Vagrant-trellis-cert doesn't play nice with Trellis CLI?

Not sure whether there’s another issue at play here, but these self-signed SSL steps never used to give me issues prior to using Trellis CLI… Since changing to the CLI running vagrant trellis-cert trust produces the following error:

Importing certificates...
The provider for this Vagrant-managed machine is reporting that it
is not yet ready for SSH. Depending on your provider this can carry
different meanings. Make sure your machine is created and running and
try again. Additionally, check the output of `vagrant status` to verify
that the machine is in the state that you expect. If you continue to
get this error message, please view the documentation for the provider
you're using.

Furthermore, after the error, trellis up never behaves the same again, producing an endless loop of:

Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Connection reset. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...

And trellis down produces:

Running command => vagrant halt
==> default: Attempting graceful shutdown of VM...
    default: Guest communication could not be established! This is usually because
    default: SSH is not running, the authentication information was changed,
    default: or some other networking issue. Vagrant will force halt, if
    default: capable.
==> default: Forcing shutdown of VM...

Is as if something breaks on the SSH side of things either after running vagrant plugin install vagrant-trellis-cert or vagrant trellis-cert trust

Is there perhaps a different way I should be adding vagrant plugins when using the CLI? Is there some kind of workaround?

The error means that vagrant timed out while trying to access the spun up VM using the default private key.
Reasons can be a differing public allowed key on the VM or network issues.
Can you use the trellis CLI command in verbose/debug mode so you can see what exactly fails when Vagrant tries to SSH into the VM? Also trellis-cli can invoke the vagrant related commands with extra parameters than just doing it manually (where it works as you said).

Did you resolve the issue? I have the same here.

The trellis cli command invokes vagrant differently than manually spinning it up.
Can you run the trellis cli command verbosely so the underlying vagrant invocation is shown?

do you mean trellis up or something else?

So it seems that vagrant isn’t able to up before the cert tool can actually connect.

I am not able to find something in the vagrant-trellis-cert trust command that could prevent the connection or changes the SSH connection/ikey:

1 Like

I am having the same issue when I trellis down or vagrant halted I get when trying to spin it back up

default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Authentication failure. Retrying...
default: Warning: Authentication failure. Retrying...

Seem to be experiencing the same issue.

Update trellis to last version and use ansible 2.8.0 did the trick for me

Aitor, are you using trellis-cli or trellis-cli-dev?

I downgraded ansible to 2.8.0 and upgraded trellis-cli to trellis-cli-dev. And still getting the same errors…

What version of ansible-base do you have when you install ansible 2.8.0?

My ansible is 2.8.0, but it installs ansible-base 2.10.11 (there is not an ansible-base available prior to 2.10.0 when trying to install ansible-base separately.)

I installed trellis with git command (not trellis cli) and downgrade ansible from 2.11.2, after this output message:

[WARNING]: Your Ansible version is 2.11.2 but this version of Trellis has only
been tested for compatability with Ansible 2.8.0 -> 2.9.10. It is advisable to
check for Trellis updates or downgrade your Ansible version.

The main step for me was to get a fresh Trellis copy from repo. I really don’t know what exactly was wrong. In these cases I install a new empty project and see if it works. I’ve spent all morning fiddling with versions of ansible, python, and trellis. Finally, a new version of trellis worked, moving the old configuration (group_vars, etc) to the new trellis.

Hm, some further debugging questions:

  1. When you use upped a vagrant box without involvement of the vagrant-trellis-cert tool,
    does it work then (you wrote it does, but are you sure?)
  2. When down and then up the vagrant box, does it still work?
  3. When you use vagrant-trellis-cert on a vagrant box that is already upped successfully, does it break it? Does it break ti when you down the box and then up again (on box spin up)?

Now it seems to work fine:

% vagrant trellis-cert trust
Importing certificates...
SUCCESS:    arte-conocimiento.test

Also, I can open the local projects with https with no problems.
Vagrant halt and up also work.

I gave up trying to get it to work for now bc of lack of time, and just disabled using certs altogether for local dev. I tried various versions of ansible and trellis to no avail.

vagrant-trellis-cert’s author here.

If @aitor or anyone finds our what’s happening, send a PR or create an issue on GitHub - TypistTech/vagrant-trellis-cert: Trust all Trellis self-signed certificates with a single command Thanks in advance.

Even better if you can port the functionality to trellis-cli. Vagrant’s plugin system is changing. When it comes, vagrant-trellis-cert would be rendered useless.

3 Likes

I had another go using a new trellis install with a fresh trellis with hand migrated configs, and various ansible versions to no avail.

❯ vagrant --version
Vagrant 2.2.16

❯trellis new --trellis-version dev

Vagrant wouldn’t up with ansible 2.8 (I tried 2.8.0 and 2.8.20.)
I got the vagrant trellis-cert trust error about the Vagrant managed machine not being ready for ssh with ansible 2.9.3

Some thoughts that crossed my mind:
-I wonder if it has something to do with the ssh format automatic upgrade
-I wonder if it has something to do with the use of sshd_permit_root_login: false

Still getting the ssh auth errors on vagrant reload as well:

❯ vagrant reload
==> default: Attempting graceful shutdown of VM…
default: Guest communication could not be established! This is usually because
default: SSH is not running, the authentication information was changed,
default: or some other networking issue. Vagrant will force halt, if
default: capable.
==> default: Forcing shutdown of VM…
==> default: Checking if box ‘bento/ubuntu-20.04’ version ‘202105.25.0’ is up to date…
==> default: Clearing any previously set forwarded ports…
==> default: Clearing any previously set network interfaces…
==> default: Preparing network interfaces based on configuration…
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports…
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running ‘pre-boot’ VM customizations…
==> default: Booting VM…
==> default: Waiting for machine to boot. This may take a few minutes…
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Authentication failure. Retrying…
default: Warning: Authentication failure. Retrying…
default: Warning: Authentication failure. Retrying…
default: Warning: Authentication failure. Retrying…
default: Warning: Authentication failure. Retrying…

Having the same issues although I have been able to vagrant up with ansible 2.8

Edit: I installed a fresh copy of trellis from repo as @aitor recommends and I am able to remove the faulty cert I tried to add previously using vagrant trellis-cert distrust and running vagrant trellis-cert trust in the new repo successfully. While this does allow me to get the trellis cert working I am still getting ssh auth errors on vagrant reload.

2 Likes

Jack, That’s good to know. What version of ansible are you using?

I’m running in this issue again. No cert trust and no SSH auth. What a nightmare…

1 Like