Have you changed the example.com in vault_wordpress_sites (group_vars/production/vault.yml) to hybridinteractive.io? If not, I’m surprised you didn’t run into the validation that runs when you run server.yml (be sure you’ve provisioned before deploying).
If that is not the issue, feel free to post your group_vars/production/wordpress_sites.yml and unencrypted group_vars/production/vault.yml for review, with sensitive values masked, of course.
Initially I was yes, but changed them before my last provisioning.
I found the issue, my encrypted production/vault.yml file was wrong, so I updated that and tried ansible-playbook server.yml -e env=production again and getting this now:
TASK [connection : Load become password] ************************************************************************************************************************************************************************
ok: [104.236.221.33]
PLAY [Install prerequisites] ************************************************************************************************************************************************************************************
TASK [Install Python 2.x] ***************************************************************************************************************************************************************************************
System info:
Ansible 2.3.1.0; Darwin
Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
Incorrect sudo password
fatal: [104.236.221.33]: FAILED! => {"failed": true}
to retry, use: --limit @/Users/Mark/Sites/Hi/hi/trellis/server.retry
PLAY RECAP ******************************************************************************************************************************************************************************************************
104.236.221.33 : ok=4 changed=0 unreachable=0 failed=1
localhost : ok=0 changed=0 unreachable=0 failed=0
Trellis sets and uses the admin_userpassword from the vault.yml file. Any chance you changed that password in your recent updates to vault.yml? If so, try this:
leave the new password in vault.yml
run your playbook command with the -K (capital K, i.e., --ask-become-pass) option and type the OLD password when prompted:
Manually typing the become password should lead Trellis to use that for the initial connection instead of the new (and as-yet unset) password. When when trellis runs the role tagged users it should update the admin_user with the new password from vault.yml. After that you shouldn’t have to think about passwords anymore (no need for -K or --tags users etc.).
Bumpkins I’m still getting that error. Even after updating the password. I didn’t initially
I originally created an “admin” user on my Droplet, generated my own keys, then just assed the id_rsa.pub into the root authorized_keys. I have to be missing something obvious. I was hoping that would circumvent these issues.
Trellis typically creates the admin user for you, sparing you from having to do it manually. When you create a new droplet, DigitalOcean gives you the option of adding your existing public SSH key (via the droplet creation GUI), sparing you from having to generate new keys and add them to authorized_keys manually.
Rebuild to start fresh. You could just rebuild the droplet fresh and let Trellis do all the work (Hmm… if you didn’t have DO automatically add your public SSH key the first time, maybe you’ll need to create a new droplet with your key, vs. just “rebuilding”):
click “Rebuild” in DO GUI and wait 30 seconds
deal with the host key change this causes: run ssh-keygen -R 104.236.221.33
provision: run server.yml
deploy: run deploy.yml
That would be easiest and recommended, unless you have data/files you need to preserve and can’t access them without troubleshooting.
Or troubleshoot. If you prefer to troubleshoot the existing droplet, you could
SSH in
vim /etc/ssh/sshd_config and change to PermitRootLogin yes
service ssh reload
exit
If not connected as root, you’ll need to use sudo for those commands. The next time you run the server.yml playbook (don’t use -K) it should be able to connect as root (Trellis automatically detects if it can use root) and should setup users as it pleases. If you can’t access the droplet via SSH to run the commands above, you could use the digital ocean GUI console access (via your browser).
Thanks for your help! I’m now up and running! I think not adding my SSH key during the initial droplet is what did me in. Plus I was trying to help Trellis but should have just gotten out of the way lol.
You’re awesome and thank you for the stellar help!
One last thing I wanted to connect to mysql using Sequel Pro. I’m able to SSH in but can’t connect to MySQL. I know where to find the mysql password, but not sure what the user/database name is. Where would I find that?
I was sailing along smoothly. Then I realized that I’m not securing my production vault. So I decrypted it, re-did all of the passwords/salts, encrypted then attempted to run the playbook. Now I’m getting that Incorrect sudo password again:
PLAY [Install prerequisites] **********************************************************************************************************************************************************************
PLAY [WordPress Server - Install LEMP Stack with PHP 7.1 and MariaDB MySQL] ***********************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************************************************
System info:
Ansible 2.3.1.0; Darwin
Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
Incorrect sudo password
fatal: [45.55.201.22]: FAILED! => {"failed": true}
to retry, use: --limit @/Users/Mark/Sites/Hi/hi/trellis/server.retry
PLAY RECAP ****************************************************************************************************************************************************************************************
45.55.201.22 : ok=3 changed=0 unreachable=0 failed=1
Although rebuilding droplet is an option, I think the steps from above are still applicable:
A less convenient alternative would be to google how to change a user’s password on ubuntu, then log in as root via DigitalOcean GUI console and follow the steps you’ve researched, making the admin user’s password match the new password in your vault.yml file.
TASK [deploy : Update git remote URL] *************************************************************************************************************************************************************
skipping: [45.55.201.22]
TASK [deploy : Clone project files] ***************************************************************************************************************************************************************
System info:
Ansible 2.3.1.0; Darwin
Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
Cloning into '/srv/www/hybridinteractive.io/shared/source'...
Warning: Permanently added the RSA host key for IP address '192.30.253.113'
to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Cloning into '/srv/www/hybridinteractive.io/shared/source'...
Warning: Permanently added the RSA host key for IP address '192.30.253.113'
to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
fatal: [45.55.201.22]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
...ignoring
TASK [deploy : Failed connection to remote repo] **************************************************************************************************************************************************
System info:
Ansible 2.3.1.0; Darwin
Trellis at "Auto-install Vagrant plugins"
---------------------------------------------------
Git repo git@github.com:encryptdesigns/hybridinteractive.git cannot be
accessed. Please verify the repository exists and you have SSH forwarding set
up correctly.
More info:
> https://roots.io/trellis/docs/deploys/#ssh-keys
> https://roots.io/trellis/docs/ssh-keys/#cloning-remote-repo-using-ssh-
agent-forwarding
fatal: [45.55.201.22]: FAILED! => {"changed": false, "failed": true}
to retry, use: --limit @/Users/Mark/Sites/Hi/hi/trellis/deploy.retry
PLAY RECAP ****************************************************************************************************************************************************************************************
45.55.201.22 : ok=6 changed=0 unreachable=0 failed=1
localhost : ok=0 changed=0 unreachable=0 failed=0
My keys did not change and I can ssh as admin, why can’t trellis?
That error appeared after ./bin/deploy.sh production hybridinteractive.io was ran.
Please verify ... you have SSH forwarding set up correctly. More info: https://roots.io/trellis/docs/ssh-keys/#cloning-remote-repo-using-ssh-agent-forwarding
As the listed link mentions,
ensure that your ssh key is added to your ssh agent
list currently added keys: ssh-add -l
add keys: ssh-add
and — since you’re on MacOS — ensure the key’s password is imported into your Keychain: ssh-add -K
In addition, if you’re on MacOS Sierra, be sure your ssh agent isn’t “forgetting” your keys: