Unable to provision a pre-existing project

yano1978 · December 30, 2022, 2:19pm

Hi everyone, I am a pretty much a newbie using Trellis and I am stuck with an issue which might be silly but it’s blocking me. I have my project running on an Intel MacBook Pro and I have deployed with no issues, but on cloning it on a new machine (M1), I am not able to run it locally here below the specs:

Parallels Desktop Pro Edition for Mac - Version 18.1.1 (53328)
MacBook Pro (13-inch, M1, 2020) - Apple M1 / Memory 8 GB
vagrant_box: “jeffnoxon/ubuntu-20.04-arm64”
vagrant_box_version: “>= 1.0.0”

It looks like VM is mounting and running correctly:

Plus I can connect via ssh:

But visiting on the browser I have the typical “site cannot be reached”:

So I realised that trellis (vagrant) up haven’t done the provision and I tried to run trellis-cli command, which produces this error:

➜ trellis provision development
Starting galaxy role install process

composer (1.9.0) is already installed, skipping.
ntp (2.3.1) is already installed, skipping.
logrotate (v0.0.5) is already installed, skipping.
swapfile (v2.0.32) is already installed, skipping.
mailhog (2.3.0) is already installed, skipping.

Running command => ansible-playbook dev.yml -e env=development --inventory-file .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory

PLAY [WordPress Server: Install LEMP Stack with PHP and MariaDB MySQL] *********
[WARNING]: Failure using method (v2_playbook_on_play_start) in callback plugin
(<ansible.plugins.callback.vars.CallbackModule object at 0x103c1abc0>):
Decryption failed (no vault secrets were found that could decrypt) on
/Users/xxx/myproject/trellis/group_vars/all/vault.yml
ERROR! Decryption failed (no vault secrets were found that could decrypt) on /Users/xxx/myproject/trellis/group_vars/all/vault.yml
exit status 4

And if I use the ansible-playbook command:

I am not sure what am I doing wrong, any suggestion would be really appreciated, thanks in advance!
Ernesto

ben · December 30, 2022, 3:24pm

Howdy! Does this project already have encrypted Vault files? Is there a .vault_pass file in the Trellis directory on your Intel MacBook Pro? Is that file missing on your new machine?

yano1978 · December 30, 2022, 6:05pm

Hi Ben and thanks for your answer. I have added the .vault_pass yes (same I have on the Intel machine)

Any other thoughts?

yano1978 · January 4, 2023, 9:48am

Hi again Ben, for further clarification, I have also encrypted Vault files and just realised I cannot decrypt them, maybe that’s the problem?

mariusmateoc · January 4, 2023, 10:17am

An incorrect decryption password can lead to this error.
If you can’t decrypt using ansible-vault decrypt group_vars/all/vault.yml you have an incorrect password.

yano1978 · January 4, 2023, 10:52am

Hi @mariusmateoc, thanks for your answer! I just tried to decrypt on the old machine using the verbose version of the command -vvvv, I receive this error there too “Error: HMAC verification failed: Signature did not match digest.” so you are probably right.
Do you know how can I fix this?

mariusmateoc · January 4, 2023, 11:50am

From what I know there is no way to recover this password. You have to try the brute force method.

In the future, you should use a password manager to save all your passwords.

yano1978 · January 4, 2023, 12:15pm

Well that’s quite annoying. Fun fact: I’ve generated and saved passwords with Last Pass chrome’s extension, so I don’t know how they’re now corrupted.

yano1978 · January 4, 2023, 6:41pm

I finally solved the issue. It turned out all vault.yml files were corrupted for some reason, so I had to recreate all new passwords on the old machine, encrypting them, pushing to my repo and pulling on the new machine; then, simply vagrant destroy && trellis up
and it worked like a charm.