Thank you, Ian. It seems no error. Here are the results:
Bootstrap.yml
install-Docker.yml
Ok, so now try the secrets and the primero install commands
Dear Ian, here are they:
no error for secrets.yml
But it is the same error for - application-primero.yml --tags configure,start
The installDocker to the production server is completed at /opt/docker/bin
However, here at /opt/docker/bin - there is no any .yml file (as error said there is no file or directory for docker.compose.yml)
I am not sure how the the script running. Is it execute from deploy machine .primero/docker/ (which all .yml files there), to the production server or I have to put those yml files or install something at production server manually?
Thank you.
There are a couple of things which seem odd to me.
- Your production server which looks like it is 192.168.0.105 is a public world accessible address? I think 192.168.x.x is a private IP range
- You seem to be running everything as root. What is the reason for this?
Thank you for your checking, I am sorry that I didn’t tell you at the beginning - all these machines is my testing VMs. That’s why they have private IPs and no domain name. I am running as root because I found some lines need su privilege, so I use root in this testing environment . We will harden a real production server.
Do you think these may cause of the error ? It seems scripts ran fine between 2 machines until the install Primero with application-primero.yml which not found 2 files as shown in the above error screen.
Yes you need a FQDN. You should also use a normal user. This tutorial builds on the concepts from the original tutorial for 1.x series so take a look at setting up a simple cloud instance which is explained in the linked guide if you are just learning/testing.
I also added this warning to this post
Hello,
I followed all the steps of the guide but When I try to login, the page keep loading and I’m getting this error in the image below. The resources on https dosen’t load.
Please help me.
If you mess up and want to remove the docker volumes you can ssh in to the target and do
sudo -s
docker ps -a | grep -v CONTAINER | cut -d " " -f1 | xargs docker stop
docker ps -a | grep -v CONTAINER | cut -d " " -f1 | xargs docker rm
docker volume ls | cut -d " " -f6 | xargs docker volume rm
then run all the ansible-playbook commands again
Thank you so much! It works.
I had to uninstall the docker, ngnix and removed the certbot certificates that I had generated on the target machine.
After cleaning the target machine, I executed all the ansible-playbook commands again and the is solved.
Hi, I’ve been trying to follow through this while troubleshooting issues. My latest has me a little stumped.
The db won’t seed, it looks like the script is pointing to the wrong app root:
/srv/primero/application/db/configuration/system_settings/system_settings.rb:8:in create_or_update_system_setting' /srv/primero/application/db/configuration/system_settings/system_settings.rb:15:in <top (required)>’
/srv/primero/application/db/configuration/load_configuration.rb:32:in <top (required)>' /srv/primero/application/db/seeds.rb:1:in load’
/srv/primero/application/db/seeds.rb:1:in `<top (required)>’
Tasks: TOP => db:seed
the setup places primero in /srv/primero as root not /srv/primero/application (to be clear, there is no application folder in this location). I’ve tried adding the app_root environment variable and just adding a sym link as a workaround but neither worked. Any chance you could help me find the problem? The website is up but I can’t log in with the default credentials basically.
Thanks
So you cannot use private ips. It needs a public world reachable ip
Using external instances of Postgres and Solr.
Instead of using primero’s docker images of Postgres and Solr is it possible to use external installations?
We would like to use AlloyDB for Postgres and a already running Solr instance in Yeti. How is the config done on Ansible?
i got this error while trying to run ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml
cmd: /usr/bin/git clone --origin origin https://github.com/primeroIMS/primero.git /srv/primero
msg: 'fatal: destination path ''/srv/primero'' already exists and is not an empty directory.'
rc: 128
stderr: |-
fatal: destination path '/srv/primero' already exists and is not an empty directory.
stderr_lines: <omitted>
stdout: ''
stdout_lines: <omitted>
I think you have already cloned a repo in remote server. Can you please check and delete or clean the remote server and try deploying again
I am trying to install Primero on an Ubuntu server. Here is what I got:
(venv) ubuntu@VM-8-13-ubuntu:~/v2-deploy/primero/ansible$ ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml --private-key=/home/ubuntu/pem/Pri.pem
PLAY [all:localhost] **************************************************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************************************
ok: [localhost]
ok: [pri.primero-domain.cn]
TASK [application-primero : Copy Primero deployment private SSH key to remote host] ***********************************************************************************************************
skipping: [pri.primero-domain.cn]
skipping: [localhost]
TASK [application-primero : Checking for external certs on remote machine] ********************************************************************************************************************
ok: [localhost]
ok: [pri.primero-domain.cn]
TASK [application-primero : Checking for external certs (key) on remote machine] **************************************************************************************************************
ok: [localhost]
ok: [pri.primero-domain.cn]
TASK [application-primero : Fail if no external certs on remote machine] **********************************************************************************************************************
fatal: [pri.primero-domain.cn]: FAILED! => changed=false
msg: Remote machine missing external certs
fatal: [localhost]: FAILED! => changed=false
msg: Remote machine missing external certs
PLAY RECAP ************************************************************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
pri.primero-domain.cn : ok=3 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
Any idea how to fix this?
