Self-signed certificates not being generated in development

Out of the blue Trellis doesnt seem to want to generate a self signed SSL certificate on a development environment. Here’s the error output.

[details="Summary"]
    non-zero return code
    /bin/bash: -c: line 0: unexpected EOF while looking for matching `)'
    /bin/bash: -c: line 10: syntax error: unexpected end of file
    failed: [default] (item=thechicstylist.com) => {"ansible_loop_var": "item", "changed": true, "cmd": "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -sha256 -extensions req_ext -config <( cat <<' EOF'\n[req]\nprompt = no\ndistinguished_name = req_dn\n[req_dn]\ncommonName = thechicstylist.local\n[req_ext]\nsubjectAltName = DNS:thechicstylist.local,DNS:www.thechicstylist.local\nEOF\n) -keyout thechicstylist.com.key -out thechicstylist.com.cert", "delta": "0:00:00.002998", "end": "2019-09-27 12:05:28.433636", "item": {"key": "thechicstylist.com", "value": {"admin_email": "richard@torbledesign.com", "cache": {"enabled": true}, "local_path": "../site", "multisite": {"enabled": false}, "site_hosts": [{"canonical": "thechicstylist.local", "redirects": ["www.thechicstylist.local"]}], "ssl": {"enabled": true, "provider": "self-signed"}}}, "rc": 1, "start": "2019-09-27 12:05:28.430638", "stderr_lines": ["/bin/bash: -c: line 0: unexpected EOF while looking for matching `)'", "/bin/bash: -c: line 10: syntax error: unexpected end of file"], "stdout": "", "stdout_lines": []}
    ---------------------------------------------------
    non-zero return code
    /bin/bash: -c: line 0: unexpected EOF while looking for matching `)'
    /bin/bash: -c: line 10: syntax error: unexpected end of file
    failed: [default] (item=no_default) => {"ansible_loop_var": "item", "changed": true, "cmd": "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -sha256 -extensions req_ext -config <( cat <<' EOF'\n[req]\nprompt = no\ndistinguished_name = req_dn\n[req_dn]\ncommonName = example.com\n[req_ext]\nsubjectAltName = DNS:example.com\nEOF\n) -keyout no_default.key -out no_default.cert", "delta": "0:00:00.002857", "end": "2019-09-27 12:05:28.630016", "item": {"key": "no_default", "value": {"multisite": {}, "site_hosts": [{"canonical": "example.com"}], "ssl": {"enabled": true, "provider": "self-signed"}}}, "rc": 1, "start": "2019-09-27 12:05:28.627159", "stderr_lines": ["/bin/bash: -c: line 0: unexpected EOF while looking for matching `)'", "/bin/bash: -c: line 10: syntax error: unexpected end of file"], "stdout": "", "stdout_lines": []}
[/details]

I’m a bit stumped why there are references to example.com as well when my wordpress_sites and vault files have been correctly updated.

Any ideas?

Could you provide a copy of your group_vars/development/wordpress_sites.yml and group_vars/roup_vars/development/vault.yml with any sensitive data redacted? It seems to be one of these are incorrectly configured based on your output.

Additionally could you provide more output on the process which happened before the failure, i.e. the last successful process?

The syntax error is stating there’s a missing ) which could potentially be maybe one of your define() constants in bedrock missing a closing tag? Or some other PHP required file

wordpress_sites.yml

  wordpress_sites:
      thechicstylist.com:
        site_hosts:
          - canonical: thechicstylist.local
            redirects:
              - www.thechicstylist.local
        local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
        admin_email: richard@torbledesign.com
        multisite:
          enabled: false
        ssl:
          enabled: true
          provider: self-signed
        cache:
          enabled: true

vault.yml

vault_mysql_root_password: "****************"

# Variables to accompany `group_vars/development/wordpress_sites.yml`
# Note: the site name (`example.com`) must match up with the site name in the above file.
vault_wordpress_sites:
  thechicstylist.com:
    admin_password: "****************"
    env:
      db_password: "****************"

The process prior was to clone the latest Trellis and Bedrock versions and run Vagrant Up.

VU runs to completion with SSL Enabled to False but with it set to True gives the error as above.

@richt Looks like it’s an issue with your installed version of Ansible vs max version tested with Trellis

I’m on Ansible 2.8.4. I was under the impression Trellis supports 2.8.x?

Is there a best practice for downgrading Ansible with Trellis?

Thanks for the super fast help!

It could be that you’ve found a genuine bug within Trellis for local provisioning. I’ll be totally honest I don’t have first hand knowledge of this bug, just did a bit of searching for similar errors and stumbled on this.

Checking the requirements it does state less than 2.9 and more than 2.7.12 so you’re right: https://github.com/roots/trellis/blob/master/requirements.txt#L1

Would be interested to find out if this is a bug specifically in 2.8.4 or whether this is the case across all of 2.8.X

Depending on how you installed Ansible:

Pip
pip install ansible==2.7.12

Homebrew
brew switch ansible 2.7.12

I believe you’ll be prompted to overwrite / uninstall on both of those commands

I have had the same problem with ansible 2.8.5 and 2.8.4.
Finally I’ve downgrade to version 2.7.13 and it works fine.

Thanks guys. It seems as if downgrading Ansible to version 2.7.13 via pip solves the problem.

Same issue, worked with 2.7 for me, i recommend including this in the guides or something.

Thanks for the great work btw.

Same issue with 2.8.3 in ubuntu, only not just on development, staging as well.

Now trying 2.7.13 installed through PIP, but it doesn’t recognize the ansible-playbook command

Downgraded to 2.7.13 and self-signed certs are now being generated. Definitely a bug with 2.8.x

Made a patch - https://github.com/roots/trellis/pull/1110
Can you test it with ansible v2.8.5?

I tryed with 2.8.5 and same error keeps showing. Had to downgrade to 2.7.13.

This topic was automatically closed after 42 days. New replies are no longer allowed.