Failed to lock apt for exclusive operation

George James

unread,

Apr 18, 2020, 8:05:02 AM4/18/20

to Ansible Project

I create a new user using ansible called `nginx`, `nginx` is part of the sudo group a, but when I try to do an apt install with this user I get the below error

```

: FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation"}

```

What is the cause of the error and how can it be fixed?

Stefan Hornburg (Racke)

unread,

Apr 18, 2020, 8:42:09 AM4/18/20

to ansible...@googlegroups.com

Please show your playbook.

Regards
Racke

>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com?utm_medium=email&utm_source=footer>.

--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

signature.asc

George James

unread,

Apr 18, 2020, 9:13:20 AM4/18/20

to Ansible Project

Hi Stefan, I have attached my playbook below



- name: Install Nginx Ubuntu
  hosts: web
  remote_user: "{{ NGINX_USER }}"
  become: yes
  become_method: sudo
  become_user: "{{ NGINX_USER }}"
  connection: ssh
  gather_facts: no
  vars:
    NGINX_VERSION: nginx-1.17.10
    NGINX_SBIN_PATH: /usr/sbin/
    NGINX_ERROR_LOG_PATH: /var/log/nginx/error.log
    NGINX_HTTP_LOG_PATH: /var/log/nginx/access.log
    NGINX_PID_PATH: /var/run/nginx.pid
  vars_files:
    - ../vars/global.yaml
  tasks:
    - name: Check if Nginx Exists
      stat: path=/etc/init.d/nginx
      register: nginx_status
      become: yes
    - name: Stop nginx Service
      service: name=nginx state=stopped
      when: nginx_status.stat.exists
      register: service_stopped
    - name: Make sure a systemd is not running
      systemd:
        state: stopped
        name: nginx
    - name: Install aptitude using apt
      apt:
        name: aptitude
        state: latest
        update_cache: yes
        force_apt_get: yes
    - name: Update apt repo
      apt:
        update_cache: yes
        cache_valid_time: 3600
    - name: Install required system packages
      apt: name={{ item }} state=latest update_cache=yes
      loop:
        [
          "build-essential",
          "libpcre3",
          "libpcre3-dev",
          "zlib1g",
          "zlib1g-dev",
          "libssl-dev",
        ]

On Saturday, April 18, 2020 at 4:42:09 PM UTC+4, Stefan Hornburg (Racke) wrote:

On 4/18/20 2:05 PM, George James wrote:
> I create a new user using ansible called `nginx`, `nginx` is part of the sudo group a, but when I try to do an apt
> install with this user I get the below error
>
> ```
> : FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation"}
> ```
>
> What is the cause of the error and how can it be fixed?

Please show your playbook.

Regards
Racke

>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to

> ansible...@googlegroups.com <mailto:ansible-project+unsub...@googlegroups.com>.

Stefan Hornburg (Racke)

unread,

Apr 18, 2020, 9:25:04 AM4/18/20

to ansible...@googlegroups.com

On 4/18/20 3:13 PM, George James wrote:
> Hi Stefan, I have attached my playbook below
>
>

Hello George,

you need to be superuser to install APT packages, but your become_user is "{{ NGINX_USER }}" which
is probably not root.

Regards
Racke

> |
>
>
> -name:InstallNginxUbuntu

> hosts:web
> remote_user:"{{ NGINX_USER }}"
> become:yes
> become_method:sudo
> become_user:"{{ NGINX_USER }}"
> connection:ssh
> gather_facts:no
> vars:
> NGINX_VERSION:nginx-1.17.10
> NGINX_SBIN_PATH:/usr/sbin/
> NGINX_ERROR_LOG_PATH:/var/log/nginx/error.log
> NGINX_HTTP_LOG_PATH:/var/log/nginx/access.log
> NGINX_PID_PATH:/var/run/nginx.pid
> vars_files:
> -../vars/global.yaml
> tasks:
> -name:CheckifNginxExists
> stat:path=/etc/init.d/nginx
> register:nginx_status
> become:yes

> -name:Stopnginx Service

> service:name=nginx state=stopped
> when:nginx_status.stat.exists
> register:service_stopped
> -name:Makesure a systemd isnotrunning
> systemd:
> state:stopped
> name:nginx
> -name:Installaptitude usingapt
> apt:
> name:aptitude
> state:latest
> update_cache:yes
> force_apt_get:yes

> -name:Updateapt repo

> apt:
> update_cache:yes
> cache_valid_time:3600

> -name:Installrequired system packages

> apt:name={{item }}state=latest update_cache=yes
> loop:
> [
> "build-essential",
> "libpcre3",
> "libpcre3-dev",
> "zlib1g",
> "zlib1g-dev",
> "libssl-dev",
> ]
> |
>
>
>
>
> On Saturday, April 18, 2020 at 4:42:09 PM UTC+4, Stefan Hornburg (Racke) wrote:
>
> On 4/18/20 2:05 PM, George James wrote:
> > I create a new user using ansible called `nginx`, `nginx` is part of the sudo group a, but when I try to do an apt
> > install with this user I get the below error
> >
> > ```
> > : FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation"}
> > ```
> >
> > What is the cause of the error and how can it be fixed?
>
> Please show your playbook.
>
> Regards
> Racke
>
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to

> > ansible...@googlegroups.com <javascript:> <mailto:ansible-proje...@googlegroups.com <javascript:>>.

> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com>
> >

> <https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com?utm_medium=email&utm_source=footer

> <https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to

> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/ansible-project/6b3010ea-35f1-4a0d-86bc-cd9245691bf8%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/6b3010ea-35f1-4a0d-86bc-cd9245691bf8%40googlegroups.com?utm_medium=email&utm_source=footer>.

signature.asc

George James

unread,

Apr 18, 2020, 9:41:36 AM4/18/20

to Ansible Project

Okay, sorry I am new to Ansible and all this is a bit confusing.

How do I set the super password, because now I change it to root, and even though I use the flag --ask-pass and pass in the password I now get the error `Missing sudo password`

- name: Install Nginx Ubuntu


  hosts: web
  remote_user: "{{ NGINX_USER }}"
  become: yes
  become_method:

 sudo
  become_user: root
  connection: ssh
  gather_facts: no


  vars:
    NGINX_VERSION: nginx-1.17.10
    NGINX_SBIN_PATH: /usr/sbin/
    NGINX_ERROR_LOG_PATH: /var/log/nginx/error.log
    NGINX_HTTP_LOG_PATH: /var/log/nginx/access.log
    NGINX_PID_PATH: /var/run/nginx.pid
  vars_files:


    - ../vars/global.yaml
  tasks:
    - name: Check if Nginx Exists


      stat: path=/etc/init.d/nginx
      register: nginx_status
      become:

 yes
    - name: Stop nginx Service


      service: name=nginx state=stopped
      when: nginx_status.stat.exists
      register:

 service_stopped
    - name: Make sure a systemd is not running
      systemd:
        state: stopped
        name: nginx
    - name: Install aptitude using apt
      apt:


        name: aptitude
        state: latest
        update_cache: yes
        force_apt_get: yes

And I run with this playbook with the command

ansible-playbook nginx_ubuntu_18_04/playbook.yaml -i hosts --ask-pass

But I now get the error

TASK [Check if Nginx Exists] ********************************************************************************************************************************************************************************************
fatal: [142.93.15.195]: FAILED! => {"msg": "Missing sudo password"}

> > ansible...@googlegroups.com <javascript:> <mailto:ansible-project+unsub...@googlegroups.com <javascript:>>.

> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com>
> >
> <https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/ansible-project/eca36773-19e9-48fc-b1e7-d93be6489de0%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to

> ansible...@googlegroups.com <mailto:ansible-project+unsub...@googlegroups.com>.

Stefan Hornburg (Racke)

unread,

Apr 18, 2020, 9:59:41 AM4/18/20

to ansible...@googlegroups.com

On 4/18/20 3:41 PM, George James wrote:
> Okay, sorry I am new to Ansible and all this is a bit confusing.
>
> How do I set the super password, because now I change it to root, and even though I use the flag --ask-pass and pass in
> the password I now get the error `Missing sudo password`
>

Hello George,

--ask-pass is for the SSH connection, --ask-become-pass for Sudo password.

Regards
Racke

> |
> -name:InstallNginxUbuntu
> hosts:web
> remote_user:"{{ NGINX_USER }}"
> become:yes
> become_method:sudo

> become_user:root

> connection:ssh
> gather_facts:no
> vars:
> NGINX_VERSION:nginx-1.17.10
> NGINX_SBIN_PATH:/usr/sbin/
> NGINX_ERROR_LOG_PATH:/var/log/nginx/error.log
> NGINX_HTTP_LOG_PATH:/var/log/nginx/access.log
> NGINX_PID_PATH:/var/run/nginx.pid
> vars_files:

> > > ansible...@googlegroups.com <javascript:> <mailto:ansible-proje...@googlegroups.com <javascript:>

> > ansible...@googlegroups.com <javascript:> <mailto:ansible-proje...@googlegroups.com <javascript:>>.

> > To view this discussion on the web visit

> > https://groups.google.com/d/msgid/ansible-project/6b3010ea-35f1-4a0d-86bc-cd9245691bf8%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/6b3010ea-35f1-4a0d-86bc-cd9245691bf8%40googlegroups.com>
> >
> <https://groups.google.com/d/msgid/ansible-project/6b3010ea-35f1-4a0d-86bc-cd9245691bf8%40googlegroups.com?utm_medium=email&utm_source=footer

> <https://groups.google.com/d/msgid/ansible-project/6b3010ea-35f1-4a0d-86bc-cd9245691bf8%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to

> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/ansible-project/020686c6-0dc7-470d-a3cb-0745371e059a%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/020686c6-0dc7-470d-a3cb-0745371e059a%40googlegroups.com?utm_medium=email&utm_source=footer>.

signature.asc

Dick Visser

unread,

Apr 18, 2020, 10:56:30 AM4/18/20

to ansible...@googlegroups.com

On Sat, 18 Apr 2020 at 15:41, George James <georgeo...@gmail.com> wrote:
>
> Okay, sorry I am new to Ansible and all this is a bit confusing.
>
> How do I set the super password, because now I change it to root, and even though I use the flag --ask-pass and pass in the password I now get the error `Missing sudo password`

Not sure what a "super password" is - but it indicates that you might
not have read the dedicated web page on Privilege escalation.
I would suggest doing that though:
https://docs.ansible.com/ansible/latest/user_guide/become.html.

--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

Reply all

Reply to author

Forward