First of all, nice that there is an Ansible Playbook and a Vagrantfile to setup openfoodfoundation.

The problem is that it is not easy that way to integrate the roles into my Ansible setup. I already use other roles to manage various aspects of my servers so the current approach of ofn_deployment kind of conflicts with this. One way to solve this would be to move the currently "playbook centric" approach to a more "role centric" approach. And then publish the openfoodfoundation related roles individually.

Any suggestions for such an advanced user?

Second related hint: You don’t have to write common roles like Database setup or Webserver setup yourself. Have a look at the DebOps project for a set of high-quality roles for all the basics like this.

• Git repo from - https://github.com/openfoodfoundation/ofn-install/tree/ebc73d03be2c64b4b0a4197415e3e7b517bb767e
• Vagrant 1.9.3
• Ubuntu 14.04.5 LTS
• Ansible output - https://gist.github.com/jeronimo/199d2d305ce07f3f490297ad41e0cdcd
• /etc/letsencrypt is missing and /etc/opt is empty

Good day folks,

I get this error when I run install.yml. Please note I have appended // to #Your domain name

ansible-playbook install.yml -f 10
ERROR: Syntax Error while loading YAML script, /root/gwccoop-code/ofn_deployment/vars.yml
Note: The error may actually appear before this position: line 16, column 1

// # Your domain name - without http://www etc.
domain: 188.226.130.50
^

This is my vars.yml https://gist.github.com/r4mp4l/69078d3521714838f9f8#file-gwccoop-vars-yml

I found myself stopping unicorn and delayed_job to release all DB connections in Katuma's staging server and I found a bit annyoing that not all services are managed in the same way.

I'd be good to have a single way to manage them. That means that we should manage delayed_job with systemd like all the others.

Explore using rsync folder to synchronise current project files with the host system

This is now the default image on Digital Ocean. Obviously we can change to 14.04, but would it be worth testing an OFN install with 16.04 and using that, if it works ok?

cc @mkllnk @lin-d-hop

Currently it uses a seed.sh template to create a shell script that calls db:seed to generate an admin account, but the command that seems to be used for creating admin accounts is:

bundle exec rake spree_auth:admin:create

At least the current db:seed operation is not doing that.

See http://community.openfoodnetwork.org/t/open-source-free-ssl/466/3 for more info on how it can be done.

Hi,
we noticed that this role disappeared from both Ansible Galaxy and GitHub.

We opened an issue in other repo of the role owner that uses this disappeared role.

conorsch/ansible-digitalocean-vpn#4

Systems like Pantheon have workflow tools where database and files can be copied between dev - test - live easily. It would be helpful to have a way to do this more automatically and simply via ansible.

Its handled inside openfoodnetwork by whenever gem and config/schedule.rb.

Capturing the updates that are ongoing to the deployment scripts.

Now a chunk of work has been completed and changes are live at https://www.openfoodnetwork.co.uk/ (note this is not the main uk site, .co.uk instead of .org.uk).

This work is ready for a round of testing. In particular we need to test functionality around images (uploading, retrieving, replacing). maps (checking new enterprises appear as they should), payments to external payment gateways (paypal). This will require ensuring that Paypal sandbox is properly set up on this 'staging' server.

As discussed, do the benefits of doing this outweigh the drawbacks?

Alternative might be to use branches or tags? So we have a tag on this project to match a version of openfoodnetwork.

This is to build a vagrant box, happens in development, test and staging environments:

LoadError: cannot load such file -- open_food_network/searcher
/home/vagrant/.gem/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require'
/home/vagrant/.gem/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:251:in `block in require'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:236:in `load_dependency'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:251:in `require'
/home/vagrant/apps/openfoodnetwork/current/config/initializers/spree.rb:11:in `<top (required)>'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:245:in `load'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:245:in `block in load'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:236:in `load_dependency'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:245:in `load'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/engine.rb:593:in `block (2 levels) in <class:Engine>'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/engine.rb:592:in `each'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/engine.rb:592:in `block in <class:Engine>'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/initializable.rb:30:in `instance_exec'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/initializable.rb:30:in `run'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/initializable.rb:55:in `block in run_initializers'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/initializable.rb:54:in `each'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/initializable.rb:54:in `run_initializers'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/application.rb:136:in `initialize!'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/railtie/configurable.rb:30:in `method_missing'
/home/vagrant/apps/openfoodnetwork/current/config/environment.rb:5:in `<top (required)>'
/home/vagrant/.gem/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require'
/home/vagrant/.gem/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:251:in `block in require'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:236:in `load_dependency'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.19/lib/active_support/dependencies.rb:251:in `require'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/application.rb:103:in `require_environment!'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.19/lib/rails/application.rb:305:in `block (2 levels) in initialize_tasks'
/home/vagrant/.gem/ruby/1.9.1/gems/turbo-sprockets-rails3-0.3.6/lib/turbo-sprockets/tasks/assets.rake:184:in `block (2 levels) in <top (required)>'

