Unable to provision a pre-existing project

Hi everyone, I am a pretty much a newbie using Trellis and I am stuck with an issue which might be silly but it’s blocking me. I have my project running on an Intel MacBook Pro and I have deployed with no issues, but on cloning it on a new machine (M1), I am not able to run it locally here below the specs:

  • Parallels Desktop Pro Edition for Mac - Version 18.1.1 (53328)
  • MacBook Pro (13-inch, M1, 2020) - Apple M1 / Memory 8 GB
  • vagrant_box: “jeffnoxon/ubuntu-20.04-arm64”
  • vagrant_box_version: “>= 1.0.0”

It looks like VM is mounting and running correctly:

Plus I can connect via ssh:

But visiting on the browser I have the typical “site cannot be reached”:

So I realised that trellis (vagrant) up haven’t done the provision and I tried to run trellis-cli command, which produces this error:

➜ trellis provision development
Starting galaxy role install process

  • composer (1.9.0) is already installed, skipping.
  • ntp (2.3.1) is already installed, skipping.
  • logrotate (v0.0.5) is already installed, skipping.
  • swapfile (v2.0.32) is already installed, skipping.
  • mailhog (2.3.0) is already installed, skipping.

Running command => ansible-playbook dev.yml -e env=development --inventory-file .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory

PLAY [WordPress Server: Install LEMP Stack with PHP and MariaDB MySQL] *********
[WARNING]: Failure using method (v2_playbook_on_play_start) in callback plugin
(<ansible.plugins.callback.vars.CallbackModule object at 0x103c1abc0>):
Decryption failed (no vault secrets were found that could decrypt) on
ERROR! Decryption failed (no vault secrets were found that could decrypt) on /Users/xxx/myproject/trellis/group_vars/all/vault.yml
exit status 4

And if I use the ansible-playbook command:

I am not sure what am I doing wrong, any suggestion would be really appreciated, thanks in advance!

Howdy! Does this project already have encrypted Vault files? Is there a .vault_pass file in the Trellis directory on your Intel MacBook Pro? Is that file missing on your new machine?

Hi Ben and thanks for your answer. I have added the .vault_pass yes (same I have on the Intel machine)

Any other thoughts? :thinking:

Hi again Ben, for further clarification, I have also encrypted Vault files and just realised I cannot decrypt them, maybe that’s the problem?

An incorrect decryption password can lead to this error.
If you can’t decrypt using ansible-vault decrypt group_vars/all/vault.yml you have an incorrect password.


Hi @mariusmateoc, thanks for your answer! I just tried to decrypt on the old machine using the verbose version of the command -vvvv, I receive this error there too “Error: HMAC verification failed: Signature did not match digest.” so you are probably right.
Do you know how can I fix this?

From what I know there is no way to recover this password. You have to try the brute force method. :expressionless:

In the future, you should use a password manager to save all your passwords.

Well that’s quite annoying. :expressionless: Fun fact: I’ve generated and saved passwords with Last Pass chrome’s extension, so I don’t know how they’re now corrupted. :thinking:

I finally solved the issue. It turned out all vault.yml files were corrupted for some reason, so I had to recreate all new passwords on the old machine, encrypting them, pushing to my repo and pulling on the new machine; then, simply vagrant destroy && trellis up
and it worked like a charm.