Issues provisioning AWS EC2 instance

intelligence · September 18, 2016, 7:22pm

Hey.

I’m trying to provision my production server over at AWS.
As root is disabled by default on EC2 instances, I’ve gone ahead and changed admin_user in group_vars/all/users.yml from root to ubuntu.

I’ve also added my .pem key file via ssh-add.
I can successfully ssh into my instance via ssh ubuntu@12.345.67.89.

I accidentally ran ./deploy.sh production myurl.com before I ran the playbook command if that makes any difference, but as I try to provision now I get kicked out at
PLAY [WordPress Server - Install LEMP Stack with PHP 7.0 and MariaDB MySQL] ****

Here’s the log (with optional -vvvv added)

ansible-playbook server.yml -e env=production -vvvv
Using /Users/trellis/ansible.cfg as config file
Loaded callback output of type stdout, v2.0

PLAYBOOK: server.yml ***********************************************************
3 plays in server.yml

PLAY [Ensure necessary variables are defined] **********************************

TASK [Ensure environment is defined] *******************************************
task path: /Users/trellis/variable-check.yml:8
skipping: [localhost] => {"changed": false, "skip_reason": "Conditional check failed", "skipped": true}

PLAY [Determine Remote User] ***************************************************

TASK [remote-user : Require manual definition of remote-user] ******************
task path: /Users/trellis/roles/remote-user/tasks/main.yml:3
skipping: [12.345.67.89] => {"changed": false, "skip_reason": "Conditional check failed", "skipped": true}

TASK [remote-user : Check whether Ansible can connect as root] *****************
task path: /Users/trellis/roles/remote-user/tasks/main.yml:10
skipping: [12.345.67.89] => {"changed": false, "skip_reason": "Conditional check failed", "skipped": true}

TASK [remote-user : Set remote user for each host] *****************************
task path: /Users/trellis/roles/remote-user/tasks/main.yml:17
File lookup using /Users/user/.ssh/id_rsa.pub as file
ok: [12.345.67.89] => {"ansible_facts": {"ansible_user": "root"}, "changed": false, "invocation": {"module_args": {"ansible_user": "root"}, "module_name": "set_fact"}}

TASK [remote-user : Announce which user was selected] **************************
task path: /Users/trellis/roles/remote-user/tasks/main.yml:23
File lookup using /Users/user/.ssh/id_rsa.pub as file
Note: Ansible will attempt connections as user = root
ok: [12.345.67.89] => {}

PLAY [WordPress Server - Install LEMP Stack with PHP 7.0 and MariaDB MySQL] ****

TASK [setup] *******************************************************************
File lookup using /Users/user/.ssh/id_rsa.pub as file
<12.345.67.89> ESTABLISH SSH CONNECTION FOR USER: root
<12.345.67.89> SSH: EXEC ssh -C -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/ansible-ssh-%h-%p-%r 12.345.67.89 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1474225771.04-91253793816999 `" && echo ansible-tmp-1474225771.04-91253793816999="` echo $HOME/.ansible/tmp/ansible-tmp-1474225771.04-91253793816999 `" ) && sleep 0'"'"''
<12.345.67.89> PUT /var/folders/jw/8b88hq9549x1515b9lqxn7jh0000gp/T/tmpKzX2Mj TO Please login as the user "ubuntu" rather than the user "root"./setup
<12.345.67.89> SSH: EXEC sftp -b - -C -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/ansible-ssh-%h-%p-%r '[12.345.67.89]'
System info:
  Ansible 2.1.1.0; Darwin
  Trellis at "Add Vagrant post up message"
---------------------------------------------------
SSH Error: data could not be sent to the remote host. Make sure this host can
be reached over ssh
fatal: [12.345.67.89]: UNREACHABLE! => {"changed": false, "unreachable": true}
 [WARNING]: Could not create retry file 'server.retry'.         [Errno 2] No such file or
directory: ''


PLAY RECAP *********************************************************************
12.345.67.89             : ok=2    changed=0    unreachable=1    failed=0   
localhost                  : ok=0    changed=0    unreachable=0    failed=0

So afaik it still tries to ssh in as root, but not sure why.
The server is on 14.04 (project started awhile ago so it’s an old trellis version for 14.04).

fullyint · September 18, 2016, 7:48pm

I think the problem is that Check whether Ansible can connect as root skipped so it chose the default of root. I’m not sure which old version of Trellis you’re using, so I’m not sure exactly which part of the Conditional check failed.

My recommendation would be to update to the latest Trellis and update to Ubuntu 16.04.

Even if you don’t update, at a minimum you’ll need the updates in roots/trellis#631 to accommodate your Ansible 2.1.1.0. Those updates should also help select your ubuntu user.

intelligence · September 18, 2016, 8:17pm

Pulling the changes from #631 worked splendidly! Thanks!

I’ve never updated trellis/sage after I’ve started a project. What’s the prefered way/recommendation for updating? Setup an entirely new project and provision new servers would be the easiest way I imagine.

fullyint · September 18, 2016, 8:22pm

There could be many approaches for updating. Here is one collection of ideas. Remember to back up your uploads and database any time you’ll be destroying/rebuilding the server.