I destroyed the previous dev server, checked out infrastructure and ran vagrant up which only does:

Bringing machine 'default' up with 'virtualbox' provider... ==> default: Importing base box 'ubuntu/trusty64'... ==> default: Matching MAC address for NAT networking... ==> default: Checking if box 'ubuntu/trusty64' is up to date... ==> default: Setting the name of the VM: ofn_deployment_default_1464238100539_37004 ==> default: Clearing any previously set forwarded ports... ==> default: Fixed port collision for 22 => 2222. Now on port 2200. ==> default: Clearing any previously set network interfaces... ==> default: Preparing network interfaces based on configuration... default: Adapter 1: nat default: Adapter 2: hostonly default: Adapter 3: hostonly default: Adapter 4: hostonly default: Adapter 5: hostonly ==> default: Forwarding ports... default: 80 (guest) => 8080 (host) (adapter 1) default: 22 (guest) => 2200 (host) (adapter 1) ==> default: Running 'pre-boot' VM customizations... ==> default: Booting VM... ==> default: Waiting for machine to boot. This may take a few minutes... default: SSH address: 127.0.0.1:2200 default: SSH username: vagrant default: SSH auth method: private key default: default: Vagrant insecure key detected. Vagrant will automatically replace default: this with a newly generated keypair for better security. default: default: Inserting generated public key within guest... default: Removing insecure key from the guest if it's present... default: Key inserted! Disconnecting and reconnecting using new SSH key... ==> default: Machine booted and ready! ==> default: Checking for guest additions in VM... default: The guest additions on this VM do not match the installed version of default: VirtualBox! In most cases this is fine, but in rare cases it can default: prevent things such as shared folders from working properly. If you see default: shared folder errors, please make sure the guest additions within the default: virtual machine match the version of VirtualBox you have installed on default: your host and reload your VM. default: default: Guest Additions Version: 4.3.36 default: VirtualBox Version: 5.0 ==> default: Configuring and enabling network interfaces... ==> default: Mounting shared folders... default: /vagrant => /Users/mikekilmer/Documents/Clients/UsFoodCoop/OpenFoodNetwork/ofn_deployment

Running vagrant up --debug produced a mind-numbing amount of output.

Vagrant provision doesn't seem to be doing anything. I looked through the docs again. I think I'm missing a configuration. Vars.yml is the same as my old one. Am I missing a configuration somewhere? Because it seems like none of the playbooks are being run.

The Readme.md and the example-vars.yml files both talk about files that should be put in the files directory but no such directory exists in the directory structure and the exact location of the (a?) files directory isn't specified. I suggest that a files directory be created so that it's really clear as to exactly where that directory should be. We could put a simple readme file in there that says something like Refer to the Readme.md and example-var.yml files for notes as to what files you should put into this directory. A readme like that will ensure that there's no problem with git copying/cloning an empty directory and also provide information about why the directory exists at all.
As someone new to Ansible myself, it wasn't obvious as to where the files directory should be. (I wondered if it should be in the same sub-directory as the .yml file that needed it, or one level up or...?)

Hi,
does anybody has any idea about why we need to create a .pgpass file in the home of the unicorn user?

I'm talking about this specific task: https://github.com/openfoodfoundation/ofn-install/blob/master/roles/dbserver/tasks/main.yml#L21

I don't think we use it in VPS instances, maybe Heroku or something else?

Hello,

Is a registered domain name essential? When I run the user.yml playbook I get the following errors:

In task TASK: [deploy | Create database if it doesnt exist] in /roles/deploy/tasks/main.yml I see:

changed: [default] => {"changed": true, "cmd": ["bash", "-lc", "bundle exec rake db:create RAILS_ENV=staging"], "delta": "0:00:16.116618", "end": "2014-11-21 10:56:03.243971", "item": "", "rc": 0, "start": "2014-11-21 10:55:47.127353", "stderr": "PG::Error: ERROR: encoding UTF8 does not match locale en_US\nDETAIL: The chosen LC_CTYPE setting requires encoding LATIN1.

