Skip to content

Solutions to problems you may encounter

Nick Janetakis edited this page Jan 13, 2015 · 11 revisions

Solutions to problems you may encounter

General

Role specific

General

Tasks are skipped when you're positive they shouldn't be skipped

Chances are you forgot to add the host to the inventory for the role that's being skipped. For example if you want to deploy a rails application and it gets skipped then you would add this to your inventory file:

[debops_rails_deploy]
yourhostname
Error when gathering facts while running Ansible

Run the command with -vvvv and you will see that is likely due to SSH warning you that it may have detected a DNS spoofing attempt.

This occurs when you use the same container name as one that was previously deleted. The fix requires you to run this:

ssh-keygen -f "~/.ssh/known_hosts" -R YOURCONTAINERNAME

Randomly locked out of SSH with an SSH exchange error

The ferm role will block ssh connections after you attempt to connect too many times in a row. This is a security precaution to prevent brute force attacks.

If you are testing things locally you may want to add this to:

inventory/group_vars/all.yml:

# White list your local network from ever being blocked.
sshd_allow: ['192.168.0.0/16']

Then re-run Ansible on all hosts: debops -t sshd.

Containers are unable to ping external hosts

The local IP address of your controller likely changed. You should turn on nat masquerading by adding this to your controller's inventory:

nat_masquerade: True

Then re-run Ansible on your controller:

debops -l ansible_controllers -t nat,lxc.

404s when trying to apt install packages

This is likely due to Debian's CDN not working. It does go out from time to time in certain regions. You can fix this by adding these lines to your group_vars/all.yml file.

# Replace the 'us' with whatever region you're in, find a list here:
# http://debian.mirrors.tds.net/pub/linux/debian/README.mirrors.html
apt_debian_http_mirror: 'ftp.us.debian.org'
lxc_template_debootstrap_mirror: 'http://{{ apt_debian_http_mirror }}/debian'
netaddr isn't found

This commonly happens on OSX but can happen anywhere. For example if you installed Ansible with brew or another package manager and pip installed DebOps then the netaddr package won't be available to Ansible.

To remedy this you should uninstall Ansible from your system and pip install ansible.

Can't ssh to the host and are using Vagrant

This is due to how Vagrant works. Reboot the VM and you should be able to ssh into it.

How do I bypass having to supply the Vagrant user every run?

In your DebOps project directory edit your debops.cfg to look like this:

[ansible defaults]
private_key_file = ~/.vagrant.d/insecure_private_key
remote_user = vagrant
host_key_checking = False
Could not open a connection to your authentication agent

This commonly happens in a scenario where you're on your workstation and you have DebOps installed in a virtual machine and you run DebOps from within the virtual machine.

On your workstation run ssh-add and fix any permission issues. Then open or create ~/.ssh/config and add ForwardAgent yes to it. You must re-login at this point.

Now you will be able to ssh into your VM and run any plays without coming across that error. Just make sure you understand what agent forwarding does.

Role specific

debops.gitlab

The default login credentials

Gitlab creates a default root account for you when it gets setup, the credentials are:

Username: root
Password: 5iveL!fe

You should immediately change the password to something secure.

debops.postgresql

Unable to connect to the postgresql database

This is likely due to 1 of 2 things:

  • Your IP address is not set in the allowed list for that pg cluster.
  • The network interface is incorrect (it defaults to using br2).

Open your inventory and make sure your pg cluster settings look similar to this:

postgresql_default_cluster:
  - name: 'main'
    port: '5432'

    # Allow everyone to potentially connect to postgresql.
    listen_addresses: '0.0.0.0'
    # Let postgresql accept connections from this IP range.
    # You can pass in either a single address, IP range, or a group of hosts.
    hba:
      - address: '192.168.0.0/16'
        # Uncomment the line below if you're not using br2.
        #interface: 'eth0'
    # Only allow this range of IPs to connect through the firewall.
    # Feel free to add individual hosts here as well.
    allow:
      - '192.168.0.0/16'