Ansible Fails at Copy project template

Great WordPress setup, really loving this setup so far!

Although I’m running into a deployment issue:

When I run ./bin/deploy.sh production hybridinteractive.io I get this:

    TASK [deploy : Copy project templates] *****************************************************************************************************************************************************************************************
System info:
  Ansible 2.3.1.0; Darwin
  Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
AnsibleUndefinedVariable: {{ wordpress_env_defaults | combine(project.env |
default({}), vault_wordpress_sites[site].env) }}: 'dict object' has no
attribute u'hybridinteractive.io'
failed: [104.236.221.33] (item={u'dest': u'.env', u'src': u'roles/deploy/templates/env.j2', u'name': u'.env config'}) => {"failed": true, "item": {"dest": ".env", "name": ".env config", "src": "roles/deploy/templates/env.j2"
}}
        to retry, use: --limit @/Users/Mark/Sites/Hi/hi/trellis/deploy.retry

PLAY RECAP *********************************************************************************************************************************************************************************************************************
104.236.221.33             : ok=11   changed=3    unreachable=0    failed=1

I’m hoping I’m just missing something stupid. I rechecked all example.com occurrences, spacing issues, etc.

I couldn’t find this question on Discourse or google either.

Does anyone have any ideas? I can vagrant up locally but deploying is where that issue occurs.

The long hand deployment of ansible-playbook deploy.yml -e "site=hybridinteractive.io env=production" fails too.

Thanks for the help in advance!

Have you changed the example.com in vault_wordpress_sites (group_vars/production/vault.yml) to hybridinteractive.io? If not, I’m surprised you didn’t run into the validation that runs when you run server.yml (be sure you’ve provisioned before deploying).

I did. That was the first thing I checked. What else could I check?

Any chance you’re using the same hostname in hosts/production as in hosts/staging? That could lead to unexpected variable values (e.g., getting the staging value for vault_wordpress_sites even though you specify env=production), as discussed in Production server provision configures Staging envs if hosts are the same - Bug or Intention?. If so, see solutions at link.

If that is not the issue, feel free to post your group_vars/production/wordpress_sites.yml and unencrypted group_vars/production/vault.yml for review, with sensitive values masked, of course.

1 Like

Initially I was yes, but changed them before my last provisioning.

I found the issue, my encrypted production/vault.yml file was wrong, so I updated that and tried ansible-playbook server.yml -e env=production again and getting this now:

TASK [connection : Load become password] ************************************************************************************************************************************************************************
ok: [104.236.221.33]

PLAY [Install prerequisites] ************************************************************************************************************************************************************************************

TASK [Install Python 2.x] ***************************************************************************************************************************************************************************************
System info:
  Ansible 2.3.1.0; Darwin
  Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
Incorrect sudo password
fatal: [104.236.221.33]: FAILED! => {"failed": true}
        to retry, use: --limit @/Users/Mark/Sites/Hi/hi/trellis/server.retry

PLAY RECAP ******************************************************************************************************************************************************************************************************
104.236.221.33             : ok=4    changed=0    unreachable=0    failed=1
localhost                  : ok=0    changed=0    unreachable=0    failed=0

Getting SO close I can taste it!

1 Like

Trellis sets and uses the admin_user password from the vault.yml file. Any chance you changed that password in your recent updates to vault.yml? If so, try this:

  • leave the new password in vault.yml
  • run your playbook command with the -K (capital K, i.e., --ask-become-pass) option and type the OLD password when prompted:
ansible-playbook server.yml -e env=production -K --tags users

Manually typing the become password should lead Trellis to use that for the initial connection instead of the new (and as-yet unset) password. When when trellis runs the role tagged users it should update the admin_user with the new password from vault.yml. After that you shouldn’t have to think about passwords anymore (no need for -K or --tags users etc.).

Bumpkins I’m still getting that error. Even after updating the password. I didn’t initially

I originally created an “admin” user on my Droplet, generated my own keys, then just assed the id_rsa.pub into the root authorized_keys. I have to be missing something obvious. I was hoping that would circumvent these issues.

Anything else I could try?

Trellis typically creates the admin user for you, sparing you from having to do it manually. When you create a new droplet, DigitalOcean gives you the option of adding your existing public SSH key (via the droplet creation GUI), sparing you from having to generate new keys and add them to authorized_keys manually.

Rebuild to start fresh. You could just rebuild the droplet fresh and let Trellis do all the work (Hmm… if you didn’t have DO automatically add your public SSH key the first time, maybe you’ll need to create a new droplet with your key, vs. just “rebuilding”):

  • click “Rebuild” in DO GUI and wait 30 seconds
  • deal with the host key change this causes: run ssh-keygen -R 104.236.221.33
  • provision: run server.yml
  • deploy: run deploy.yml

That would be easiest and recommended, unless you have data/files you need to preserve and can’t access them without troubleshooting.