S3 config needs to be entered via the admin interface, the yml file is no longer loaded.

Can I suggest transferring the ownership of this to openfoodfoundation? That way issues can be raised on that project - currently its just a fork.

Every time we run a rails related command we need to specify it and it's really annoying.

We should have RAILS_ENV exported with the given Rails environment.

It returns this output:

failed: [localhost] => {"connection": "keep-alive", "content": "<!DOCTYPE html>\n<html>\n<head>\n  <title>We're sorry, but something went wrong (500)</title>\n  <style type=\"text/css\">\n    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }\n    div.dialog {\n      width: 25em;\n      padding: 0 4em;\n      margin: 2em auto 0 auto;\n    }\n    a.go_home { \n      font-size: 100%; \n      color: black; \n      line-height: 1.5em; \n      text-decoration: none;\n      border-bottom: 1px dotted black;\n      padding: 0 0.2rem;\n    }\n    a.go_home:hover, a.go_home:focus, a.go_home:active{\n      background: #8f301d;\n      color: white;\n      border-bottom: none;\n    }\n  </style>\n</head>\n\n<body>\n  <!-- This file lives in public/500.html -->\n  <div class=\"dialog\">\n    <a href=\"/\" ><img src=\"/500.jpg\" /></a>\n    <p>We're sorry, but something went wrong. \n      <br>Try refreshing the page, or\n      <br><h3><a class=\"go_home\" href=\"/\" >Return home</a></h3>\n      <br>Want to let us know what went wrong? Email us at: \n      <h3>\n        <!-- Can we do .reverse ??\n        <a class=\"go_home\" href=\"mailto:[email protected]\" target=\"_blank\"></a>\n        -->\n        hello [at] openfoodnetwork.org\n      </h3>\n    </p>\n  </div>\n</body>\n</html>\n", "content_length": "1219", "content_type": "text/html", "date": "Mon, 12 Jan 2015 17:44:16 GMT", "etag": "\"54b4042b-4c3\"", "failed": true, "redirected": false, "server": "nginx/1.6.2 (Ubuntu)", "status": 504}
msg: Status code was not [200]

Transferring this issue from OFN UK Dev group and attaching link to errors in command line output at https://gist.github.com/aidandunsdon/c8ba12b4a9e0c088d14c

I am assisting Stroudco in the UK in transitioning to OFN. One of my first jobs has been to build a local dev environment in vagrant / virtual box using the Ansible playbooks from https://github.com/openfoodfoundation/ofn_deployment.
My first issue was that I am using a windows 7 machine which does not directly support Ansible. Fortunately I came across a working solution which uses a shell file to bootstrap the vagrant VM by installing Ansible on the guest and then letting ansible do the provisioning in local connection mode from the VM.
I had to install zzet.rbenv and mortik.nginx-rails from ansible-galaxy and copied the the UK seed files manually to the input files directory. The build seemed to get a long way through but fails after throwing an error message "Failed to lock apt for exclusive operation" (First appears at line 181 in attached command output file) . I googled this and found a recommendation to add a -s parameter to

sudo ansible-playbook -s /vagrant/install.yml --connection=local

which makes all plays sudo but to no avail. I would be grateful if you are able to shed any light on this as I feel that I am nearly there with building a dev server.

Many Thanks

Aidan

Command output at https://gist.github.com/aidandunsdon/c8ba12b4a9e0c088d14c

Change version to git_version

db_pass -> database_password

I'm testing this on vagrant - this line:

config.vm.network "private_network", type: "dhcp"

causes this error:

There are errors in the configuration of this machine. Please fix
the following errors and try again:

vm:
* An IP is required for a private network.
* Forwarded port '7891' (host port) is declared multiple times
with the protocol 'tcp'.
* An IP is required for a private network.

@rafaqz can you comment why that private_network line is needed?

Can't seem to get past this step on EC2 instance.

NOTIFIED: [webserver | restart unicorn step 2] ******************************** 
failed: [staging.usfoodcoop.org] => {"failed": true}
msg: Failed to stop unicorn_ofn_america.service: Interactive authentication required.
Failed to start unicorn_ofn_america.service: Interactive authentication required.

Tried replacing with raw: sudo systemctl restart unicorn_ofn_america.service, which succeeds, but - aside from the fact that user would have to replace the app name manually - seems to make unicorn inaccessible to the rails app which is of course not owned by root, causing .sock failed (111: Connection refused error.

