I am following this post to install Packstack on my Centos8 server. Everything goes fine until I reach this install step - "packstack --answer-file /root/openstack-answer.txt". Here is the error;
...
...
Copying Puppet modules and manifests [ DONE ]
Applying 192.168.168.171_controller.pp
192.168.168.171_controller.pp: [ ERROR ]
Applying Puppet manifests [ ERROR ]
ERROR : Error appeared during Puppet run: 192.168.168.171_controller.pp
Error: Facter: error while resolving custom fact "rabbitmq_nodename": undefined method `[]' for nil:NilClass
You will find full trace in log /var/tmp/packstack/20210515-120855-k817cwco/manifests/192.168.168.171_controller.pp.log
Please check log file /var/tmp/packstack/20210515-120855-k817cwco/openstack-setup.log for more information
Additional information:
* Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS or FWaaS services. Geneve will be used as the encapsulation method for tenant networks
* Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
* File /root/keystonerc_admin has been created on OpenStack client host 192.168.168.171. To use the command line tools you need to source the file.
* To access the OpenStack Dashboard browse to http://192.168.168.171/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
Here is the openstack-setup.log
2021-05-15 12:08:56::INFO::shell::100::root:: [localhost] Executing script:
rm -rf /var/tmp/packstack/20210515-120855-k817cwco/manifests/*pp
2021-05-15 12:08:56::INFO::shell::100::root:: [localhost] Executing script:
mkdir -p ~/.ssh
chmod 500 ~/.ssh
grep 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn8amY2BL11DJlLFjnAgxseuUag93JnVXxmnUpiEvKC2GfYcMq6fEjdqlj5be70V1LRRP4dlHkp2HhkM3dWsp/sDVLUGJIXqwmI08QiEuW7JR35pfnATTf+aw2FgRf/0yvR4uH9oWXw2R909ZEPdqcpD8T72Cz4rAcJjWA3IdWilOIGGxCs3yLN7t2v7RAaIHwEsURiI8DWRo4LcvwMw1dMhd2S4HvFu98uv7Nqd16rdlWR3QpJHZFK/4JLxWtK/7/Bf/o4RFKNlOH+mRmRlaxiT1O//zlKglUtMY/YkhbUhrMGB/jJSq6sSRlyxeLHrhrT3V4AbChH56jEMDOXnGL07FFHvVtWzJv0chyEL1Dav7Ua8N1QfoaHcfskem0rWXgtCs3QZjQWde7rFSGRg1/7cQpb51n9ZdXZagPHhLRNNI/eTKA5C2ed8p/KK1S00PNHSub4BP8Jsw5eVhUZAjZG38YfS536tORo0ciYj42dkAAVIWI44X8psU8BirQotU= root#openstack.thomsoncodes.com' ~/.ssh/authorized_keys > /dev/null 2>&1 || echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn8amY2BL11DJlLFjnAgxseuUag93JnVXxmnUpiEvKC2GfYcMq6fEjdqlj5be70V1LRRP4dlHkp2HhkM3dWsp/sDVLUGJIXqwmI08QiEuW7JR35pfnATTf+aw2FgRf/0yvR4uH9oWXw2R909ZEPdqcpD8T72Cz4rAcJjWA3IdWilOIGGxCs3yLN7t2v7RAaIHwEsURiI8DWRo4LcvwMw1dMhd2S4HvFu98uv7Nqd16rdlWR3QpJHZFK/4JLxWtK/7/Bf/o4RFKNlOH+mRmRlaxiT1O//zlKglUtMY/YkhbUhrMGB/jJSq6sSRlyxeLHrhrT3V4AbChH56jEMDOXnGL07FFHvVtWzJv0chyEL1Dav7Ua8N1QfoaHcfskem0rWXgtCs3QZjQWde7rFSGRg1/7cQpb51n9ZdXZagPHhLRNNI/eTKA5C2ed8p/KK1S00PNHSub4BP8Jsw5eVhUZAjZG38YfS536tORo0ciYj42dkAAVIWI44X8psU8BirQotU= root#openstack.thomsoncodes.com >> ~/.ssh/authorized_keys
chmod 400 ~/.ssh/authorized_keys
restorecon -r ~/.ssh
2021-05-15 12:08:56::INFO::shell::100::root:: [192.168.168.171] Executing script:
rpm -q --whatprovides yum-utils || yum install -y yum-utils
2021-05-15 12:08:56::INFO::shell::49::root:: Executing command:
rpm -qa --qf='%{name}-%{version}-%{release}.%{arch}
' | grep centos-release-openstack
2021-05-15 12:09:10::INFO::shell::100::root:: [192.168.168.171] Executing script:
(rpm -q 'centos-release-openstack-ussuri' || yum -y install centos-release-openstack-ussuri) || true
2021-05-15 12:09:10::INFO::shell::49::root:: Executing command:
rpm -q rdo-release --qf='%{version}-%{release}.%{arch}
'
2021-05-15 12:09:10::INFO::shell::100::root:: [192.168.168.171] Executing script:
rpm -q --whatprovides yum-utils || yum install -y yum-utils
yum clean metadata