Or troubleshoot. If you prefer to troubleshoot the existing droplet, you could

  • SSH in
  • vim /etc/ssh/sshd_config and change to PermitRootLogin yes
  • service ssh reload
  • exit

If not connected as root, you’ll need to use sudo for those commands. The next time you run the server.yml playbook (don’t use -K) it should be able to connect as root (Trellis automatically detects if it can use root) and should setup users as it pleases. If you can’t access the droplet via SSH to run the commands above, you could use the digital ocean GUI console access (via your browser).

1 Like

Thanks for your help! I’m now up and running! I think not adding my SSH key during the initial droplet is what did me in. Plus I was trying to help Trellis but should have just gotten out of the way lol.

You’re awesome and thank you for the stellar help!

1 Like

One last thing I wanted to connect to mysql using Sequel Pro. I’m able to SSH in but can’t connect to MySQL. I know where to find the mysql password, but not sure what the user/database name is. Where would I find that?

Nevermind! https://roots.io/trellis/docs/database-access/

I was sailing along smoothly. Then I realized that I’m not securing my production vault. So I decrypted it, re-did all of the passwords/salts, encrypted then attempted to run the playbook. Now I’m getting that Incorrect sudo password again:

PLAY [Install prerequisites] **********************************************************************************************************************************************************************

PLAY [WordPress Server - Install LEMP Stack with PHP 7.1 and MariaDB MySQL] ***********************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************************************************
System info:
  Ansible 2.3.1.0; Darwin
  Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
Incorrect sudo password
fatal: [45.55.201.22]: FAILED! => {"failed": true}
        to retry, use: --limit @/Users/Mark/Sites/Hi/hi/trellis/server.retry

PLAY RECAP ****************************************************************************************************************************************************************************************
45.55.201.22               : ok=3    changed=0    unreachable=0    failed=1

Do i need to rebuild my droplet again?

Although rebuilding droplet is an option, I think the steps from above are still applicable:

A less convenient alternative would be to google how to change a user’s password on ubuntu, then log in as root via DigitalOcean GUI console and follow the steps you’ve researched, making the admin user’s password match the new password in your vault.yml file.

Have you had issues with updating passwords and re-encrypting them? I’m also trying the steps here Trellis provisioning ansible server yml fails when root login not permitted

Hmmm none of my previous passwords are working when I run sudo passwd admin looks like I’ll be rebuilding the server.

What causes this??

TASK [deploy : Update git remote URL] *************************************************************************************************************************************************************
skipping: [45.55.201.22]

TASK [deploy : Clone project files] ***************************************************************************************************************************************************************
System info:
  Ansible 2.3.1.0; Darwin
  Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
Cloning into '/srv/www/hybridinteractive.io/shared/source'...
Warning: Permanently added the RSA host key for IP address '192.30.253.113'
to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Cloning into '/srv/www/hybridinteractive.io/shared/source'...
Warning: Permanently added the RSA host key for IP address '192.30.253.113'
to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

fatal: [45.55.201.22]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
...ignoring

TASK [deploy : Failed connection to remote repo] **************************************************************************************************************************************************
System info:
  Ansible 2.3.1.0; Darwin
  Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
Git repo git@github.com:encryptdesigns/hybridinteractive.git cannot be
accessed. Please verify the repository exists and you have SSH forwarding set
up correctly.
More info:
> https://roots.io/trellis/docs/deploys/#ssh-keys
> https://roots.io/trellis/docs/ssh-keys/#cloning-remote-repo-using-ssh-
agent-forwarding

fatal: [45.55.201.22]: FAILED! => {"changed": false, "failed": true}
        to retry, use: --limit @/Users/Mark/Sites/Hi/hi/trellis/deploy.retry

PLAY RECAP ****************************************************************************************************************************************************************************************
45.55.201.22               : ok=6    changed=0    unreachable=0    failed=1
localhost                  : ok=0    changed=0    unreachable=0    failed=0

My keys did not change and I can ssh as admin, why can’t trellis?

That error appeared after ./bin/deploy.sh production hybridinteractive.io was ran.

I agree with the output:

Please verify ... you have SSH forwarding set up correctly.
More info:
https://roots.io/trellis/docs/ssh-keys/#cloning-remote-repo-using-ssh-agent-forwarding

As the listed link mentions,

  • ensure that your ssh key is added to your ssh agent
    • list currently added keys: ssh-add -l
    • add keys: ssh-add
  • and — since you’re on MacOS — ensure the key’s password is imported into your Keychain: ssh-add -K

In addition, if you’re on MacOS Sierra, be sure your ssh agent isn’t “forgetting” your keys:

Do you know how that happens? Is it because I rebuilt the droplet? Just find it odd with OSX.

Thanks again for your help…I’m learning a lot and owe most of it to you! Definitely owe you a beer or 12!