Trellis: ./bin/ Deploy Error

I’ve read and followed the instructions on every thread in discourse and github regarding the issues with earlier openssh version and HostKeyAlgorithms SSH options, mainly: Use dynamic HostKeyAlgorithms SSH option for unknown hosts and Failed to connect to the host via ssh: OpenSSH_6.2p2.

Now, I’m at the point where I get an error once executing the deploy script (i. e. ./bin/ production

Here’s the related verbose error text:

System info:
  Ansible; Darwin
  Trellis at "Change `remote-user` role to `connection` role: tests host key, user"
Traceback (most recent call last):
  File "/tmp/ansible_I1e6h0/", line 478, in
  File "/tmp/ansible_I1e6h0/", line 437, in
    changes += deploy_helper.create_path(facts['project_path'])
  File "/tmp/ansible_I1e6h0/", line 300, in
  File "/usr/lib/python2.7/", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib/python2.7/", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/srv/www'

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 13] Permission denied: '/srv/www'
fatal: []: FAILED! => {"changed": false, "failed": true, "module_stdout": ""}

Ideas as to how to resolve this error and finalize the deployment process will be greatly appreciated.

Thank you much.

1 Like

Thanks for reporting some of the threads you’ve already reviewed.

Could you check the ownership of /srv/www? It should be web:www-data.
For example, ls -alh /srv/www on your server should probably show something like this:

drwxr-xr-x 4 web  www-data 4.0K Mar 27 19:38 .
drwxr-xr-x 3 root root     4.0K Mar 27 19:38 ..
drwxr-xr-x 5 web  www-data 4.0K Mar 27 22:15

If the ownership seems incorrect, you might see if re-running the wordpress-setup role will fix it, then try your deploy again:

ansible-playbook server.yml -e env=production --tags wordpress

Could you also run the deploy with -vvv for verbosity and share the entire output?

ansible-playbook deploy.yml -e " env=production" -vvv
1 Like

Thanks Phil for your suggestions!

I believe you’re right, the ownership seems incorrect as my “srv” folder on the droplet doesn’t include the subdirectories (i.e. www/

For what it’s worth, here’s the permission settings for “srv”:

drwxr-xr-x  2 root root 4.0K Mar  8 02:16 srv

@solray Whereas local development setup only requires a vagrant up, which runs dev.yml to provision the VM and install WordPress all in one step, remote server setup requires two steps: server.yml to provision then deploy.yml to deploy. Perhaps you ran into the original issue because the server had not yet been provisioned. If so, maybe you just need to run server.yml then try your deploy again.

@fullyint, thanks for the follow up. I’m pretty sure I have as I’ve followed each and every step (until the error) of (i.e. Video + Step by Step)

For my first install I’ve used custom ssh with a config file for the different hosts. I suspected this may be the cause so I started a new droplet with no custom ssh (i.e id_rsa) with no luck, same error.

Here are the steps I took earlier:

Step 1
Start fresh with a new Trellis, Bedrock install.

Step 2
Followed the step by step and video by

Step 3
First error when -
ansible-playbook server.yml -e env=production

System info:
Ansible; Darwin
Trellis at “Check Ansible version before Ansible validates task attributes”

Failed to validate the SSL certificate for Make sure your
managed systems have a valid CA certificate installed. If the website serving
the url uses SNI you need python >= 2.7.9 on your managed machine or you can
install the `urllib3`, `pyopenssl`, `ndg-httpsclient`, and `pyasn1` python
modules to perform SNI verification in python >= 2.6. You can use
validate_certs=False if you do not need to confirm the servers identity but
this is unsafe and not recommended. Paths checked for this platform:
/etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl
fatal: []: FAILED! => {"changed": false, "failed": true}

Step 4
Moving on with updating Trellis files as to @fullyint commits in branch: Use dynamic HostKeyAlgorithms SSH option for unknown hosts

Step 5
Error with -
ansible-playbook server.yml -e env=production

Step 6
Success (at least no red errors) with -
ansible-playbook server.yml -e env=production --tags users

But, at this point I can see on DO droplet that the admin/ and web/ users in home/ directory were created, however, srv/ is empty and the www/ subdirectory is missing.

Not sure how to debug next.

Thanks for listing your steps! Sad it’s not working yet.

This is probably a temporary connectivity issue and will resolve itself (try again later; example).

That Failed to validate the SSL certificate is the error you list in step 3, then in step 4 you apply roots/trellis#708, but note that these two are different issues. You shouldn’t need #708 unless your ssh -V shows an OpenSSH version less than 6.5 (maybe that does apply to you).

I assume the error in step 5 is a repeat of the Failed to validate the SSL certificate. If this doesn’t resolve itself when you try again after an hour or two, you could cause the offending task to skip by including this line in your group_vars/all/main.yml for the next day or two:

ssh_client_ip_lookup: false

You saw no red errors for the command with --tags users but note that this runs only one role (users) among many, so most of the provisioning has not completed. So, it is not surprising that subdirectories seem missing from the server.

Try adding ssh_client_ip_lookup: false and run ansible-playbook server.yml -e env=production and see if it finishes. If you get new consistent errors that you cannot resolve by searching around a bit, post verbose output (-vvv) from this command:
ansible-playbook server.yml -e env=production -vvv


It does. I’m on OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

As to the other suggestions, I’ll work on it and report back.

Thank you @fullyint

This seems to solve the problem. Site is finally deployed.

Can’t thank you enough @fullyint :pray: :pray: :pray:

1 Like