2021-05-15 12:09:11::INFO::shell::100::root:: [192.168.168.171] Executing script:
yum install -y puppet hiera openssh-clients tar nc rubygem-json
yum update -y puppet hiera openssh-clients tar nc rubygem-json
rpm -q --whatprovides puppet
rpm -q --whatprovides hiera
rpm -q --whatprovides openssh-clients
rpm -q --whatprovides tar
rpm -q --whatprovides nc
rpm -q --whatprovides rubygem-json
2021-05-15 12:09:38::INFO::shell::100::root:: [192.168.168.171] Executing script:
mkdir -p /var/tmp/packstack
mkdir --mode 0700 /var/tmp/packstack/18227dca781e48cda2db45952d159190
mkdir --mode 0700 /var/tmp/packstack/18227dca781e48cda2db45952d159190/modules
mkdir --mode 0700 /var/tmp/packstack/18227dca781e48cda2db45952d159190/resources
2021-05-15 12:09:38::INFO::shell::100::root:: [192.168.168.171] Executing script:
facter -p
2021-05-15 12:09:42::INFO::shell::100::root:: [192.168.168.171] Executing script:
[[ -f /etc/hiera.yaml ]] && [[ ! -L /etc/puppet/hiera.yaml ]] && ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml || echo "skipping creation of hiera.yaml symlink"
sed -i 's;:datadir:.*;:datadir: /var/tmp/packstack/18227dca781e48cda2db45952d159190/hieradata;g' $(puppet config print hiera_config)
2021-05-15 12:09:43::INFO::shell::100::root:: [192.168.168.171] Executing script:
vgdisplay cinder-volumes
2021-05-15 12:09:43::INFO::shell::100::root:: [localhost] Executing script:
ssh-keygen -t rsa -b 2048 -f "/var/tmp/packstack/20210515-120855-k817cwco/nova_migration_key" -N ""
2021-05-15 12:09:43::INFO::shell::100::root:: [localhost] Executing script:
ssh-keyscan 192.168.168.171
2021-05-15 12:09:43::INFO::shell::100::root:: [192.168.168.171] Executing script:
systemctl
2021-05-15 12:09:43::INFO::shell::100::root:: [192.168.168.171] Executing script:
systemctl is-enabled NetworkManager
2021-05-15 12:09:44::INFO::shell::100::root:: [192.168.168.171] Executing script:
systemctl is-active NetworkManager
2021-05-15 12:09:44::INFO::shell::100::root:: [192.168.168.171] Executing script:
echo $HOME
2021-05-15 12:09:44::INFO::shell::100::root:: [localhost] Executing script:
cd /var/tmp/packstack/20210515-120855-k817cwco/hieradata
tar --dereference -cpzf - ../hieradata | ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root#192.168.168.171 tar -C /var/tmp/packstack/18227dca781e48cda2db45952d159190 -xpzf -
cd /usr/lib/python3.6/site-packages/packstack/puppet
cd /var/tmp/packstack/20210515-120855-k817cwco/manifests
tar --dereference -cpzf - ../manifests | ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root#192.168.168.171 tar -C /var/tmp/packstack/18227dca781e48cda2db45952d159190 -xpzf -
cd /usr/share/openstack-puppet/modules
tar --dereference -cpzf - aodh apache ceilometer certmonger cinder concat firewall glance gnocchi heat horizon inifile ironic keystone magnum manila memcached mysql neutron nova nssdb openstack openstacklib oslo ovn packstack panko placement rabbitmq redis remote rsync sahara ssh stdlib swift sysctl systemd tempest trove vcsrepo vswitch xinetd | ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root#192.168.168.171 tar -C /var/tmp/packstack/18227dca781e48cda2db45952d159190/modules -xpzf -
2021-05-15 12:25:43::ERROR::run_setup::1062::root:: Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/packstack/installer/run_setup.py", line 1057, in main
_main(options, confFile, logFile)
File "/usr/lib/python3.6/site-packages/packstack/installer/run_setup.py", line 681, in _main
runSequences()
File "/usr/lib/python3.6/site-packages/packstack/installer/run_setup.py", line 648, in runSequences
controller.runAllSequences()
File "/usr/lib/python3.6/site-packages/packstack/installer/setup_controller.py", line 81, in runAllSequences
