While I'm learning Ansible, I started on my first role, which is to do a simple sudo apt-get update and upgrade.
---
- hosts: testing
remote_user: deploy
become: yes
tasks:
- name: run apt-get update
apt: update_cache=yes
- name: run apt-get upgrade
apt: upgrade=yes
However, some of my hosts have different logins or passwords or both, so I'm using group_vars to include the passwords**. I'm wondering how to properly set up my group_vars (most likely the incorrect one). Right now, when I run it, it fails after connecting, saying "failed to lock apt for exclusive operation" on the tasks.
Here's my site.yml (right now I have it on one group, vs all of them)
- name: apply common configuration to all nodes
hosts: testing
become: yes
roles:
- ubuntu-apt
And here's my /tasks/main.yml
---
- name: run apt-get update
apt: update_cache=yes
- name: run apt-get upgrade
apt: upgrade=yes
I've got group_vars for the testing group in /group_vars/testing/test.yml
---
ansible_ssh_user: deploy
ansible_become_user: deploy
ansible_become_pass: some_passw0rd
User deploy is in the sudoers group already, and like I mentioned above, it works when I run it as a single playbook. But because I want to have all my hosts with all their different login/passwords checked, I moved to using roles. I'm not quite sure where I've broken things.
In my site.yml file, I can't put remote_user: deploy since some of my logins aren't deploy and can be root or something else. I understand that the error I've received was because of not having sudo access, but isn't that what ansible_become_pass (aka ansible_sudo_pass) is for?
Here's the relevant output when I do ansible-playbook -i hosts site.yml -vvvv
<baseimage> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/risa/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=deploy -o ConnectTimeout=10 baseimage /bin/sh -c 'chmod a+r /tmp/ansible-tmp-1445020605.45-256546847307774/apt'
<baseimage> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/risa/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=deploy -o ConnectTimeout=10 baseimage /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=jkqtlmxhqvdyjguroyvjmfrroutwtnof] password: " -u deploy /bin/sh -c '"'"'echo BECOME-SUCCESS-jkqtlmxhqvdyjguroyvjmfrroutwtnof; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1445020605.45-256546847307774/apt'"'"''
failed: [baseimage] => {"failed": true, "parsed": false}
BECOME-SUCCESS-jkqtlmxhqvdyjguroyvjmfrroutwtnof
Traceback (most recent call last):
File "/tmp/ansible-tmp-1445020605.45-256546847307774/apt", line 2258, in <module>
main()
File "/tmp/ansible-tmp-1445020605.45-256546847307774/apt", line 554, in main
cache = apt.Cache()
File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 107, in __init__
self.open(progress)
File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 155, in open
self._list.read_main_list()
SystemError: E:Opening /etc/apt/sources.list.d/passenger.list - ifstream::ifstream (13: Permission denied)
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/rbatta/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 1553
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 4
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
From what I can tell, it's looking like my sudo password was passed through, but still saying permission denied?
**Note: I'm not worried about the passwords thing, since this is all testing and isn't being checked into any repo. Once I get this going, I can look into the vault thing, but I want to get this working first.