I find a problem which may be related to SSH keys.
I followed the instruction to create and copy ssh keys; and to enable rootlogin as found here: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
I named the keyfile as ofn_rsa

This is my directory listing where my keys are stored.
root@ansible-gwccoop:~/gwccoop-code/ofn_deployment# ls -la ~/.ssh
total 28
drwx------ 2 root root 4096 Aug 3 16:53 .
drwx------ 6 root root 4096 Aug 3 12:38 ..
-rw------- 1 root root 1 Jul 30 17:22 authorized_keys
-rw-r--r-- 1 root root 222 Aug 3 12:37 known_hosts
-rw------- 1 root root 1679 Aug 3 12:43 ofn_rsa.pub
-rw-r--r-- 1 root root 402 Aug 3 12:43 ofn_rsa.pub.pub

I then run the install.yml playbook.

This is the stdout after running the install.yml playbook. Please advise on the next step.
Thank you.

..............
[WARNING]: It is unneccessary to use '{{' in loops, leave variables in loop
expressions bare.

PLAY [all] ********************************************************************

GATHERING FACTS **************************************************************
ESTABLISH CONNECTION FOR USER: ubuntu
EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', u'User=ubuntu', '-o', 'ConnectTimeout=10', '188.226.130.50', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1407099232.27-146330505160101 && chmod a+rx $HOME/.ansible/tmp/ansible-1407099232.27-146330505160101 && echo $HOME/.ansible/tmp/ansible-1407099232.27-146330505160101'"]
fatal: [188.226.130.50] => SSH encountered an unknown error. The output was:
OpenSSH_5.9p1 Debian-5ubuntu1.3, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/root/.ansible/cp/ansible-ssh-188.226.130.50-22-ubuntu" does not exist
debug2: ssh_connect: needpriv 0
debug1: Connecting to 188.226.130.50 [188.226.130.50] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 9999 ms remain after connect
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.3
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.3 pat OpenSSH
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.3
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "188.226.130.50" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 78:b5:9f:47:05:e9:e6:0a:78:0c:d1:77:f5:11:6a:79
debug3: load_hostkeys: loading entries for host "188.226.130.50" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '188.226.130.50' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password).

TASK: [common | Update apt] ***************************************************
FATAL: no hosts matched or all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
to retry, use: --limit @/root/install.retry

188.226.130.50 : ok=0 changed=0 unreachable=1 failed=0

I'm running the server (which loads with default: SSH address: 127.0.0.1:2222) from (apps/=app_name=/current/ like bundle exec rails server -b 0.0.0.0 and visit the site in the host machine at 127.0.0.1:3000, but the form actions and many of the links are resolving without the port number: http://127.0.0.1/admin/enterprises

Is there something obvious (or subtle) that I'm missing in the vagrant configuration, OFN config or the way I'm running the app?

The deploy scripts have different ways of accessing the database.

## local connection
# roles/dbserver/tasks/main.yml
psql -U postgres

## network connections
# roles/deploy/tasks/main.yml, roles/webserver/handlers/main.yml
psql -h {{ db_host }} -U {{ db_user }} -d {{ db }}

# roles/rollback/tasks/main.yml
psql -h {{ db_host }} -U {{ db_user }} {{ db }}

In the openfoodnetwork project:

## local connection
# script/ci/includes.sh
psql postgres

## network connections
# script/backup.sh
pg_dump -h localhost -U openfoodweb openfoodweb_production

# script/ci/load_staging_baseline.sh, script/ci/save_staging_baseline.sh
pg_dump -h "$DB_HOST" -U "$DB_USER" "$DB"
psql -h "$DB_HOST" -U "$DB_USER" "$DB"

# script/mirror_db.sh, script/restore.sh
pg_dump -h localhost -U $DB_USER $DB_DATABASE
psql -h localhost -U ofn open_food_network_test
psql -h localhost -U ofn open_food_network_dev

Which way to go?

Postgres has several ways of authenticating users, by password, by username or by system user. If we setup a local database, we can give the user running the app password-less access to the database. We don't need a host variable and we don't need a secret password. Additionally, the login via network should not be possible, increasing security.

The downside is that we have to change all these scripts if we want to have a separate database server. If we always configure the host and a password, you just have to change the credentials to switch the db server, not the scripts making the connection.

