Error when trying to provision a production server

Hi guys,

I am trying to provision a production environment but got two errors:

The first one when running trellis provision production is:

PLAY [WordPress Server - Install LEMP Stack with PHP and MariaDB MySQL] ********

TASK [Gathering Facts] *********************************************************
[WARNING]: Unhandled error in Python interpreter discovery for host
trellis.ltroya.me: Failed to connect to the host via ssh:
root@trellis.ltroya.me: Permission denied (publickey).
fatal: [trellis.ltroya.me]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"trellis.ltroya.me\". Make sure this host can be reached over ssh: root@trellis.ltroya.me: Permission denied (publickey).\r\n", "unreachable": true}

I am not sure how to specify the ssh key to log in into the server. Don’t see any option at trellis/group_vars/production

The second one when running ansible-playbook server.yml -e env=production --key-file=~/.ssh/<SOME_SSH_KEY> is:

TASK [mariadb : Add MariaDB PPA] *******************************************************************************************************
fatal: [<DOMAIN>]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: E:The repository 'https://mirror.rackspace.com/mariadb/repo/10.6/ubuntu kinetic Release' does not have a Release file."}

First error: Did you remember to add the url to your ssh key to group_vars/all/main.yml?

I only ask because I’ve done that before.

Second error is probably a plugin that needs to be added to support Maria DB on Ubuntu. Maybe the url to it got updated.

1 Like

Hi @rguttersohn

I don’t see any URL here, this is the content of that file:

apt_cache_valid_time: 3600
apt_package_state: present
apt_security_package_state: latest
apt_dev_package_state: latest
composer_keep_updated: true
php_version: "8.0"
ntp_timezone: Etc/UTC
ntp_manage_config: true
www_root: /srv/www
max_journal_size: 512M

# Values of raw_vars will be wrapped in `{% raw %}` to avoid templating problems if values include `{%` and `{{`.
# Will recurse dicts/lists. `*` is wildcard for one or more dict keys, list indices, or strings. Example:
#   - vault_wordpress_sites.*.*_salt    -- matches vault_wordpress_sites.example.com.env.secure_auth_salt etc.
# Will not function for var names or topmost dict keys that contain a period ('.').
raw_vars:
  - vault_mail_password
  - vault_mysql_root_password
  - vault_users.*.password
  - vault_users.*.salt
  - vault_wordpress_env_defaults
  - vault_wordpress_sites

The version of trellis I am using is: v1.19.0

Are you in roles/mariadb/defaults/main.yml?

I have this url there instead:
http://mirrors.gigenet.com/mariadb/repo/10.5/ubuntu

I believe our prod server is running off Ubuntu 16ish. It might be a different one if you are deploying a server using ubuntu 20+

Ubuntu Kinetic means 22.10.

Trellis only supports LTS releases up to 22.04 (which is Jammy).

@swalkinshaw Understood. I will try that version.

Do you know if I missed something in the first error? Is there a place where I can specify my ssh key to access the server for the first time?

Kind regards,
Luis

You need SSH access prior to provisioning your server, per Remote Server Setup | Trellis Docs | Roots

Many hosts like DigitalOcean offer to automatically add your SSH key when creating a server so take advantage of that. Or follow a guide such as this one.

Hi @ben

I created a droplet in Digital Ocean with only ssh access (no password access). But I every time I run trellis provision production, it throws the error of: Permission denied (publickey).

users:
  - name: "{{ web_user }}"
    groups:
      - "{{ web_group }}"
    keys:
      - "{{ lookup('file', '~/.ssh/id_rsa', errors='ignore') }}"
      # - https://github.com/username.keys
  - name: "{{ admin_user }}"
    groups:
      - sudo
    keys:
      - "{{ lookup('file', '~/.ssh/id_rsa', errors='ignore') }}"
      # - https://github.com/username.keys

That was the piece the configuration I modified before running the code. I also make sure it works using the command:

ssh root@SERVER_IP -i ~/.ssh/id_rsa

Am I missing something?

Cheers,
Luis.

I’d suggest seeing if your SSH keys work outside of Trellis:

ssh root@SERVER_IP
ssh web@SERVER_IP

Both of these should connect without asking for a password, and without having to explicitly specify a key.

ssh will automatically try to use your public keys found in your local ~/.ssh/ folder.

1 Like