sequence.run(config=self.CONF, messages=self.MESSAGES)
File "/usr/lib/python3.6/site-packages/packstack/installer/core/sequences.py", line 109, in run
step.run(config=config, messages=messages)
File "/usr/lib/python3.6/site-packages/packstack/installer/core/sequences.py", line 50, in run
self.function(config, messages)
File "/usr/lib/python3.6/site-packages/packstack/plugins/puppet_950.py", line 215, in apply_puppet_manifest
wait_for_puppet(currently_running, messages)
File "/usr/lib/python3.6/site-packages/packstack/plugins/puppet_950.py", line 128, in wait_for_puppet
validate_logfile(log)
File "/usr/lib/python3.6/site-packages/packstack/modules/puppet.py", line 107, in validate_logfile
raise PuppetError(message)
packstack.installer.exceptions.PuppetError: Error appeared during Puppet run: 192.168.168.171_controller.pp
Error: Facter: error while resolving custom fact "rabbitmq_nodename": undefined method `[]' for nil:NilClass
You will find full trace in log /var/tmp/packstack/20210515-120855-k817cwco/manifests/192.168.168.171_controller.pp.log
2021-05-15 12:25:43::INFO::shell::100::root:: [192.168.168.171] Executing script:
rm -rf /var/tmp/packstack/18227dca781e48cda2db45952d159190
Here is the controller.pp.log
Error: Facter: error while resolving custom fact "rabbitmq_nodename": undefined method `[]' for nil:NilClass
Warning: The function 'hiera' is deprecated in favor of using 'lookup'. See https://puppet.com/docs/puppet/6.14/deprecated_language.html
(file & line not available)
Warning: /etc/puppet/hiera.yaml: Use of 'hiera.yaml' version 3 is deprecated. It should be converted to version 5
(file: /etc/puppet/hiera.yaml)
...
...
Notice: /Stage[main]/Swift/Swift_config[swift-hash/swift_hash_path_suffix]/value: value changed 2399ecebcf7a4128 to 00a7d595320749e9
Notice: /Stage[main]/Swift::Proxy::Authtoken/Swift_proxy_config[filter:authtoken/password]/value: value changed dc6fbb7c617a48c0 to e2187def7d184d58
Error: Systemd start for rabbitmq-server failed!
journalctl log for rabbitmq-server:
-- Logs begin at Sat 2021-05-15 11:54:15 CDT, end at Sat 2021-05-15 12:18:53 CDT. --
May 15 12:18:23 openstack systemd[1]: Starting RabbitMQ broker...
May 15 12:18:23 openstack rabbitmq-server[11773]: 2021-05-15 12:18:23 [warning] Both old (.config) and new (.conf) format config files exist.
May 15 12:18:23 openstack rabbitmq-server[11773]: Using the old format config file: /etc/rabbitmq/rabbitmq.config
May 15 12:18:23 openstack rabbitmq-server[11773]: Please update your config files to the new format and remove the old file.
May 15 12:18:53 openstack rabbitmq-server[11773]: ERROR: epmd error for host openstack: timeout (timed out)
May 15 12:18:53 openstack systemd[1]: rabbitmq-server.service: Main process exited, code=exited, status=1/FAILURE
May 15 12:18:53 openstack systemd[1]: rabbitmq-server.service: Failed with result 'exit-code'.
May 15 12:18:53 openstack systemd[1]: Failed to start RabbitMQ broker.
Error: /Stage[main]/Rabbitmq::Service/Service[rabbitmq-server]/ensure: change from 'stopped' to 'running' failed: Systemd start for rabbitmq-server failed!
journalctl log for rabbitmq-server:
-- Logs begin at Sat 2021-05-15 11:54:15 CDT, end at Sat 2021-05-15 12:18:53 CDT. --
May 15 12:18:23 openstack systemd[1]: Starting RabbitMQ broker...
May 15 12:18:23 openstack rabbitmq-server[11773]: 2021-05-15 12:18:23 [warning] Both old (.config) and new (.conf) format config files exist.
May 15 12:18:23 openstack rabbitmq-server[11773]: Using the old format config file: /etc/rabbitmq/rabbitmq.config
May 15 12:18:23 openstack rabbitmq-server[11773]: Please update your config files to the new format and remove the old file.
