Self Hosting Primero v2 - Installation

i got this error while trying to run ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml

 cmd: /usr/bin/git clone --origin origin https://github.com/primeroIMS/primero.git /srv/primero
  msg: 'fatal: destination path ''/srv/primero'' already exists and is not an empty directory.'
  rc: 128
  stderr: |-
    fatal: destination path '/srv/primero' already exists and is not an empty directory.
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>

I think you have already cloned a repo in remote server. Can you please check and delete or clean the remote server and try deploying again

I am trying to install Primero on an Ubuntu server. Here is what I got:
(venv) ubuntu@VM-8-13-ubuntu:~/v2-deploy/primero/ansible$ ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml --private-key=/home/ubuntu/pem/Pri.pem

PLAY [all:localhost] **************************************************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************************************
ok: [localhost]
ok: [pri.primero-domain.cn]

TASK [application-primero : Copy Primero deployment private SSH key to remote host] ***********************************************************************************************************
skipping: [pri.primero-domain.cn]
skipping: [localhost]

TASK [application-primero : Checking for external certs on remote machine] ********************************************************************************************************************
ok: [localhost]
ok: [pri.primero-domain.cn]

TASK [application-primero : Checking for external certs (key) on remote machine] **************************************************************************************************************
ok: [localhost]
ok: [pri.primero-domain.cn]

TASK [application-primero : Fail if no external certs on remote machine] **********************************************************************************************************************
fatal: [pri.primero-domain.cn]: FAILED! => changed=false
msg: Remote machine missing external certs
fatal: [localhost]: FAILED! => changed=false
msg: Remote machine missing external certs

PLAY RECAP ************************************************************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
pri.primero-domain.cn : ok=3 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0

Any idea how to fix this?

thanks
Jim

Hi Jim,

can you provide us with more information like, Which machine are you trying to deploy from? Can you ssh the remote server without password? Does the remote server has sudo less password less user? what is in your inventory file and lastly have you setup the secrets.yml file ?

yes. I created two cloud servers with Ubuntu 20.04 LTS to test this self-hosting procedures. One as target server with domain name resolved to it. another one as deployment server. I followed the instruction and was able to complete all the tasks till : ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml

Following is the content of inventory.yml :

all:
hosts:
pri.supportppp.cn:
ansible_user: ‘root’
primero_host: ‘pri.supportppp.cn’
primero_tag: ‘latest’
locale_all: ‘en,fr,ar’
always_pull: true,
# These 3 variables are used to drive the build task.
# Can be omitted if pulling images from Dockerhub
primero_repo_branch: ‘development_v2’
build_docker_tag: ‘latest’
build_docker_container_registry: ‘’
# If you want to seed from a private configuration repo
#primero_configuration_repo: ‘git@bitbucket.org:quoin/primero-x-configuration.git’
#primero_configuration_repo_branch: ‘master’
#primero_configuration_path: ‘directory/of/config/loader/script’
use_lets_encrypt: ‘true’

  # The other certbot/lets_encrypt variables are optional. Include only if using Let's Encrypt
  certbot_domain:
  - '{{ primero_host }}'
  certbot_email: 'jiyuansky@gmail.com'
  lets_encrypt_domain: '{{ primero_host }}'
  lets_encrypt_email: '{{ certbot_email }}'
  # Different for self-signed certs
  nginx_ssl_cert_path: '/etc/letsencrypt/live/primero/fullchain.pem'
  nginx_ssl_key_path: '/etc/letsencrypt/live/primero/privkey.pem'
  # Optionally parametrize Primero containers with other environment attributes.
  # Do not use this dictionary for secrets!!!
  environment_variables:
    PRIMERO_DEFAULT_USERS: 'true' # Seed default users when using the managed Primero SaaS configs
    # LOCALE_DEFAULT: 'ar' # Optionally override English as the default locale.

and here is the content of secrets.yml:
primero_secret_key_base: ‘gPQvy2dmmbF5RlKfKt1HB7OjRhkDTdL4’
primero_message_secret: ‘DAZFqhfAXrIQSpvdIpmiTB36uW4IfzSI’
postgres_password: ‘jcdSJKNGjqVT2H7u6A5QTYPCvFo95vao’
devise_secret_key: ‘lW1fDFbecPhQ7yfRAPSO1hi2lwnrx96D’
devise_jwt_secret_key: ‘Cc4eZuuKeqsbJZsv6llMcJbh14D4D5Dp’

I tried server times but still failed at this step.

