For this to happen, I think ssh for root must be disabled. So, we’re dealing with the password for the admin_user.
If this is a new VPS and Trellis has not yet had a successful run of server.yml, then apparently your admin_user already has a password. Or, perhaps you ran server.yml before but have now changed the password and want it to update on the server. Please let us now if your situation is actually something else.
You can leave your new password in group_vars/production/vault.yml. When Trellis gets the chance, it will change the user’s password to this one.
- To make the initial connection, however, you must provide the old existing password when invoking ansible:
ansible-playbook server.yml -e env=production --ask-become-pass - Respond to the immediate prompt to type in the old existing password. The playbook will then run for a bit and fail mid-process when it changes the password. (Ansible continues to try to use the old password which no longer works.)
- Now just rerun
server.yml, but without--ask-become-passthis time. Ansible will now just use the password invault.ymland should finish successfully. There’s a tiny chance you’ll have to wait60sbefore the next connection will succeed.
I don’t believe this is a very common issue, but it could be confusing when it arises. I recall some similar discussion in a thread a year ago.
If none of the above helps, you could google how to just manually change the admin_user password via SSH. Once the password the server knows matches the password in your local vault.yml, that should be the end of the issue.