May 15 12:18:53 openstack rabbitmq-server[11773]: ERROR: epmd error for host openstack: timeout (timed out)
May 15 12:18:53 openstack systemd[1]: rabbitmq-server.service: Main process exited, code=exited, status=1/FAILURE
May 15 12:18:53 openstack systemd[1]: rabbitmq-server.service: Failed with result 'exit-code'.
May 15 12:18:53 openstack systemd[1]: Failed to start RabbitMQ broker.
Notice: /Stage[main]/Swift::Deps/Anchor[swift::config::end]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Swift::Deps/Anchor[swift::service::begin]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Keystone::Deps/Anchor[keystone::config::end]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keystone/Exec[keystone-manage fernet_setup]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keystone::Db::Mysql/Openstacklib::Db::Mysql[keystone]/Openstacklib::Db::Mysql::Host_access[keystone_%]/Mysql_user[keystone_admin#%]/password_hash: changed password
Notice: /Stage[main]/Keystone::Db::Mysql/Openstacklib::Db::Mysql[keystone]/Openstacklib::Db::Mysql::Host_access[keystone_127.0.0.1]/Mysql_user[keystone_admin#127.0.0.1]/password_hash: changed password
Notice: /Stage[main]/Keystone::Deps/Anchor[keystone::db::end]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keystone::Deps/Anchor[keystone::dbsync::begin]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keystone::Db::Sync/Exec[keystone-manage db_sync]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Keystone::Deps/Anchor[keystone::dbsync::end]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keystone::Bootstrap/Exec[keystone bootstrap]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keystone::Deps/Anchor[keystone::service::begin]: Triggered 'refresh' from 4 events
Warning: /Stage[main]/Apache::Service/Service[httpd]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Deps/Anchor[keystone::service::end]: Skipping because of failed dependencies
Warning: /Stage[main]/Gnocchi::Deps/Anchor[gnocchi::service::end]: Skipping because of failed dependencies
Warning: /Stage[main]/Aodh::Deps/Anchor[aodh::service::end]: Skipping because of failed dependencies
Warning: /Stage[main]/Placement::Deps/Anchor[placement::service::end]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Cron::Fernet_rotate/Cron[keystone-manage fernet_rotate]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone/Keystone_domain[Default]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone/Exec[restart_keystone]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone/Anchor[default_domain_created]: Skipping because of failed dependencies
Warning: /Stage[main]/Packstack::Keystone/Keystone_role[_member_]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Bootstrap/Keystone_role[admin]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Bootstrap/Keystone_user[admin]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Bootstrap/Keystone_tenant[services]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Bootstrap/Keystone_tenant[admin]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Bootstrap/Keystone_user_role[admin#admin]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Bootstrap/Keystone_service[keystone::identity]: Skipping because of failed dependencies
Warning: /Stage[main]/Keystone::Bootstrap/Keystone_endpoint[RegionOne/keystone::identity]: Skipping because of failed dependencies
Warning: /Stage[main]/Horizon::Deps/Anchor[horizon::service::end]: Skipping because of failed dependencies
Warning: /Stage[main]/Swift::Keystone::Auth/Keystone_role[SwiftOperator]: Skipping because of failed dependencies
Warning: /Stage[main]/Swift::Keystone::Auth/Keystone_role[ResellerAdmin]: Skipping because of failed dependencies
Warning: /Stage[main]/Heat::Keystone::Auth/Keystone_role[heat_stack_user]: Skipping because of failed dependencies
Warning: /Stage[main]/Heat::Keystone::Auth/Keystone_role[heat_stack_owner]: Skipping because of failed dependencies
Warning: /Stage[main]/Heat::Keystone::Domain/Keystone_domain[heat]: Skipping because of failed dependencies
Warning: /Stage[main]/Heat::Keystone::Domain/Keystone_user[heat_admin::heat]: Skipping because of failed dependencies
Warning: /Stage[main]/Heat::Keystone::Domain/Keystone_user_role[heat_admin::heat#::heat]: Skipping because of failed dependencies
Warning: /Stage[main]/Glance::Keystone::Auth/Keystone::Resource::Service_identity[glance]/Keystone_user[glance]: Skipping because of failed dependencies
Warning: /Stage[main]/Glance::Keystone::Auth/Keystone::Resource::Service_identity[glance]/Keystone_user_role[glance#services]: Skipping because of failed dependencies
