mariaDB install doesnt pick up password

Hey there,

Trying to deploy a staging server.
Running on a windows machine, i am running the ansible-playbook server.yml -vvvv -e env=staging from within Vagrant, in /vagrant .

I think i’ve set up everything there is to set, but still i get this error:

 failed: [ip-address] => (item=localhost) => {"failed": true, "invocation": {"module_args": {"append_privs": false, "check_implicit_admin": true, "config_file": "~/.my.cnf", "encrypted": false, "host": "localhost", "login_host": "localhost", "login_password": null, "login_port": 3306, "login_unix_socket": null, "login_user": null, "name": "root", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "priv": null, "ssl_ca": null, "ssl_cert": null, "ssl_key": null, "state": "present", "update_password": "always", "user": "root"}, "module_name": "mysql_user"}, "item": "localhost", "msg": "unable to connect to database, check login_user and login_password are correct or /root/.my.cnf has the credentials. Exception message: (1045, \"Access denied for user 'root'@'localhost' (using password: NO)\")"}

It appears 4 times; for me set hostname, localhost, 127.0.0.1, and ::1 .
I’ve even tried hardcoding my mysql_root_password in the mariadb task - but each time i get this error which specifies using password: NO
…
Its similar to a few old issues i’ve seen but none of the suggested fixed helped me.

I’m new to the great roots pack - maybe im not getting something …

I’ve tried sshing and apt-get removing the all mysql repos, and ran the playbook again, got the same error, and then tried mysql -u root -p to check - but my set password doesnt work.

Any tip in the right direction would be greatly appreciated - it’s been hours . . .

Did this error appear the very first time you tried to provision the server with ansible-playbook server.yml -vvvv -e env=staging?

I know there’s been some issues when changing the password after a provision, but I haven’t heard of any on the first time.

You could always try to kill and re-create the staging server and run the provision again.

The first few times i had some other errors when i was still going through the missing bits of settings…
So i am guessing the mariadb was built before it first got the users error.

By kill and re-create you mean just scrape the whole vps and make a new one? [its not hard i just want to get your meaning]

Yep that’s exactly what I mean. I’m hoping/assuming some of those others errors you encountered first messed up the state a little bit. So hopefully now that you’re settings all are correct doing it from scratch again should fix it.

I’ll try that now.

While running - why must i set --ask-become-pass if i am already setting a hashed password in vault.yml ? + i will verify soon, but in the previous machine, i skipped that after running with it a few times, and it was ok - is it saved somewhere?

DANG.
I hit that error again on a new server.

I’ll try spinning up a newer new server.

Here’s my understanding. Hope I got it right.

The hashed password in vault.yml is loaded on the server. To escalate a non-root user’s privileges to run the playbook using sudo, you must enter a raw/unhashed password. The server makes a cryptographic hash of the submitted password and compares it to the hash previously loaded onto the server from vault.yml.

With that background, you’ll understand that the hash in vault.yml is not the raw/unhashed password that must be entered in order to run sudo commands. Instead, you must manually enter this raw password each time your run server.yml to enable the admin_user to run tasks using sudo.

It’s a little less painful when you know you can use the shortcut -K (uppercase K) instead of having to type --ask-become-pass

This applies only if you have sshd_permit_root_login: false in group_vars/all/security.yml (which is a good setting for security ).

I agree with @swalkinshaw:

Let us know what ends up being the fix.

I ran the script on a fresh box, and finished fine!
i destroyed that machine and will try again today as wordpress didnt actually install - im guessing it another wrong config i made.

the DH part did take very long, a few minutes on 99.9% cpu

And i understand the -K now, thanks!
I actually didnt have sshd_permit_root_login: false but also didnt set up the public key correctly [named it id_rsa.pub instead of authorized_keys …]

Although dev.yml automatically installs WP on your dev machine, server.yml deliberately does not install WP:

Thanks for the mention.

Makes sense for the provision not to install WP.
I’ll just say the docs mention the git repo is required for the trellis run - which i can say it isnt, not for the trellis provision run anyway. It’s just a bit confusing.

Im now trying to get bedrock deployed, but having some trouble with the ssh keys. Using the roots/bedrock repo, im getting failed…

FAILED! => {"changed": false, "failed": true, "msg": "Git repo git@github.com:roots/bedrock.git cannot be accessed. Please verify the repository exists and you have SSH forwarding set up correctly.\nMore info:\n> https://roots.io/trellis/docs/deploys/#ssh-keys\n> https://roots.io/trellis/docs/ssh-keys/#cloning-remote-repo-using-ssh-agent-forwarding\n"}

Am i expected to fork the repo and add it as my own ?

