I don’t think it’s a DNS issue, particularly because the error message fatal: [45.55.167.58] suggests that Trellis/Ansible is trying to connect to the IP directly (vs. trying to connect to a domain that DNS must associate with an IP).
The problem with admin_user: root is that if you ever change and apply sshd_permit_root_login: false, you will have no user who can ssh into your server.
Now that root appears to be able to connect for you, could you change back to admin_user: admin and try running server.yml and see if you don’t in fact see the message below, followed by a successful (“reachable”) connection and a successful run of server.yml?
TASK [remote-user : Announce which user was selected] **************************
Note: Ansible will attempt connections as user = root
The only way I was able to reproduce UNREACHABLE! was following these steps:
- build a droplet
- connect to droplet by ssh, whether via manual ssh or via
server.yml(now I have a hostkey for server in my localknown_hosts) - rebuild droplet (now my local hostkey is out-of-date)
- run
server.ymlagain without removing out-of-date hostkey - out-of-date hostkey causes test-connection for
rootto fail, so Trellis usesadmin_user(i.e.,admin) as fallback, butadminhasn’t been created yet becauseserver.ymlhasn’t run on the rebuilt droplet.
Any chance that may have been your scenario? If so, the solution would be to remove the hostkey from known_hosts after rebuilding the droplet (and before running server.yml): ssh-keygen -R hostname
If you find that the issue you face is not an out-of-date hostkey after rebuilding your droplet, I’d love if you could share a detailed list of steps to reproduce the problem, assuming you discover the problem is with Trellis. Thanks!