Warning: /Stage[main]/Glance::Keystone::Auth/Keystone::Resource::Service_identity[glance]/Keystone_service[glance::image]: Skipping because of failed dependencies
Warning: /Stage[main]/Glance::Keystone::Auth/Keystone::Resource::Service_identity[glance]/Keystone_endpoint[RegionOne/glance::image]: Skipping because of failed dependencies
Warning: /Stage[main]/Glance::Deps/Anchor[glance::service::begin]: Skipping because of failed dependencies
Warning: /Stage[main]/Glance::Api/Service[glance-api]: Skipping because of failed dependencies
Warning: /Stage[main]/Glance::Registry/Service[glance-registry]: Skipping because of failed dependencies
Warning: /Stage[main]/Glance::Deps/Anchor[glance::service::end]: Skipping because of failed dependencies
Warning: /Stage[main]/Cinder::Keystone::Auth/Keystone::Resource::Service_identity[cinder]/Keystone_user[cinder]: Skipping because of failed dependencies
Warning: /Stage[main]/Cinder::Keystone::Auth/Keystone::Resource::Service_identity[cinder]/Keystone_user_role[cinder#services]: Skipping because of failed dependencies
Warning: /Stage[main]/Cinder::Keystone::Auth/Keystone::Resource::Service_identity[cinderv2]/Keystone_service[cinderv2::volumev2]: Skipping because of failed dependencies
Warning: /Stage[main]/Cinder::Keystone::Auth/Keystone::Resource::Service_identity[cinderv2]/Keystone_endpoint[RegionOne/cinderv2::volumev2]: Skipping because of failed dependencies
Warning: /Stage[main]/Cinder::Keystone::Auth/Keystone::Resource::Service_identity[cinderv3]/Keystone_service[cinderv3::volumev3]: Skipping because of failed dependencies
Warning: /Stage[main]/Cinder::Keystone::Auth/Keystone::Resource::Service_identity[cinderv3]/Keystone_endpoint[RegionOne/cinderv3::volumev3]: Skipping because of failed dependencies
Warning: /Stage[main]/Cinder::Deps/Anchor[cinder::service::end]: Skipping because of failed dependencies
Error: Could not prefetch cinder_type provider 'openstack': Could not authenticate
Error: Failed to apply catalog: Could not authenticate
I could see that people have experienced the similar issues but those solutions did not work for me. I also have done below steps.
Verify the hostname and host file
Opened the port or disabled the firewalld
Disabled the SELINUX
I changed hostname to openstack and here is my host file
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
<my-ip> openstack
I am not sure is that a hostname issue or firewall or anything else. I have been struggling this for quite sometime and a help would be greately appreciated
I met the same question.Maybe you can modify your /etc/hosts and add your hostname in it not openstack.
Related
I'm been learning how to use Packer this week on my home lab where I have an ESXi 7 host.
I'm simply trying to deploy a Ubuntu 18.04 VM however at the end of the build I get this error in the packer console:
sudo: no tty present and no askpass program specified
This is what I have done.
Build.json
Preseed.cfg
variables.json
Command I run:
sudo packer build -var-file=variables.json build.json
In ESXi I see the VM build and complete and reboot and it gets an IP and I get a SSH prompt briefly before Packer deletes the VM after I see the above message.
This is the full error:
==> Ubuntu-18.04: Connecting to VNC over websocket...
==> Ubuntu-18.04: Waiting 10s for boot...
==> Ubuntu-18.04: Typing the boot command over VNC...
==> Ubuntu-18.04: Waiting for SSH to become available...
==> Ubuntu-18.04: Connected to SSH!
==> Ubuntu-18.04: Provisioning with shell script: /tmp/packer-shell382031289
==> Ubuntu-18.04: sudo: no tty present and no askpass program specified
==> Ubuntu-18.04: Provisioning step had errors: Running the cleanup provisioner, if present...
==> Ubuntu-18.04: Stopping virtual machine...
==> Ubuntu-18.04: Destroying virtual machine...
Build 'Ubuntu-18.04' errored after 8 minutes 21 seconds: Script exited with non-zero exit status: 1.Allowed exit codes are: [0]
==> Wait completed after 8 minutes 21 seconds
==> Some builds didn't complete successfully and had errors:
--> Ubuntu-18.04: Script exited with non-zero exit status: 1.Allowed exit codes are: [0]
==> Builds finished but no artifacts were created.
What am I doing wrong?
You need to tell sudo to read from stdin like this:
echo 'password' | sudo -S echo "I am groot"
This way your sudo command should work.
I'm trying to start a redis server with the support for tls. Based on the documentation (https://redis.io/topics/rediscli) I execute this command:
redis-cli -a xxxxxxxxx --tls --cacert ../config/certs/test-ca.crt
But it return this error:
Unrecognized option or bad number of args for: '--tls'
My redis-cli version is 6.0.9
I can't figure out what am I missing. How can I fix this?
