Trellis key generate (what to do about different environments)

I have ran trellis key generate as per these docs and got my staging server to run with this github action

# Uncomment this deploy job in this file to use the
# https://github.com/roots/setup-trellis-cli GitHub Action
# for deploying this repo to staging when pushing to staging.
#
# Make sure you've set up the following secrets in your repo:
# - TRELLIS_DEPLOY_SSH_PRIVATE_KEY
# - TRELLIS_DEPLOY_SSH_KNOWN_HOSTS
# - ANSIBLE_VAULT_PASSWORD

name: Deploy SCBC site

on:
  workflow_dispatch:
  push:
    branches: [staging]

jobs:
  # example:
  #   runs-on: ubuntu-latest
  #   steps:
  #     - name: Example deploy job
  #       run: echo "This is an example deploy job. Uncomment the deploy job in .github/workflows/deploy.yml to use the roots/setup-trellis-cli GitHub Action for deploying this repo to staging when pushing to main."

  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - uses: actions/setup-node@v3
      with:
        node-version: '20'
        cache: yarn
        cache-dependency-path: yarn.lock
    - uses: shimataro/ssh-key-action@v2
      with:
        key: ${{ secrets.TRELLIS_DEPLOY_SSH_PRIVATE_KEY }}
        known_hosts: ${{ secrets.TRELLIS_DEPLOY_SSH_KNOWN_HOSTS }}
    - uses: webfactory/ssh-agent@v0.5.4
      with:
        ssh-private-key: ${{ secrets.TRELLIS_DEPLOY_SSH_PRIVATE_KEY }}
    - uses: roots/setup-trellis-cli@main
      with:
        ansible-vault-password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
        repo-token: ${{ secrets.GITHUB_TOKEN }}
    - name: Deploy
      run: cd trellis && trellis deploy staging

And then I have setup my qa deployment

name: Deploy SCBC site to QA

on:
  workflow_dispatch:
  push:
    branches: [qa]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: '20'
          cache: yarn
          cache-dependency-path: yarn.lock
      - uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.TRELLIS_DEPLOY_SSH_PRIVATE_KEY }}
          known_hosts: ${{ secrets.TRELLIS_DEPLOY_SSH_KNOWN_HOSTS }}
      - uses: webfactory/ssh-agent@v0.5.4
        with:
          ssh-private-key: ${{ secrets.TRELLIS_DEPLOY_SSH_PRIVATE_KEY }}
      - uses: roots/setup-trellis-cli@main
        with:
          ansible-vault-password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
          repo-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Deploy
        run: cd trellis && trellis deploy qa 

The servers share the same ssh key I added from the trellis/public_keys/key.pub

But my qa fails on deploy

TASK [Gathering Facts] *********************************************************
fatal: [redacted]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: web@redacted: Permission denied (publickey).", "unreachable": true}

Could it be that the known hosts are different but I thought trellis key generate set that automatically. Not exactly sure here.

Let me know what I might be doing wrong.

I had the incorrect repo in the new qa trellis/group_vars/qa/wordpress_sites.yml

1 Like