Key forwarding working, yet doesn't work with playbook? (Kinsta)

broskees · May 30, 2018, 5:16pm

This is the strangest error I think. My key forwarding is working:

ssh geddesfederalsavingsandloans@35.188.253.117 -p 26254
geddesfederalsavingsandloans@35.188.253.117's password:
  _  ___           _
 | |/ (_)_ __  ___| |_ __ _
 | ' /| | '_ \/ __| __/ _` |
 | . \| | | | \__ \ || (_| |_
 |_|\_\_|_| |_|___/\__\__,_(_)

Hi There!
Your site's files are in the /www folder.
Git, Composer and WP-CLI are all available for use!
If you need help just open a ticket on https://my.kinsta.com
Have a marvellous day!

Last login: Wed May 30 17:17:44 2018 from 10.240.0.29
geddesfederalsavingsandloans@sLk-staging-geddesfederalsavingsandloans:~$ ssh -T git@github.com
Hi broskees! You've successfully authenticated, but GitHub does not provide shell access.

Yet I’m getting this error:

TASK [deploy : Clone project files] **********************************************************************************************************************************************************
System info:
  Ansible 2.5.2; Darwin
  Trellis version (per changelog): "Enable `fastcgi_cache_background_update` by default"
---------------------------------------------------
fatal: [kinsta_staging]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
...ignoring

TASK [deploy : Failed connection to remote repo] *********************************************************************************************************************************************
System info:
  Ansible 2.5.2; Darwin
  Trellis version (per changelog): "Enable `fastcgi_cache_background_update` by default"
---------------------------------------------------
Git repo git@github.com:broskees/getitatgeddes.com.git cannot be accessed.
Please verify the repository exists and you have SSH forwarding set up
correctly.
More info:
> https://roots.io/trellis/docs/deploys/#ssh-keys
> https://roots.io/trellis/docs/ssh-keys/#cloning-remote-repo-using-ssh-
agent-forwarding

fatal: [kinsta_staging]: FAILED! => {"changed": false}
        to retry, use: --limit @/Users/josephroberts/localdev/getitatgeddes.com/trellis/deploy.retry

PLAY RECAP ***********************************************************************************************************************************************************************************
kinsta_staging             : ok=7    changed=0    unreachable=0    failed=1

Here’s the verbose output of the playbook: https://gist.github.com/broskees/4efd78198f86c446480bc9c81bcceac0

So obvious I followed the instructions located here. (I.E. ssh-add -K, I also tried ssh-add ~/.ssh/id_rsa_github_broskees since thats the key that connects to GitHub.) I also ran through some of the troubleshooting here. The issue is that when I directly ssh into the server, it works! So it must be something with how ansible is set up? I know ansible.cfg has ssh_args = -o ForwardAgent=yes in it, so I feel this really shouldn’t be an issue. Not to mention I have this in my ~/.ssh/config file:

# Kinsta
Host 35.188.253.117
  ForwardAgent yes
  PreferredAuthentications password
  PubkeyAuthentication no

Has anyone seen anything like this before?
(FYI: I’m deploying to Kinsta and my local machine runs macOS High Sierra)

codepuncher · May 31, 2018, 5:43pm

Can you test cloning the repo manually on Kinsta? As you can SSH in manually with no problems, cloning the repo manually should tell us whether or not the issue is with Ansible or something else.

broskees · May 31, 2018, 9:10pm

@codepuncher Didn’t have a problem cloning

ssh geddesfederalsavingsandloans@35.188.253.117 -p 26254
geddesfederalsavingsandloans@35.188.253.117's password:
  _  ___           _
 | |/ (_)_ __  ___| |_ __ _
 | ' /| | '_ \/ __| __/ _` |
 | . \| | | | \__ \ || (_| |_
 |_|\_\_|_| |_|___/\__\__,_(_)

Hi There!
Your site's files are in the /www folder.
Git, Composer and WP-CLI are all available for use!
If you need help just open a ticket on https://my.kinsta.com
Have a marvellous day!

Last login: Wed May 30 17:21:52 2018 from 10.240.0.29
geddesfederalsavingsandloans@sLk-staging-geddesfederalsavingsandloans:~$ git clone git@github.com:broskees/getitatgeddes.com.git
Cloning into 'getitatgeddes.com'...
remote: Counting objects: 299, done.
remote: Compressing objects: 100% (236/236), done.
remote: Total 299 (delta 11), reused 299 (delta 11), pack-reused 0
Receiving objects: 100% (299/299), 114.48 KiB | 0 bytes/s, done.
Resolving deltas: 100% (11/11), done.
Checking connectivity... done.
geddesfederalsavingsandloans@sLk-staging-geddesfederalsavingsandloans:~$ exit
logout
Connection to 35.188.253.117 closed.

codepuncher · May 31, 2018, 9:28pm

Okay so now we know you definitely are permitted to deploy the repo.

Next thing I’d try is running a deployment again, but with the -vvvv option. This will provide a much more verbose output of the tasks going on.

The most likely cause would be Ansible simply isn’t forwarding your key. Are you running deployment commands outside or inside the VM?

broskees · May 31, 2018, 10:37pm

@codepuncher I’m running it outside the VM.
Heres the verbose output: https://gist.github.com/broskees/4df1cd38f05c4056454451e637681ca6

Should I try and run in inside the VM? I’ve never ran playbooks like that.

broskees · June 1, 2018, 3:00pm

Is there a way to run the playbook within the staging environment for the mean time?

broskees · June 1, 2018, 3:20pm

Wow… develop branch didn’t have an upstream yet. Thanks for the help guys! Glad we got it figured out.