When you performed make of the redis, you should run as:
make BUILD_TLS=yes
Install dependencies
update package information from repo
sudo apt update
install build dependencies
sudo apt install -y build-essential pkg-config libssl-dev tcl libjemalloc-dev wget
Download and extract the redis-cli source file
download the package
wget http://download.redis.io/redis-stable.tar.gz
extract the package
tar xvzf redis-stable.tar.gz
go inside the extracted directory
cd redis-stable
Build with tls enabled
remove previously generated build files
make distclean
build with tls option
make BUILD_TLS=yes
Once completed you can validate the build and connect to Redis-server
validate the redis-cli
Redis-CLI -h localhost -p 6379 --tls
localhost:6379> INFO SSL
SSL
ssl_enabled:yes
ssl_current_certificate_not_before_date:Jul 27 00:00:00 2021 GMT
ssl_current_certificate_not_after_date:Aug 25 23:59:59 2022 GMT
ssl_current_certificate_serial:ABCDEFGKKSHDJKAHSD05A15BF008A57002E8
Code:
version: '2'
settings:
conductor_base: centos:7
services:
ansible.play_container:
from: "nginx_base"
roles:
nginx_container
ports:
"xxx"
user: root
command: ['app/xxx/docker-entrypoint.sh']
registries: {}```
OS/Environment :
Ansible Container, version 0.9.2
Linux, 3.10.0-327.13.1.el7.x86_64, #1 SMP Mon Feb 29 13:22:02 EST 2016, x86_64
2.7.5 (default, May 3 2017, 07:55:04)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] /usr/bin/python
Command used:
Sudo ansible-container --debug build
Error Log:
fatal: [ansible.nginx-container]: UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp/ansible-tmp-1512122910.09-221104636739910 `\" && echo ansible-tmp-1512122910.09-221104636739910=\"` echo ~/.ansible/tmp/ansible-tmp-1512122910.09-221104636739910 `\" ), exited with result 1, stderr output: Error response from daemon: Container c94048b2a046a9077fbff0558919ce55704e6b8634af611abe6ec2d58a2ccd18 is not running\n"
Please help in resolving the permissions error
I'd be happy to try to help, however there's a lot more information needed to triage your issue. If you'd be so kind as to try to clean up the formatting of your YAML above, include the output of ansible-container --debug version, and include the full debug output from your build with ansible-container --debug build - I'll be able to be of service. Thanks!
I'm new to Gitlab CI.
I tried to ssh and execute a ls command to check whether my gitlab CI configuration is correct or not.
Here's my .gitlab-ci.yml file configuration :
before_script:
- eval $(ssh-agent -s)
- apt-get update
- apt-get install sshpass
stage_deploy:
only:
- testing
script:
- sshpass -p $STAGING_PRIVATE_KEY ssh -p 20000 root#1.2.3.4 "ls"
Whenever I trigger the repository push, it always ends up with an Error Message ERROR: Job failed: exit code 1, here's the job result :
Running with gitlab-runner 10.2.0 (0a75cdd1)
on docker-auto-scale (e11ae361)
Using Docker executor with image ruby:2.1 ...
Using docker image sha256:9f27f70631c32ca0e5946c012e80704061ee559b30cb89e652c0936852e93e86 for predefined container...
Pulling docker image ruby:2.1 ...
Using docker image ruby:2.1 ID=sha256:223d1eaa9523fa64e78f5a92b701c9c11cbc507f0ff62246dbbacdae395ffea3 for build container...
section_start:1512460812:prepare_script
Running on runner-e11ae361-project-4813010-concurrent-0 via runner-e11ae361-srm-1512460662-97b95eb4...
section_end:1512460814:prepare_script
section_start:1512460814:get_sources
Cloning repository...
Cloning into '/builds/budiantoip/cicd-demo'...
Checking out dde5cdc4 as testing...
Skipping Git submodules setup
section_end:1512460816:get_sources
section_start:1512460816:restore_cache
section_end:1512460818:restore_cache
section_start:1512460818:download_artifacts
section_end:1512460819:download_artifacts
section_start:1512460819:build_script
$ eval $(ssh-agent -s)
Agent pid 11
$ apt-get update
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
Ign http://deb.debian.org jessie InRelease
Get:2 http://deb.debian.org jessie-updates InRelease [145 kB]
Get:3 http://deb.debian.org jessie Release.gpg [2373 B]
Get:4 http://deb.debian.org jessie Release [148 kB]
Get:5 http://security.debian.org jessie/updates/main amd64 Packages [588 kB]
Get:6 http://deb.debian.org jessie-updates/main amd64 Packages [23.2 kB]
Get:7 http://deb.debian.org jessie/main amd64 Packages [9063 kB]
Fetched 10.0 MB in 6s (1563 kB/s)
Reading package lists...
