Unsafe repository error when trying to deploy monolith

Getting the error below when attempting the final steps in rebuilding an environment outlined in the following docs:

How To Rebuild a CommCareHQ environment — CommCareHQ Deployment documentation (commcare-cloud.readthedocs.io)

running the instructed git config safe.directory call still has error coming up. Selecting Y to proceed has process fail during pre-indexing everything stage:

Hi @nikotelhe

There are two separate issues here.

The first is the unsafe repository issue. The error is occurring because this part of the deploy is being run by the "ansible" user, and the repository is owned by the "cchq" user.

You can avoid the issue by running that "git config" command as the ansible user ... BUT you will get the same error the next time you run a deploy, because the directory name will have changed.

So you will need to configure the ansible user to trust all Git repositories. Here is how you do that:

$ su - ansible  # Use the same password as "Vault password for 'monolith'"
$ git config --global --add safe.directory '*'

(For cluster environments, SSH into the webworker VM(s) and run those commands there.) After that you should no longer get that error.

The second issue is happening because commcare-cloud is trying to send an email to "commcarehq-ops+admin@example.com" and "example.com" is a reserved domain name.

To fix this, edit ~/environments/monolith/public.yml and update the email addresses to the correct addresses for your organization.

Thanks for the quick feedback Norman. Issue one resolved and error message is gone

For issue two - these are the email settings i have in my public.yml file at present:

server_email: notifications@kuunika.org
default_from_email: notifications@kuunika.org
root_email: notifications@kuunika.org

Under localsettings:

EMAIL_SMTP_HOST: 'smtp.office365.com'

Any other settings i should look out for?

  • note that this instance was first deployed in Jan 2022 and so may have an older structure of this config file if any major changes have been made to it since then.

That looks right to me, and I think that's everything you need.

(I'm assuming that smtp.office365.com allows your machine to use it to send email. I don't know much about Office365.)

Thanks Norman,

Looking through the /var/mail log it looks like its trying to send an email using a combination of the server hostname and the local domain name which unfortunately are different from the Office 365 SMTP server login details.

Would failure to send this email cause a failure to deploy? The deploy process currently fails after it fails to send an email about preindexing still running to the email address.