Ideally, we would have scripts that are flexible. If no host is set, don't append the -h option. If no user is set, don't use the -U option. I would assume that there is an Ansible role doing that already. It would probably be better anyway to use a more sophisticated role for calling psql commands.

port 22 isn't enabled on the VPS we're using, so in the staging file I had to add the ansible_port variable, as specified here. Possibly we will want to note that in the docs.

This is a smaller change that relates to #25.

The task "copy fix_pg_encoding PG script" failed with a german ubuntu

This change made it work 6874820

The file roles/dbserver/files/fix_pg_encoding.sql is a static file
Maybe it could become a template dynamically adding locale?

Currently to use ofn_deployment you have to put SSL certs in /files and define a vars.yml file with settings for just 1 domain. It would be great if one copy of the project could be used to manage staging and production with different inventory files.

• SSL certs could be put into subdirectores matching the rails_env var.
• Maybe vars.yml could be named according to the env too, or have some variables in a hash per env.

Currently the seed files are included manually in the ofn_deployment project. It would be better and more reliable to have the appropriate seed project as a variable and use ansible to include the files.

Paul, for some reason when I reloaded and reprovisioned the Vagrant server I'm getting, "The program 'rails' is currently not installed. To run 'rails' please ask your administrator to install the package 'rails'" when trying to run $ rails console.

I'm sure it's something silly I've forgotten, but can't seem to get it sorted out at the moment. Is provisioning supposed to install it and make it available on the command line?

By adding a post-receive hook to the repo.

Notes from Rohan:

monit daemon

check process openfoodnetwork_dj_worker_0
with pidfile /home/openfoodweb/apps/openfoodweb/current/tmp/pids/delayed_job.0.pid
start program = "/bin/bash -c 'RAILS_ENV=staging /home/openfoodweb/apps/openfoodweb/current/script/delayed_job.sh -i 0 start'"
as uid openfoodweb and gid openfoodweb
with timeout 120 seconds
stop program = "/bin/bash -c 'RAILS_ENV=staging /home/openfoodweb/apps/openfoodweb/current/script/delayed_job.sh -i 0 stop'"
as uid openfoodweb and gid openfoodweb
with timeout 120 seconds
if mem is greater than 250.0 MB for 3 cycles then restart
group dj_workers

script/delayed_job.sh

When you deploy, you need to restart delayed job also
RAILS_ENV=staging ./script/delayed_job -i 0 stop

There is a useful distinction between provisioning (run one to install dependencies) and deployment (run each time the app needs updating). Currently install.yml does both and "installation" suggests both provisioning and deployment.

Suggest it would be clearer to rename install.yml to provision.yml and only have it do provisioning, then deployment is a separate step.

not sure why yet:

/home/openfoodnetwork/apps/openfoodnetwork/current$ bundle exec rails server -b 0.0.0.0 The program 'bundle' is currently not installed. etc...

This is a follow up to the discussion started in openfoodfoundation/openfoodnetwork#1641

Here is where we install Bundler: https://github.com/openfoodfoundation/ofn-install/blob/master/roles/bundler/tasks/main.yml#L6

The db:seed rake task fails with:

PG::Error: ERROR: permission denied: "RI_ConstraintTrigger_30381" is a system trigger

According to matthuhiggins/foreigner#61 the Postresql's database adapter tries to disable all triggers (referential constraints are triggers internally). The only way I managed to overcome it is turning the db_user superuser.

I can't understand how this works in other environments.

Hello,

Is a registered domain name essential? When I run the user.yml playbook I get the following errors:

Begin error message -----
root@ansible-gwccoop:~/gwccoop-code/ofn_deployment# ansible-playbook user.yml -f 10 -vvvv
ERROR: Syntax Error while loading YAML script, /root/gwccoop-code/ofn_deployment/vars.yml
Note: The error may actually appear before this position: line 16, column 2

Your domain name - without http://www etc.

domain:
^

End ---

This is my vars.yml file:

User variables - we use vagrant for vagrant boxes and otherwise 'ubuntu' as it's a common default on systems where the user is allready set up.

user:root
user_pass:gvkdnjrvorki

Your domain name - without http://www etc.

domain:

Production and staging environments require SSL certificates and protocol set to https.

rails_env: development # production, staging, development or testing.

For https you will need to add server.crt and server.key files to the 'files' directory.

protocol: http # http or https

In the current playbooks, the hosts property is listed as "all". This is problematic if the /etc/ansible/hosts file contains other hosts not related to OFN. What about to define a group called ofn_servers or something for the hosts file to avoid this problem?