$ apt-get install sshpass
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
sshpass
0 upgraded, 1 newly installed, 0 to remove and 62 not upgraded.
Need to get 11.2 kB of archives.
After this operation, 65.5 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian/ jessie/main sshpass amd64 1.05-1 [11.2 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 11.2 kB in 0s (12.0 kB/s)
Selecting previously unselected package sshpass.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 21168 files and directories currently installed.)
Preparing to unpack .../sshpass_1.05-1_amd64.deb ...
Unpacking sshpass (1.05-1) ...
Setting up sshpass (1.05-1) ...
sshpass -p $STAGING_PRIVATE_KEY ssh root#1.2.3.4 "ls"
ERROR: Job failed: exit code 1
Any clue on what's going on?
What I think you're missing is the ~/.ssh/config file:
- mkdir -p ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
Have you tried the example provided by Gitlab themselves?
image: ruby:2.1
before_script:
# install ssh-agent
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
# run ssh-agent
- eval $(ssh-agent -s)
# add ssh key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
# disable host key checking (NOTE: makes you susceptible to man-in-the-middle attacks)
# WARNING: use only in docker container, if you use it with shell you will overwrite your user's ssh config
- mkdir -p ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
Test SSH:
script:
# try to connect to GitLab.com
- ssh git#gitlab.com
# try to clone yourself, the SSH_PRIVATE_KEY was added as deploy key to this repository
- git clone git#gitlab.com:gitlab-examples/ssh-private-key.git
This example is located here: https://gitlab.com/gitlab-examples/ssh-private-key/blob/master/.gitlab-ci.yml
Additionally, the docs provide more information about the SSH setup: https://docs.gitlab.com/ee/ci/ssh_keys/README.html
Did you intentionally replace your real server ip with 1.2.3.4 or was that the real configuration that you were using?
I think the problem is that the job failed is that it can not execute the last command
sshpass -p $STAGING_PRIVATE_KEY ssh -p 20000 root#1.2.3.4 "ls"
I am having trouble deploying using Capistrano using public key authentication. On windows, I have it configured to start an SSH agent automatically when I open my terminal.
Agent pid 4476
Enter passphrase for /c/Users/Lea/.ssh/id_rsa:
Identity added: /c/Users/Lea/.ssh/id_rsa (/c/Users/Lea/.ssh/id_rsa)
id_rsa is in my authorized_keys file on the server, and I use it all the time to ssh into it using ssh lea#web.3.
My Capfile is as follows:
require 'rubygems'
require 'railsless-deploy'
# application name
set :application, "site.com"
# multi-stage deploy
task :production do
set :branch, "master"
set :app_environment, "production"
role :web, "web.3", :primary => true
set :deploy_to, "/var/www/vhosts/site/site.com/"
end
task :dev do
set :branch, `git rev-parse HEAD`
set :app_environment, "development"
role :web, "web.3", :primary => true
set :deploy_to, "/var/www/vhosts/site/dev.site.com/"
end
# deploys remotely on SSH using deploy only key
set :repository, "git#bitbucket.org:us/site.git"
set :scm, :git
set :git_enable_submodules, 1
set :deploy_via, :remote_cache
# release configuration
set :use_sudo, false
set :keep_releases, 2
after "deploy:update", "deploy:cleanup"
# the web server user
set :user, "lea"
namespace :deploy do
task :migrate do
# do nothing
end
task :finalize_update, :except => { :no_release => true } do
transaction do
#run "chmod -R g+w #{release_path}"
run "echo '#{app_environment}' > #{release_path}/ENVIRONMENT"
end
end
task :restart, :except => { :no_release => true } do
# don't need to restart
end
end
When I run the deployment, it asks again for my id_rsa passphrase. Why does it ask when I already have the ssh agent running and the passphrase entered?
Following is the log of the cap dev deploy command. You can see where it asks my passphrase. Also note when I ssh into the server, it starts an ssh-agent there as well and loads a deployment_rsa key used for git (you can see these messages in the log).