There is one thing I need to let you know as well. I had to change the ansible version to 6.7.0 in the requirments.txt as I got error message says" ERROR: No matching distribution found for ansible==7.4.0 (from -r /home/ubuntu/Dev/v2-deploy/primero/ansible/requirements.txt (line 1))" when run bin/activate . following is what I have in the requirements.txt file

ansible==6.7.0
boto3==1.26.101
boto==2.49.0
ansible-lint==6.14.3

please advise.
thanks
Jim

and I was able to ssh the target server from the deployment server without password. One thing I am not clear, which account should I use to ssh the target server? any account? or the root account? in the inventory.yml provided in the instruction, ansible_user is root.

thanks

I tried again with a new domain name: www.ai4ertong.cn for this deployment. Following is what I got after the step- source …/venv/bin/activate and bootstrap

ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ source …/venv/bin/activate and bootstrap
(venv) ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ ansible-playbook bootstrap.yml
[WARNING]: Could not match supplied host pattern, ignoring: vpc
[WARNING]: Could not match supplied host pattern, ignoring: first_run

PLAY [!vpc:!first_run] *********************************************************************************************************************************

TASK [quoin.infrastructure.install_python3 : install Python version 3] *********************************************************************************
The authenticity of host ‘www.ai4ertong.cn (43.140.195.65)’ can’t be established.
ECDSA key fingerprint is SHA256:W3ac+WVWsg3GIKwWbCc3dp/dzLehWQsFx/b15yiUknQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
changed: [www.ai4ertong.cn]

PLAY [all:!first_run] **********************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_sudo : install sudo] ************************************************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.become_no_password : include_tasks] *****************************************************************************************
included: /home/ubuntu/Dev/v2-deploy/primero/ansible/ansible_collections/quoin/infrastructure/roles/become_no_password/tasks/family-debian.yml for www.ai4ertong.cn

TASK [quoin.infrastructure.become_no_password : Debian :: add root to the sudo group] ******************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.become_no_password : Debian :: disable the password requirement for sudo] ***************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.become_no_password : include_tasks] *****************************************************************************************
skipping: [www.ai4ertong.cn]

TASK [quoin.infrastructure.become_no_password : include_tasks] *****************************************************************************************
skipping: [www.ai4ertong.cn]

TASK [quoin.infrastructure.openssh_passwordauthentication_no : disable PasswordAuthentication] *********************************************************
ok: [www.ai4ertong.cn]

PLAY RECAP *********************************************************************************************************************************************
www.ai4ertong.cn : ok=7 changed=1 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

(venv) ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ ansible-playbook install-docker.yml

PLAY [all] *********************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************
ok: [www.ai4ertong.cn]

TASK [manage-users : Ensure group primero exists] ******************************************************************************************************
ok: [www.ai4ertong.cn]

TASK [manage-users : create application container user] ************************************************************************************************
ok: [www.ai4ertong.cn]

TASK [manage-users : Ensure group nginx exists] ********************************************************************************************************
ok: [www.ai4ertong.cn]

TASK [manage-users : create nginx container user] ******************************************************************************************************
ok: [www.ai4ertong.cn]

TASK [manage-users : Remove primero from /etc/subuid] **************************************************************************************************
changed: [www.ai4ertong.cn]

TASK [manage-users : Remove primero from /etc/subgid] **************************************************************************************************
changed: [www.ai4ertong.cn]

TASK [manage-users : edit /etc/subuid for primero user mapping for docker containers] ******************************************************************
changed: [www.ai4ertong.cn]

TASK [manage-users : edit /etc/subuid for primero user mapping for docker containers] ******************************************************************
changed: [www.ai4ertong.cn]

TASK [manage-users : edit /etc/subgid for primero user mapping for docker containers] ******************************************************************
changed: [www.ai4ertong.cn]

TASK [manage-users : edit /etc/subgid for primero user mapping for docker containers] ******************************************************************
changed: [www.ai4ertong.cn]

TASK [manage-users : Adding existing ansible user root to application group] ***************************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.configure_journald : Create journal directory] ******************************************************************************
skipping: [www.ai4ertong.cn]