thanks
Jim
Hi Jim,
can you provide us with more information like, Which machine are you trying to deploy from? Can you ssh the remote server without password? Does the remote server has sudo less password less user? what is in your inventory file and lastly have you setup the secrets.yml file ?
yes. I created two cloud servers with Ubuntu 20.04 LTS to test this self-hosting procedures. One as target server with domain name resolved to it. another one as deployment server. I followed the instruction and was able to complete all the tasks till : ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml
Following is the content of inventory.yml :
all:
hosts:
pri.supportppp.cn:
ansible_user: ‘root’
primero_host: ‘pri.supportppp.cn’
primero_tag: ‘latest’
locale_all: ‘en,fr,ar’
always_pull: true,
# These 3 variables are used to drive the build task.
# Can be omitted if pulling images from Dockerhub
primero_repo_branch: ‘development_v2’
build_docker_tag: ‘latest’
build_docker_container_registry: ‘’
# If you want to seed from a private configuration repo
#primero_configuration_repo: ‘git@bitbucket.org:quoin/primero-x-configuration.git’
#primero_configuration_repo_branch: ‘master’
#primero_configuration_path: ‘directory/of/config/loader/script’
use_lets_encrypt: ‘true’
# The other certbot/lets_encrypt variables are optional. Include only if using Let's Encrypt
certbot_domain:
- '{{ primero_host }}'
certbot_email: 'jiyuansky@gmail.com'
lets_encrypt_domain: '{{ primero_host }}'
lets_encrypt_email: '{{ certbot_email }}'
# Different for self-signed certs
nginx_ssl_cert_path: '/etc/letsencrypt/live/primero/fullchain.pem'
nginx_ssl_key_path: '/etc/letsencrypt/live/primero/privkey.pem'
# Optionally parametrize Primero containers with other environment attributes.
# Do not use this dictionary for secrets!!!
environment_variables:
PRIMERO_DEFAULT_USERS: 'true' # Seed default users when using the managed Primero SaaS configs
# LOCALE_DEFAULT: 'ar' # Optionally override English as the default locale.
and here is the content of secrets.yml:
primero_secret_key_base: ‘gPQvy2dmmbF5RlKfKt1HB7OjRhkDTdL4’
primero_message_secret: ‘DAZFqhfAXrIQSpvdIpmiTB36uW4IfzSI’
postgres_password: ‘jcdSJKNGjqVT2H7u6A5QTYPCvFo95vao’
devise_secret_key: ‘lW1fDFbecPhQ7yfRAPSO1hi2lwnrx96D’
devise_jwt_secret_key: ‘Cc4eZuuKeqsbJZsv6llMcJbh14D4D5Dp’
I tried server times but still failed at this step.
There is one thing I need to let you know as well. I had to change the ansible version to 6.7.0 in the requirments.txt as I got error message says" ERROR: No matching distribution found for ansible==7.4.0 (from -r /home/ubuntu/Dev/v2-deploy/primero/ansible/requirements.txt (line 1))" when run bin/activate . following is what I have in the requirements.txt file
ansible==6.7.0
boto3==1.26.101
boto==2.49.0
ansible-lint==6.14.3
please advise.
thanks
Jim
and I was able to ssh the target server from the deployment server without password. One thing I am not clear, which account should I use to ssh the target server? any account? or the root account? in the inventory.yml provided in the instruction, ansible_user is root.
thanks
I tried again with a new domain name: www.ai4ertong.cn for this deployment. Following is what I got after the step- source …/venv/bin/activate and bootstrap
ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ source …/venv/bin/activate and bootstrap
(venv) ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ ansible-playbook bootstrap.yml
[WARNING]: Could not match supplied host pattern, ignoring: vpc
[WARNING]: Could not match supplied host pattern, ignoring: first_run
PLAY [!vpc:!first_run] *********************************************************************************************************************************
TASK [quoin.infrastructure.install_python3 : install Python version 3] *********************************************************************************
The authenticity of host ‘www.ai4ertong.cn (43.140.195.65)’ can’t be established.