$ cap dev deploy
DL is deprecated, please use Fiddle
* 2013-09-12 13:19:30 executing `dev'
* 2013-09-12 13:19:30 executing `deploy'
* 2013-09-12 13:19:30 executing `deploy:update'
** transaction: start
* 2013-09-12 13:19:30 executing `deploy:update_code'
updating the cached checkout on all servers
* executing "if [ -d /var/www/vhosts/site/dev.site.com/shared/cache
d-copy ]; then cd /var/www/vhosts/site/dev.site.com/shared/cached-cop
y && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard 33
09af4ac302a6c2dc46bcf36e877abbd8472988\\\n && git submodule -q init && git submo
dule -q sync && export GIT_RECURSIVE=$([ ! \"`git --version`\" \\< \"git version
1.6.5\" ] && echo --recursive) && git submodule -q update --init $GIT_RECURSIVE
&& git clean -q -d -x -f; else git clone -q git#bitbucket.org:us/v
entek.git /var/www/vhosts/site/dev.site.com/shared/cached-copy && cd
/var/www/vhosts/site/dev.site.com/shared/cached-copy && git checkout
-q -b deploy 3309af4ac302a6c2dc46bcf36e877abbd8472988 && git submodule -q init &
& git submodule -q sync && export GIT_RECURSIVE=$([ ! \"`git --version`\" \\< \"
git version 1.6.5\" ] && echo --recursive) && git submodule -q update --init $GI
T_RECURSIVE; fi"
servers: ["web.3"]
Enter passphrase for c:/Users/Lea/.ssh/id_rsa:
[web.3] executing command
** [web.3 :: out] Agent pid 11336
** [web.3 :: err] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 2300ms
copying the cached version to /var/www/vhosts/site/dev.site.com/r
eleases/20130912191939
* executing "cp -RPp /var/www/vhosts/site/dev.site.com/shared/cache
d-copy /var/www/vhosts/site/dev.site.com/releases/20130912191939 && (
echo 3309af4ac302a6c2dc46bcf36e877abbd8472988\\\n > /var/www/vhosts/us/dev.site.com/releases/20130912191939/REVISION)"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11442
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 751ms
* 2013-09-12 13:19:39 executing `deploy:finalize_update'
* executing "echo 'development' > /var/www/vhosts/site/dev.site.com
/releases/20130912191939/ENVIRONMENT"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11451
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 610ms
* 2013-09-12 13:19:40 executing `deploy:create_symlink'
* executing "rm -f /var/www/vhosts/site/dev.site.com/current && ln
-s /var/www/vhosts/site/dev.site.com/releases/20130912191939 /var/www
/vhosts/site/dev.site.com/current"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11460
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 621ms
** transaction: commit
triggering after callbacks for `deploy:update'
* 2013-09-12 13:19:41 executing `deploy:cleanup'
* executing "ls -xt /var/www/vhosts/site/dev.site.com/releases"
servers: ["web.3"]
[web.3] executing command
[err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh/dep
loyment_rsa)
command finished in 1186ms
** keeping 2 of 7 deployed releases
* executing "rm -rf /var/www/vhosts/site/dev.site.com/releases/2013
0906181120 /var/www/vhosts/site/dev.site.com/releases/20130912185329
/var/www/vhosts/site/dev.site.com/releases/20130912185937 /var/www/vhosts/site/dev.site.com/releases/20130912191939 /var/www/vhosts/us/dev.site.com/releases/11469"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11476
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 750ms
$
Now, my major problem is not with the passphrase. Every time I run capistrano it fails to authenticate 2 times for every deployment. I see this in the ssh log on the server, but no indication is given in Capistrano:
11:58:44 web3 sshd[1134]: Failed password for lea from [ip] port 42421 ssh2
11:58:56 web3 sshd[1134]: Failed password for lea from [ip] port 42421 ssh2
The server is running fail2ban which blocks my IP (for 10 minutes) after 5 failed authentications, meaning I get blocked out after running capistrano 3 times. This is a huge an unacceptable problem, and I have no idea why this would occur. Do you have any advice for how to troubleshoot this problem, or a solution?
Thanks!
I ended up solving this problem myself. I was being locked out of the server because Fail2ban was an old version.
When connecting to SSH, sshd does a reverse DNS lookup. My reverse DNS on the office internet was failing, and it was printing an error into the /var/logs/secure log file.
Address x.x.x.x maps to server.domain.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Fail2ban was recognizing this as a failed connection, and blocking my IP because of it. It was never a problem when connecting manually because that is infrequent, but when Capistrano makes several connections in a row it was triggering it.
I used the info here: https://github.com/fail2ban/fail2ban/pull/64 to solve the problem by removing the regular expression from the fail2ban config file.
Step 1:
Do you really need a passphrase for your keys? This kind of risk today is mitigated by full disk encryption products or use of truecrypt-ed USB sticks. Less PITA, and still passes your security manager's best practices.
That said:
http://blog.blenderbox.com/2013/02/20/ssh-agent-forwarding-with-github/
Try adding
ssh_options[:forward_agent] = true
to the capfile, not Deploy.rb