Trellis Provision: Failed to update apt cache: unknown reason

Chriis · February 8, 2023, 11:29am

Hello,

I’m currently having issues re-provisioning my Staging server in DigitalOcean. I’m able to re-provision locally and in production using the Trellis CLI, but I have no idea why it’s failing on Staging. I can see in the logs that it failed to connect to host via SSH, but I can SSH into all environments without any issues using trellis ssh staging. Any ideas what’s causing it to fail?

Error log and versions below:

TASK [common : Update apt packages] ********************************************

<server_name> Failed to connect to the host via ssh: OpenSSH_9.0p1, LibreSSL 3.3.6

fatal: [server_name]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_change_held_packages": false,
            "allow_downgrade": false,
            "allow_unauthenticated": false,
            "autoclean": false,
            "autoremove": false,
            "cache_valid_time": 0,
            "clean": false,
            "deb": null,
            "default_release": null,
            "dpkg_options": "force-confdef,force-confold",
            "fail_on_autoremove": false,
            "force": false,
            "force_apt_get": false,
            "install_recommends": null,
            "lock_timeout": 60,
            "only_upgrade": false,
            "package": null,
            "policy_rc_d": null,
            "purge": false,
            "state": "present",
            "update_cache": true,
            "update_cache_retries": 5,
            "update_cache_retry_max_delay": 12,
            "upgrade": null
        }
    },
    "msg": "Failed to update apt cache: unknown reason"
}

MacOS Ventura 13.1 (M1)
Vagrant - 2.2.18
Trellis - 1.19.0
Trellis CLI - 1.9.0
DigitalOcean Droplet: Ubuntu 20.04.3

rguttersohn · February 8, 2023, 2:19pm

I don’t think this is the issue because the error doesn’t look the same, but sometimes provisioning or deployments fail to connect via ssh for me because the ssh key is no longer in my keychain for whatever reason.

Try this command to add it back in and then try re-provisioning.

ssh-add --apple-use-keychain ~/.ssh/id_ed25519

swalkinshaw · February 9, 2023, 4:07am

That’s very weird It always fails on that same task?

Might be useful to comment out or delete that task and see what happens.

strarsis · February 9, 2023, 4:42am

Also running apt update manually on the staging server could help showing the error that occurs when updating apt, e.g. a network issue, insufficient disk space, a stray apt lockfile.

Chriis · February 9, 2023, 8:16am

@swalkinshaw Yes. I did try to remove the task you mentioned and it failed again, but only on the task below.

TASK [common : Checking essentials] ********************************************

<server_name> Failed to connect to the host via ssh: OpenSSH_9.0p1, LibreSSL 3.3.6

failed: [server_name] (item=build-essential) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_change_held_packages": false,
            "allow_downgrade": false,
            "allow_unauthenticated": false,
            "autoclean": false,
            "autoremove": false,
            "cache_valid_time": 3600,
            "clean": false,
            "deb": null,
            "default_release": null,
            "dpkg_options": "force-confdef,force-confold",
            "fail_on_autoremove": false,
            "force": false,
            "force_apt_get": false,
            "install_recommends": null,
            "lock_timeout": 60,
            "name": "build-essential",
            "only_upgrade": false,
            "package": [
                "build-essential"
            ],
            "policy_rc_d": null,
            "purge": false,
            "state": "present",
            "update_cache": null,
            "update_cache_retries": 5,
            "update_cache_retry_max_delay": 12,
            "upgrade": null
        }
    },
    "item": {
        "key": "build-essential",
        "value": "present"
    },
    "msg": "Failed to update apt cache: unknown reason"
}

Chriis · February 9, 2023, 8:39am

@strarsis I did try to run apt update manually on the server and here’s the error I got:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repos.insights.digitalocean.com/apt/do-agent main InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY <KEY_HERE>
W: Failed to fetch https://repos.insights.digitalocean.com/apt/do-agent/dists/main/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY <KEY_HERE>
W: Some index files failed to download. They have been ignored, or old ones used instead.

strarsis · February 9, 2023, 9:27am

Looks like a repository key (deprecation) warning, which can be manually fixed, see