Answers for industrious sysadmins


This part of the documentation is enhanced by all frequent and recurrent questions you can have about the on-premise installation, monitoring, exploitation.

Don’t forget we also have a discussion platform, to let you directly ask questions to us and our community. Feel free to use it by browsing

We provide support for on-premise installations mainly via email : Please indicate Toucan Toco version and forward the lastest logs (out.log, worker.log) when you are writing to us.

I have some troubles during the installation process or when I use the Toucan Toco app, how can I have support?

You can always send us your feedbacks and questions about the Toucan Toco stack to

If you meet issues during the installation of the Toucan Toco backend, don’t forget to send us:

  • the version of the backend you try to install
  • the full log trace of the installation process with the error

If you meet issues with the Toucan Toco app, don’t forget to send us:

  • the set of actions that leads to the error
  • the version of your browser
  • is it possible to reproduce the issue with another browser? and in a private browser tab?
  • the result of a status page ping: curl -A "Plop 4rQD3KzCxWzTYaRyp0NSEfd6" https://backend_domain/status
  • the current version of the frontend: curl https://frontend_domain/tucana-version.txt
  • all the application logs (they are stored in the directory app_log - set when you installed the stack)
  • all the Nginx logs (usually /var/log/nginx/)

When I launch the make fulldeploy stage=production, I’m stuck at the stage Check python version used by ansible, why?

As you may know, we use ansible 2.7.x to deploy the Toucan Toco backend stack.

However even if ansible 2.7.x can work with python 2.6 or above, for consistency we need to be sure you launch ansible with a python 3 version.

We strongly recommand to create a dedicated virtualenv to manage this point.

It’s pretty simple to create this virtualenv:

# Creates a virtualenv in <INSTALL_DIR> dedicated to our ansible installation
python3 -m venv <INSTALL_DIR>/ansible-2.7.8

# Activates this virtualenv
source <INSTALL_DIR>/ansible-2.7.8/bin/activate

# Install ansible 2.7.8
pip install ansible==2.7.8
# Install useful python modules
pip install requests httplib2

# Check ansible's version
ansible --version
# Should echo: ansible 2.7.8 and python 3

Then just relaunch the make fulldeploy stage=production command.

I can’t login to the Toucan Toco app, why?

In some cases, you can reach the Toucan Toco app with your browser, you know your IDs are good but you are not able to login.

First you need to be sure that your browser is able to reach the front-end and also the back-end servers.

Moreover please be sure there is no proxy, between the servers and your browser, which could remove some HTTP headers. Some of them are mandatory (like the authorization one) to use the Toucan Toco app. Please check with your IT team for more details.

This question has been asked in the following discourse thread: My client can’t login to a small app using her/his id/password.

How to use the shipping scripts with a proxy configuration?

You can easily add your proxy settings to the installation process:

make fulldeploy stage=production proxy-https= proxy-http=

Thus every commands during the installation will be run with your proxy configuration.

On Amazon with a RedHat distribution, I don’t have the epel-release package, what can I do?

epel-release package is mandatory to allow installation of packages that are not available in standard repositories.

On Amazon, you will need to enable it by running the following command:

sudo yum install –y

The installation process will check if the package is enabled and if not the process will fail.

Source: How do I enable the EPEL repository for my Amazon EC2 instance running Centos, RHEL, or Amazon Linux?

On my RedHat like, everything is installed and run but Nginx returns me a 502 for each call, what’s going on?

If your OS is from the RedHat family and your Nginx’s error log stores lines like the following one:

connect() to unix:/tmp/api-toucan.sock failed (2: No such file or directory) while connecting to upstream

If the socket file exists, you probably just need to change the directory where the socket is stored.

In your configuration file laputa/shipping/group_vars/production just add app_socket_dir: /your/path/dir, then redeploy.

The new path of the socket will be /your/path/dir/api-toucan.sock.

Source: serverfault :: nginx unix domain socket error

On my RedHat like, what about SELinux?

When you install Mongo with the shipping process it’s mandatory to set your SELINUX env to disabled or permissive.

More info could be found on SELinux User’s And Administrator’s Guide

The Ansible scripts are not able to upload scripts on the targeted node, why?

In some cases, Ansible is not able to copy the scripts on the distant node with the following issue:

FAILED => failed to transfer file to /a/given/path/

And even if the directory exists and is writable.

It directly depends of your SSH configuration but a quick workaround would be to add in laputa/ansible.cfg in the [ssh_connection] section:

scp_if_ssh = true

Thus you avoid to change your SSH configuration and you will be able to complete the shipping process.

More info could be found on official Ansible documentation

Check if the user is really sudo failed but my user is sudoer, why?

If the checking step Check if the user is really sudo failed even if your user is a sudoer, it’s probably because the sudo option requiretty is set.

You can manually check, if this option is set by running the following command:

$ ssh $YOUR_USER@$YOUR_HOSTNAME "sudo ls /tmp"
sudo: sorry, you must have a tty to run sudo

This explicit message shows you that you will need to disable this option to be able to launch the On-Premise installation process.

Is it possible to not run the Ansible shipping over SSH?

If you don’t want to run the Ansible scripts over SSH, it’s possible to run it locally.

The installation process is exactly the same, you only need to change laputa/shipping/hosts/production as following:

localhost ansible_connection=local

But don’t forget to launch the installation commands with the sudoer user, it’s still mandatory.

How can I specify my sudo password when installing the backend?

When you launch the installation process of the backend, some commands will be launch with sudo and by default the installation process assumes your user is able to run commands with sudo without specifying password.

If it’s not the case, you can launch the installation process as following:

make fulldeploy stage=production sudo-ansible=enable

You will obtain a prompt to specify your user password.

$ make fulldeploy stage=remote-dev sudo-ansible=enable
SUDO password:                                                                <<<<<<<<<<<<<<<<<<<<<<<<<<< specify the password

PLAY [Laputa Main Provisioning and Deployment] ********************************

GATHERING FACTS ***************************************************************
ok: []

The upgrade fails at the step [push_production | node_env - Install node dependencies]

In rare cases, a change in the server’s nodejs version can impact deeply how these node dependencies are installed. In these cases, the node package manager (npm) is unable to upgrade the installed packages.

This is solved by removing the <installation_dir>/shared/node_modules folder and restarting the upgrade.

Can I host frontend and backend servers on the same machine ?

Yes you can, you just need to configure your machine’s webserver to serve the two domaines associated respectively with the frontend and backend.

If you are using nginx on this machine, once you have succesfully installed the backend, just copy and paste the frontend vhost nginx configuration we provide to the /etc/nginx/sites-enabled/ directory.