Package_vars_wrong_format error with ansible / trellis

We have SSL switched on on one of our sites, which is a subdirectory multisite.

When you visit the site on the site shows, but none of the images load over https. If I navigate to I get Connection refused.

The fact that isn’t redirecting to https makes me think something is wrong. Next up I tried running

ansible-playbook server.yml -e env=production

But this gives me the below error:

TASK [common : Verify dict format for apt package component variables] *****************************************
System info:
  Ansible; Darwin
  Trellis at "Normalize `apt` tasks"
The conditional check 'package_vars_wrong_format | count' failed. The error
was: error while evaluating conditional (package_vars_wrong_format | count):
[{% for k,v in package_vars.iteritems() if v | type_debug != 'dict' %}'{{ k
}}',{% endfor %}]: {u'apt_packages_custom': u'{{ apt_packages_custom }}',
u'memcached_packages_custom': u'{{ memcached_packages_custom }}',
u'sshd_packages_default': u'{{ sshd_packages_default }}',
u'sshd_packages_custom': u'{{ sshd_packages_custom }}',
u'php_extensions_custom': u'{{ php_extensions_custom }}',
u'apt_packages_default': u'{{ apt_packages_default }}',
u'php_extensions_default': u'{{ php_extensions_default }}',
u'memcached_packages_default': u'{{ memcached_packages_default }}'}: {u
'openssh-server': u'{{ apt_security_package_state }}', u'openssh-client':
u'{{ apt_security_package_state }}'}: 'apt_security_package_state' is

Which seems very odd. I have the same site’s staging server running over https with no issues at all. Has anyone come up against this error? Any advice?


I think your latest Trellis update missed these new vars added to group_vars/all/main.yml in roots/trellis#881.

It’s less common for Trellis updates to touch any group_vars, but if you’re updating manually, don’t forget to check for changes to group_vars. One easy way to see a full diff of what has changed since a given past commit (and to check for changes in group_vars) is to use the GitHub compare feature at

Enter the commit hash for your local Trellis version in the left (“base”) side of the comparison. One way to find your local Trellis commit hash (even if you’ve added your own custom commits) would be to examine the top entry in your local Trellis file and find the related PR.

For example, if your latest entry reads Update WP-CLI to 1.2.1 (#838), you could visit and see that this PR was merged as e5fbe4f. If you enter that hash in the left dropdown (or just “url hack” and type the upcoming url), it gives you, showing all changes you would/should get when you update to master. Check for changes to group_vars.

Once you have added those new vars to group_vars/all/main.yml you should be able to run server.yml, which I suggest you do to ensure your Nginx confs are all correct. Then, I’d suggest also running deploy.yml to ensure that things are in place generally. For example, if you recently changed to https and haven’t yet deployed, the .env file with WP_HOME and WP_SITEURL won’t yet use https (would still be back on http).


Hi @fullyint thanks so much for your message. Reading through it, that all makes complete sense, it was after a manual trellis update which – at the time – seemed to work great.

This change came a few weeks later, and it slipped my mind. I updated those vars, and also a couple in group_vars/all/helpers.yml

ssl_stapling_enabled: "{{ item.value.ssl is defined and item.value.ssl.stapling_enabled | default(true) }}"
cron_enabled: "{{ site_env.disable_wp_cron and (not item.value.multisite.enabled | default(false) or (item.value.multisite.enabled | default(false) and item.value.multisite.cron | default(true))) }}"

Thanks so much again.

1 Like