TASK [quoin.infrastructure.configure_journald : Set journal directory permissions] *********************************************************************
skipping: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_python3_virtualenv : include_tasks] *********************************************************************************
included: /home/ubuntu/Dev/v2-deploy/primero/ansible/ansible_collections/quoin/infrastructure/roles/install_python3_virtualenv/tasks/family-debian.yml for www.ai4ertong.cn

TASK [quoin.infrastructure.install_python3_virtualenv : Debian :: install Python 3 virtualenv] *********************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_python3_virtualenv : include_tasks] *********************************************************************************
skipping: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_python3_docker : create and upgrade the Docker virtualenv] **********************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_python3_docker : install pip names into the Docker virtualenv] ******************************************************
changed: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_python3_docker_compose : install the docker-compose package] ********************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : include_tasks] *********************************************************************************************
skipping: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : include_tasks] *********************************************************************************************
skipping: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : include_tasks] *********************************************************************************************
included: /home/ubuntu/Dev/v2-deploy/primero/ansible/ansible_collections/quoin/infrastructure/roles/install_docker/tasks/distribution-ubuntu.yml for www.ai4ertong.cn

TASK [quoin.infrastructure.install_docker : Ubuntu :: install apt-transport-https and ca-certificates] *************************************************
ok: [www.ai4ertong.cn] => (item=apt-transport-https)
ok: [www.ai4ertong.cn] => (item=ca-certificates)

TASK [quoin.infrastructure.install_docker : Ubuntu :: install Docker APT key] **************************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : Ubuntu :: install Docker APT repository] *******************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : install Docker] ********************************************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : create the /etc/docker directory] ************************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : create the /etc/docker/daemon.json file] *******************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : meta] ******************************************************************************************************

TASK [quoin.infrastructure.install_docker : start Docker] **********************************************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : add root to the docker group] **************************************************************************
ok: [www.ai4ertong.cn]

TASK [quoin.infrastructure.install_docker : meta] ******************************************************************************************************

PLAY RECAP *********************************************************************************************************************************************
www.ai4ertong.cn : ok=26 changed=7 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0

(venv) ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml

PLAY [all:localhost] ***********************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************
ok: [www.ai4ertong.cn]
ok: [localhost]

TASK [application-primero : Copy Primero deployment private SSH key to remote host] ********************************************************************
skipping: [www.ai4ertong.cn]
skipping: [localhost]

TASK [application-primero : Checking for external certs on remote machine] *****************************************************************************
fatal: [www.ai4ertong.cn]: FAILED! =>
msg: |-
The conditional check ‘use_external_certs == ‘true’’ failed. The error was: error while evaluating conditional (use_external_certs == ‘true’): ‘use_external_certs’ is undefined

The error appears to be in '/home/ubuntu/Dev/v2-deploy/primero/ansible/roles/application-primero/tasks/main.yml': line 14, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: 'Checking for external certs on remote machine'
  ^ here

fatal: [localhost]: FAILED! =>
msg: |-
The conditional check ‘use_external_certs == ‘true’’ failed. The error was: error while evaluating conditional (use_external_certs == ‘true’): ‘use_external_certs’ is undefined

The error appears to be in '/home/ubuntu/Dev/v2-deploy/primero/ansible/roles/application-primero/tasks/main.yml': line 14, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: 'Checking for external certs on remote machine'
  ^ here

PLAY RECAP *********************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
www.ai4ertong.cn : ok=1 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0

appreciate if anyone can help on this.

If you are using lets encrypt you do not need external certs so can comment that out

How? in which file? thanks

I made some changes in the secretes.yml file.

primero_secret_key_base: ‘gPQvy2dmmbF5RlKfKt1HB7OjRhkDTdL4’
primero_message_secret: ‘DAZFqhfAXrIQSpvdIpmiTB36uW4IfzSI’
postgres_password: ‘jcdSJKNGjqVT2H7u6A5QTYPCvFo95vao’
devise_secret_key: ‘lW1fDFbecPhQ7yfRAPSO1hi2lwnrx96D’
devise_jwt_secret_key: ‘Cc4eZuuKeqsbJZsv6llMcJbh14D4D5Dp’
use_external_certs: ‘false’
primero_repo_branch: ‘development_v2’

and this is what I get now:

(venv) ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml

PLAY [all:localhost] ****************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************
ok: [localhost]
ok: [www.ai4ertong.cn]

TASK [application-primero : Copy Primero deployment private SSH key to remote host] *************************************************************
skipping: [www.ai4ertong.cn]
skipping: [localhost]

