Roots Discourse

Permissions + Deploy Initialization Failure


#1

Hey guys,

I’m getting this error on the deploy script.

MODULE FAILURE
Traceback (most recent call last):
  File "/home/ubuntu/.ansible/tmp/ansible-
tmp-1479753083.0-265781181489073/deploy_helper", line 2458, in <module>
    main()
  File "/home/ubuntu/.ansible/tmp/ansible-
tmp-1479753083.0-265781181489073/deploy_helper", line 435, in main
    changes += deploy_helper.create_path(facts['releases_path'])
  File "/home/ubuntu/.ansible/tmp/ansible-
tmp-1479753083.0-265781181489073/deploy_helper", line 297, in create_path
    os.makedirs(path)
  File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/srv/www/example.com/releases

(note I edited the site title)

I’m digging through looking for what I messed up, but was hoping someone else may already have some insight into this.

I can almost guarantee it has something to do with the fact that I changed the web user to ubuntu because my deploy.sh was failing ssh… and yes, that’s exactly it. (on aws)

Probably not the most secure to just hand that directory over to ubuntu for deployment without assily changing it back after. Would rather follow you guys’ best practices.

I think my problem is I screwed up adding the web user as an SSH user during server provisioning.

Currently looking at this

users:
  - name: "{{ web_user }}"
    groups:
      - "{{ web_group }}"
    keys:
      - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
      # - https://github.com/username.keys

And time for the dumb question, is the key listing here supposed to be copying my local ~/.ssh/id_rsa.pub to the remote server as the ssh key for web?

I’m probably going to have to change that since I name all my keys per site. I’m just not sure what this key group here is actually doing. I may just need to provision another key from aws and add it here? or lazily use the same key for ubuntu and web. Which I’m sure is probably frowned upon.

Arbitrary Flattery=This setup is awesome, so glad I stumbled on this community. Thanks for this.


#2

Got it

I don’t think you can add multiple private keys to the ansible.cfg itself, but you can add the web key directly to the hosts file

 # Add each host to the [production] group and to a "type" group such as [web] or [db].
 # List each machine only once per [group], even if it will host multiple sites.

[production]
example.com

[web]
example.com ansible_ssh_private_key_file=~/.ssh/id_rsa