After I deployed the Canadian server, AWS wasn't set up (Image Settings as Spree admin). I have not tried to reproduce this. But it would be good to verify that this is working.

This is probably a configuration error and not a bug, so I hope it's okay to post here.

Getting error on Vagrant Up:

failed: [default] => {"changed": true, "cmd": ["bash", "-lc", "/home/vagrant/apps/pcolacoop/shared/config/seed.sh RAILS_ENV=test"], "delta": "0:00:33.402738", "end": "2015-09-01 04:56:20.873064", "rc": 1, "start": "2015-09-01 04:55:47.470326", "warnings": []}
stderr: stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
rake aborted!
NoMethodError: undefined method `name' for nil:NilClass
/home/vagrant/apps/pcolacoop/current/db/seeds.rb:24:in `<top (required)>'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.21/lib/active_support/dependencies.rb:245:in `load'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.21/lib/active_support/dependencies.rb:245:in `block in load'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.21/lib/active_support/dependencies.rb:236:in `load_dependency'
/home/vagrant/.gem/ruby/1.9.1/gems/activesupport-3.2.21/lib/active_support/dependencies.rb:245:in `load'
/home/vagrant/.gem/ruby/1.9.1/gems/railties-3.2.21/lib/rails/engine.rb:525:in `load_seed'
/home/vagrant/.gem/ruby/1.9.1/gems/activerecord-3.2.21/lib/active_record/railties/databases.rake:347:in `block (2 levels) in <top (required)>'
Tasks: TOP => db:seed
(See full trace by running task with --trace)
stdout: [db:seed] Seeding Spree
loading ruby /home/vagrant/.gem/ruby/1.9.1/bundler/gems/spree-afcc23e489eb/core/db/default/spree/countries.rb
loading ruby /home/vagrant/.gem/ruby/1.9.1/bundler/gems/spree-afcc23e489eb/core/db/default/spree/roles.rb
loading ruby /home/vagrant/.gem/ruby/1.9.1/bundler/gems/spree-afcc23e489eb/core/db/default/spree/states.rb
loading ruby /home/vagrant/.gem/ruby/1.9.1/bundler/gems/spree-afcc23e489eb/core/db/default/spree/zones.rb
loading ruby /home/vagrant/.gem/ruby/1.9.1/bundler/gems/spree_auth_devise-ba95589a8536/db/default/users.rb
Create the admin user (press enter for defaults).
Email [[email protected]]: Password [spree123]: 
Done!
Country is 
[db:seed] loading states yaml
States: [{"name"=>"Tasmania", "country_id"=>"12", "id"=>"101", "abbr"=>"Tas"}, {"name"=>"Victoria", "country_id"=>"12", "id"=>"102", "abbr"=>"Vic"}, {"name"=>"New South Wales", "country_id"=>"12", "id"=>"103", "abbr"=>"NSW"}, {"name"=>"ACT", "country_id"=>"12", "id"=>"104", "abbr"=>"ACT"}, {"name"=>"Queensland", "country_id"=>"12", "id"=>"105", "abbr"=>"QLD"}, {"name"=>"South Australia", "country_id"=>"12", "id"=>"106", "abbr"=>"SA"}, {"name"=>"Northern Territory", "country_id"=>"12", "id"=>"107", "abbr"=>"NT"}, {"name"=>"Western Australia", "country_id"=>"12", "id"=>"108", "abbr"=>"WA"}]
[db:seed] loading suburbs csv

FATAL: all hosts have already failed -- aborting

PLAY RECAP ******************************************************************** 
           to retry, use: --limit @/Users/username/install.retry

default                    : ok=72   changed=55   unreachable=0    failed=1 

I haven't used Spree before. Seeing that the [email protected] is referenced in the file spree/api/testing_support/helpers_decorator.rb and it doesn't look like it's something that needs to be configured. Had originally gotten this error using the US i10n repository, so was trying the AU one to see if the error was in the i10n repo.

Also is the output to retry, use: --limit @/Users/username/install.retry referring to: $ vagrant --limit provision? When I run that (or vagrant provision again), the output also includes

stderr: rake aborted! ActiveRecord::RecordInvalid: Validation failed: Name has already been taken

For some reason bugsnag does not with our current setup, the config isn't being pulled in.

test and development builds should have karma and phantom js installed, for using as a local dev environment and for testing on jenkins etc.