that xDebug isn’t enabled for the command line php. If I put phpinfo() into a file at /srv/www/example.com/current/web/info.php it confirms xDebug is active.

This topic was automatically closed after 42 days. New replies are no longer allowed.