TASK [application-primero : Change primero folder owner] ****************************************************************************************
ok: [localhost]
ok: [www.ai4ertong.cn]

TASK [application-primero : Pull Primero from Git] **********************************************************************************************
fatal: [localhost]: FAILED! => changed=false
cmd: /usr/bin/git ls-remote GitHub - primeroIMS/primero: Primero is an application designed to help child protection workers and social workers in humanitarian and development contexts manage data on vulnerable children and survivors of violence. Please carefully read our LICENSE. If you would like access to the CPIMS+ and GBVIMS+ configurations, please contact: childprotectioninnovation@gmail.com -h refs/heads/development_v2
msg: ‘fatal: unable to access ‘‘GitHub - primeroIMS/primero: Primero is an application designed to help child protection workers and social workers in humanitarian and development contexts manage data on vulnerable children and survivors of violence. Please carefully read our LICENSE. If you would like access to the CPIMS+ and GBVIMS+ configurations, please contact: childprotectioninnovation@gmail.com’’: GnuTLS recv error (-110): The TLS connection was non-properly terminated.’
rc: 128
stderr: |-
fatal: unable to access ‘GitHub - primeroIMS/primero: Primero is an application designed to help child protection workers and social workers in humanitarian and development contexts manage data on vulnerable children and survivors of violence. Please carefully read our LICENSE. If you would like access to the CPIMS+ and GBVIMS+ configurations, please contact: childprotectioninnovation@gmail.com’: GnuTLS recv error (-110): The TLS connection was non-properly terminated.
stderr_lines:
stdout: ‘’
stdout_lines:
fatal: [www.ai4ertong.cn]: FAILED! => changed=false
cmd:

• /usr/bin/git
• fetch
• –tags
• origin
  msg: |-
  Failed to download remote objects and refs: fatal: unable to access ‘GitHub - primeroIMS/primero: Primero is an application designed to help child protection workers and social workers in humanitarian and development contexts manage data on vulnerable children and survivors of violence. Please carefully read our LICENSE. If you would like access to the CPIMS+ and GBVIMS+ configurations, please contact: childprotectioninnovation@gmail.com’: GnuTLS recv error (-110): The TLS connection was non-properly terminated.

PLAY RECAP **************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
www.ai4ertong.cn : ok=2 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0

please advise. thanks

The branch is main not development_v2

changed branch to main in the secrets.yml and still got error:

(venv) ubuntu@VM-8-10-ubuntu:~/Dev/v2-deploy/primero/ansible$ ansible-playbook application-primero.yml --tags “local-env” -e @secrets.yml

PLAY [all:localhost] *********************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************
ok: [localhost]
ok: [www.ai4ertong.cn]

TASK [application-primero : Copy Primero deployment private SSH key to remote host] ******************************************************************************************************************************************
skipping: [www.ai4ertong.cn]
skipping: [localhost]

TASK [application-primero : Change primero folder owner] *********************************************************************************************************************************************************************
ok: [localhost]
ok: [www.ai4ertong.cn]

TASK [application-primero : Pull Primero from Git] ***************************************************************************************************************************************************************************
changed: [localhost]
fatal: [www.ai4ertong.cn]: FAILED! => changed=false
cmd:

• /usr/bin/git
• fetch
• –tags
• origin
  msg: |-
  Failed to download remote objects and refs: fatal: unable to access ‘GitHub - primeroIMS/primero: Primero is an application designed to help child protection workers and social workers in humanitarian and development contexts manage data on vulnerable children and survivors of violence. Please carefully read our LICENSE. If you would like access to the CPIMS+ and GBVIMS+ configurations, please contact: childprotectioninnovation@gmail.com’: GnuTLS recv error (-110): The TLS connection was non-properly terminated.

TASK [application-primero : create the local.env file] ***********************************************************************************************************************************************************************
ok: [localhost]

TASK [application-primero : Change primero folder owner] *********************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => changed=false
gid: 0
group: root
mode: ‘0755’
msg: ‘chown failed: failed to look up user primero’
owner: root
path: /srv/primero/
size: 4096
state: directory
uid: 0

PLAY RECAP *******************************************************************************************************************************************************************************************************************
localhost : ok=4 changed=1 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
www.ai4ertong.cn : ok=2 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0

It looks like it cannot clone the github repo for some reason. The machine is remote with no firewall and a fully qualified domain name, right?