ECDSA key fingerprint is SHA256:W3ac+WVWsg3GIKwWbCc3dp/dzLehWQsFx/b15yiUknQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
changed: [www.ai4ertong.cn]
PLAY [all:!first_run] **********************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_sudo : install sudo] ************************************************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.become_no_password : include_tasks] *****************************************************************************************
included: /home/ubuntu/Dev/v2-deploy/primero/ansible/ansible_collections/quoin/infrastructure/roles/become_no_password/tasks/family-debian.yml for www.ai4ertong.cn
TASK [quoin.infrastructure.become_no_password : Debian :: add root to the sudo group] ******************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.become_no_password : Debian :: disable the password requirement for sudo] ***************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.become_no_password : include_tasks] *****************************************************************************************
skipping: [www.ai4ertong.cn]
TASK [quoin.infrastructure.become_no_password : include_tasks] *****************************************************************************************
skipping: [www.ai4ertong.cn]
TASK [quoin.infrastructure.openssh_passwordauthentication_no : disable PasswordAuthentication] *********************************************************
ok: [www.ai4ertong.cn]
PLAY RECAP *********************************************************************************************************************************************
www.ai4ertong.cn : ok=7 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
(venv) ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ ansible-playbook install-docker.yml
PLAY [all] *********************************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************************
ok: [www.ai4ertong.cn]
TASK [manage-users : Ensure group primero exists] ******************************************************************************************************
ok: [www.ai4ertong.cn]
TASK [manage-users : create application container user] ************************************************************************************************
ok: [www.ai4ertong.cn]
TASK [manage-users : Ensure group nginx exists] ********************************************************************************************************
ok: [www.ai4ertong.cn]
TASK [manage-users : create nginx container user] ******************************************************************************************************
ok: [www.ai4ertong.cn]
TASK [manage-users : Remove primero from /etc/subuid] **************************************************************************************************
changed: [www.ai4ertong.cn]
TASK [manage-users : Remove primero from /etc/subgid] **************************************************************************************************
changed: [www.ai4ertong.cn]
TASK [manage-users : edit /etc/subuid for primero user mapping for docker containers] ******************************************************************
changed: [www.ai4ertong.cn]
TASK [manage-users : edit /etc/subuid for primero user mapping for docker containers] ******************************************************************
changed: [www.ai4ertong.cn]
TASK [manage-users : edit /etc/subgid for primero user mapping for docker containers] ******************************************************************
changed: [www.ai4ertong.cn]
TASK [manage-users : edit /etc/subgid for primero user mapping for docker containers] ******************************************************************
changed: [www.ai4ertong.cn]
TASK [manage-users : Adding existing ansible user root to application group] ***************************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.configure_journald : Create journal directory] ******************************************************************************
skipping: [www.ai4ertong.cn]
TASK [quoin.infrastructure.configure_journald : Set journal directory permissions] *********************************************************************
skipping: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_python3_virtualenv : include_tasks] *********************************************************************************
included: /home/ubuntu/Dev/v2-deploy/primero/ansible/ansible_collections/quoin/infrastructure/roles/install_python3_virtualenv/tasks/family-debian.yml for www.ai4ertong.cn
TASK [quoin.infrastructure.install_python3_virtualenv : Debian :: install Python 3 virtualenv] *********************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_python3_virtualenv : include_tasks] *********************************************************************************
skipping: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_python3_docker : create and upgrade the Docker virtualenv] **********************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_python3_docker : install pip names into the Docker virtualenv] ******************************************************
changed: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_python3_docker_compose : install the docker-compose package] ********************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : include_tasks] *********************************************************************************************
skipping: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : include_tasks] *********************************************************************************************
skipping: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : include_tasks] *********************************************************************************************
included: /home/ubuntu/Dev/v2-deploy/primero/ansible/ansible_collections/quoin/infrastructure/roles/install_docker/tasks/distribution-ubuntu.yml for www.ai4ertong.cn
TASK [quoin.infrastructure.install_docker : Ubuntu :: install apt-transport-https and ca-certificates] *************************************************
ok: [www.ai4ertong.cn] => (item=apt-transport-https)
ok: [www.ai4ertong.cn] => (item=ca-certificates)
TASK [quoin.infrastructure.install_docker : Ubuntu :: install Docker APT key] **************************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : Ubuntu :: install Docker APT repository] *******************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : install Docker] ********************************************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : create the /etc/docker directory] ************************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : create the /etc/docker/daemon.json file] *******************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : meta] ******************************************************************************************************
TASK [quoin.infrastructure.install_docker : start Docker] **********************************************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : add root to the docker group] **************************************************************************
ok: [www.ai4ertong.cn]
TASK [quoin.infrastructure.install_docker : meta] ******************************************************************************************************
PLAY RECAP *********************************************************************************************************************************************
www.ai4ertong.cn : ok=26 changed=7 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
(venv) ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml
PLAY [all:localhost] ***********************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************************
ok: [www.ai4ertong.cn]
ok: [localhost]
TASK [application-primero : Copy Primero deployment private SSH key to remote host] ********************************************************************
skipping: [www.ai4ertong.cn]
skipping: [localhost]
TASK [application-primero : Checking for external certs on remote machine] *****************************************************************************
fatal: [www.ai4ertong.cn]: FAILED! =>
msg: |-
The conditional check ‘use_external_certs == ‘true’’ failed. The error was: error while evaluating conditional (use_external_certs == ‘true’): ‘use_external_certs’ is undefined
The error appears to be in '/home/ubuntu/Dev/v2-deploy/primero/ansible/roles/application-primero/tasks/main.yml': line 14, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: 'Checking for external certs on remote machine'
^ here
fatal: [localhost]: FAILED! =>
msg: |-
The conditional check ‘use_external_certs == ‘true’’ failed. The error was: error while evaluating conditional (use_external_certs == ‘true’): ‘use_external_certs’ is undefined
The error appears to be in '/home/ubuntu/Dev/v2-deploy/primero/ansible/roles/application-primero/tasks/main.yml': line 14, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: 'Checking for external certs on remote machine'
^ here
PLAY RECAP *********************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
www.ai4ertong.cn : ok=1 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
appreciate if anyone can help on this.