-
Notifications
You must be signed in to change notification settings - Fork 116
Solutions to problems you may encounter
- Tasks are skipped when you're positive they shouldn't be skipped
- Error when gathering facts while running Ansible
- Randomly locked out of SSH with an SSH exchange error
- Containers are unable to ping external hosts
- 404s when trying to apt install packages
netaddrisn't found- Can't ssh to the host and are using Vagrant
- How do I bypass having to supply the Vagrant user every run?
- Could not open a connection to your authentication agent
Chances are you forgot to add the host to the inventory for the role that's being skipped. For example if you want to deploy a rails application and it gets skipped then you would add this to your inventory file:
[debops_rails_deploy]
yourhostname
Run the command with -vvvv and you will see that is likely due to SSH warning you that it may have detected a DNS spoofing attempt.
This occurs when you use the same container name as one that was previously deleted. The fix requires you to run this:
ssh-keygen -f "~/.ssh/known_hosts" -R YOURCONTAINERNAME
The ferm role will block ssh connections after you attempt to connect too many times in a row. This is a security precaution to prevent brute force attacks.
If you are testing things locally you may want to add this to:
inventory/group_vars/all.yml:
# White list your local network from ever being blocked.
sshd_allow: ['192.168.0.0/16']
Then re-run Ansible on all hosts: debops -t sshd.
The local IP address of your controller likely changed. You should turn on nat masquerading by adding this to your controller's inventory:
nat_masquerade: True
Then re-run Ansible on your controller:
debops -l ansible_controllers -t nat,lxc.
This is likely due to Debian's CDN not working. It does go out from time to time in certain regions. You can fix this by adding these lines to your group_vars/all.yml file.
# Replace the 'us' with whatever region you're in, find a list here:
# http://debian.mirrors.tds.net/pub/linux/debian/README.mirrors.html
apt_debian_http_mirror: 'ftp.us.debian.org'
lxc_template_debootstrap_mirror: 'http://{{ apt_debian_http_mirror }}/debian'
This commonly happens on OSX but can happen anywhere. For example if you installed Ansible with brew or another package manager and pip installed DebOps then the netaddr package won't be available to Ansible.
To remedy this you should uninstall Ansible from your system and pip install ansible.
This is due to how Vagrant works. Reboot the VM and you should be able to ssh into it.
In your DebOps project directory edit your debops.cfg to look like this:
[ansible defaults]
private_key_file = ~/.vagrant.d/insecure_private_key
remote_user = vagrant
host_key_checking = False
This commonly happens in a scenario where you're on your workstation and you have DebOps installed in a virtual machine and you run DebOps from within the virtual machine.
On your workstation run ssh-add and fix any permission issues. Then open or create ~/.ssh/config and add ForwardAgent yes to it. You must re-login at this point.
Now you will be able to ssh into your VM and run any plays without coming across that error. Just make sure you understand what agent forwarding does.
Gitlab creates a default root account for you when it gets setup, the credentials are:
Username: root
Password: 5iveL!fe
You should immediately change the password to something secure.
This is likely due to 1 of 2 things:
- Your IP address is not set in the allowed list for that pg cluster.
- The network interface is incorrect (it defaults to using br2).
Open your inventory and make sure your pg cluster settings look similar to this:
postgresql_default_cluster:
- name: 'main'
port: '5432'
# Allow everyone to potentially connect to postgresql.
listen_addresses: '0.0.0.0'
# Let postgresql accept connections from this IP range.
# You can pass in either a single address, IP range, or a group of hosts.
hba:
- address: '192.168.0.0/16'
# Uncomment the line below if you're not using br2.
#interface: 'eth0'
# Only allow this range of IPs to connect through the firewall.
# Feel free to add individual hosts here as well.
allow:
- '192.168.0.0/16'