++ Also, i am using the same username for admin_user and web_user, and so i replaced in admin in vault.yml with my own actual username

Reviewing the README and docs, I only found of the repo variable mentioned under a “Deploy” header or on the Remote Server Setup page with the clarifier “required, used when deploying”. In any case, it would be rare to provision and not deploy because then you’d have a server but no site. I guess you could load up your site manually or using some non-Trellis deploy method.

Yes, if you want to add any custom dependencies to the bedrock composer.json file (e.g., if you want any WP plugins, etc.).

If the git clone error msg persists after switching repo to your fork, check out the SSH Keys docs’ discussion of SSH agent forwarding (mentioned in the error msg you posted).

This thread has covered a variety of topics. If something new comes up, search discourse and the docs a bit, then go ahead and start a new thread, describing where you are in the debugging process.

My understanding of this issue is a little hazy, but I’d recommend against having the admin_user and the web_user the same. The web_user owns and manages files in your web root and typically has limited privileges, for the sake of security. If you make web_user the same as admin_user, you’re giving web_user more privileges than necessary.

There are some security implications I’d have to research to enumerate. One practical implication, however, is that if you work with a team, it is convenient to enable junior members to deploy as web_user but not change server configs, which would require running as admin_user. More discussion here and around discourse.

It is not a hassle to leave the defaults admin_user: admin and web_user: web. You just need your SSH keypair set up with the public key on the server and the private key on your local machine and the user stuff will take care of itself when running Trellis playbooks. I guess you’d have to remember to use admin or web when SSH-ing manually, but that’s not too much trouble.

I’ve written way too much, but I’ll concede that if you’re the only one who will ever SSH in to the server to make changes with sudo, then it seems fine to set admin_user to your actual username.

RIGHT.

Thank you for all the help @fullyint .

One semi-important side note, since we did cover so many topics - after a successful deploy & install - i still found i was getting a 502 bad gateway error, for both of the 2 site_hosts set for my site.

Digging for a minute in log files led me to restart php with service php7.0-fpm restart

Here are the errors for reference:

/srv/www/logs/access.log :

1.2.3.4 - - [10/Mar/2016:19:20:18 +0200] "GET /index.php HTTP/1.1" 502 166 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"

/srv/www/logs/error.log :

2016/03/10 19:05:22 [crit] 31959#31959: *6 connect() to unix:/var/run/php-fpm-wordpress.sock failed (2: No such file or directory) while connecting to upstream, client: 1.2.3.4, server: domain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm-wordpress.sock:", host: "domain.com"

/var/log/php7.0-fpm.log :

[10-Mar-2016 18:41:25] NOTICE: Reloading in progress ...
[10-Mar-2016 18:41:25] NOTICE: reloading: execvp("/usr/sbin/php-fpm7.0", {"/usr/sbin/php-fpm7.0", "--daemonize", "--fpm-config", "/etc/php/7.0/fpm/php-fpm.conf"})
[10-Mar-2016 18:41:25] ERROR: [pool wordpress] the chdir path '/srv/www/' does not exist or is not a directory
[10-Mar-2016 18:41:25] ERROR: [pool wordpress] the chdir path '/srv/www/' does not exist or is not a directory
[10-Mar-2016 18:41:25] ERROR: failed to post process the configuration
[10-Mar-2016 18:41:25] ERROR: failed to post process the configuration
[10-Mar-2016 18:41:25] ERROR: FPM initialization failed
[10-Mar-2016 18:41:25] ERROR: FPM initialization failed
[10-Mar-2016 18:53:05] ERROR: [pool wordpress] the chdir path '/srv/www/' does not exist or is not a directory
[10-Mar-2016 18:53:05] ERROR: failed to post process the configuration
[10-Mar-2016 18:53:05] ERROR: FPM initialization failed
[10-Mar-2016 18:53:05] ERROR: [pool wordpress] the chdir path '/srv/www/' does not exist or is not a directory
[10-Mar-2016 18:53:05] ERROR: failed to post process the configuration
[10-Mar-2016 18:53:05] ERROR: FPM initialization failed

after php restart :

[10-Mar-2016 19:23:12] NOTICE: fpm is running, pid 1486
[10-Mar-2016 19:23:12] NOTICE: ready to handle connections
[10-Mar-2016 19:23:12] NOTICE: systemd monitor interval set to 10000ms

THX a 10*8sideways !