'vagrant up' fails at ferm

Hi all,

New to both Vagrant and Trellis. I’ve been attempting to set up a clean install of the Roots Example Project (https://github.com/roots/roots-example-project.com). I haven’t created any staging/productions servers.

I’m running Ansible 1.9.4, Virtual Box 5.0.1, and Vagrant 1.7.4

When I run ‘vagrant up’ in the trellis directory, it gets to the ferm task, and then throws the following error:

TASK: [ferm | ensure iptables rules are disabled] ***************************** 
failed: [default] => {"changed": false, "cmd": ["ferm", "--flush", "/etc/ferm/ferm.conf"], "delta": "0:00:00.028645", "end": "2015-12-20 03:28:03.492103", "rc": 25, "start": "2015-12-20 03:28:03.463458", "warnings": []}
stderr: Error in /etc/ferm/filter-input.d/50_dport_accept_ssh.conf line 7:
) 
{ 
    saddr 
    ( 
        html head meta http-equiv = <--
equals operator ("=") is not allowed here

NOTIFIED: [fail2ban | restart fail2ban] *************************************** 
changed: [default]

NOTIFIED: [ferm | restart ferm] *********************************************** 
skipping: [default]

PLAY RECAP ******************************************************************** 
           to retry, use: --limit @/Users/SimonBloom/dev.retry

default                    : ok=16   changed=9    unreachable=0    failed=1   

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

Does anyone have any insight on this?

Let me know if you’d like me to include any more information about what I’ve done/tried. Apologies if this is a very rudimentary mistake I’m making!

Thanks so much in advance for any/all advice.

@sbloom I think you’re running into the problem described at roots/trellis#437 where the IP lookup doesn’t return your IP but a bunch of html instead.

That diagnostic.opendns.com/myip may work in the future if you try later. For now, you could manually enter your IP into the ip_whitelist variable (you need to replace the lookup to diagnostic.opendns.com/myip), or enter in one of these lookup alternatives.

1 Like

You got it!

I replaced my ip_whitelist lookup with this:

{{ lookup('pipe', 'curl -4 https://ipinfo.io/ip') }}

and this solved the issue! Thanks so much for your help.

I was having this same issue but with my staging server on GCE. This worked, but I had to change it in security.yml probably the difference is he was having the issue on a vagrant provision not a live server provision.

Either way this is the second thing that pops up in Google when you look for this problem so just incase anyone else has the same issue but on a production or staging server.

Thanks for saving me some time figuring this out on my own!