6

I'm trying to write a simple Ansible Playbook, please look at snippets below. Using Ansible 2.4.0.0, Ubuntu 17.04, Python 2.7.13. This is my first time using Ansible and Playbooks so please don't be too harsh. What am I doing wrong?

playbook.yml

---
- name: install packages
  hosts: dbservers
  become: yes
  become_method: sudo
  become_user: user

  tasks:
  - name: Update repositories cache and install "python-minimal" package
  apt:
    name: python-minimal
    update_cache: yes

hosts file

 ---
 [dbservers]
 db ansible_host=127.0.0.1 ansible_port=22 ansible_user=user ansible_ssh_pass=pass ansible_become_pass=pass ansible_become_user=user

Command: ansible-playbook -i hosts playbook.yml -vvv

Command above returns following error: 

The full traceback is:
  File "/tmp/ansible_yozgsn/ansible_module_apt.py", line 287, in <module>
    import apt

fatal: [db]: FAILED! => {
    "changed": false, 
    "cmd": "apt-get update", 
    "failed": true, 
    "invocation": {
        "module_args": {
            "allow_unauthenticated": false, 
            "autoclean": false, 
            "autoremove": false, 
            "cache_valid_time": 0, 
            "deb": null, 
            "default_release": null, 
            "dpkg_options": "force-confdef,force-confold", 
            "force": false, 
            "force_apt_get": false, 
            "install_recommends": null, 
            "name": "python-minimal", 
            "only_upgrade": false, 
            "package": [
                "python-minimal"
            ], 
            "purge": false, 
            "state": "present", 
            "update_cache": true, 
            "upgrade": null
        }
    }, 
    "msg": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)", 
    "rc": 100, 
    "stderr": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)\n", 
    "stderr_lines": [
        "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)", 
        "E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)", 
        "E: Unable to lock directory /var/lib/apt/lists/", 
        "W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)", 
        "W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)"
    ], 
    "stdout": "Reading package lists...\n", 
    "stdout_lines": [
        "Reading package lists..."
    ]
}

Edit: If I connect through SSH to the same machine I can manually update apt-cache and install packages using same user (using sudo). If I run command 'whoami' inside Playbook it returns expected result (user name).

metalcamp
  • 526
  • 1
  • 6
  • 14
  • [Please read](https://stackoverflow.com/help/someone-answers) the [guide to asking questions on SO](https://stackoverflow.com/help/asking). You responded to each of these answers once, but apparently when you got your answer never came back and accepted one or answered outstanding questions to you (though you did edit as asked). – Paul Hodges Jul 20 '22 at 14:28

2 Answers2

7

If your user has sudo access, use become: -

tasks:
  - name: Update repositories cache and install "python-minimal" package
    become: yes
    apt:
      name: python-minimal
      update_cache: yes
Paul Hodges
  • 13,382
  • 1
  • 17
  • 36
  • If I use become: - then I get syntax error. I also tried to remove all become variables from both playbook and hosts (used in CLI) but it did not help. – metalcamp Oct 10 '17 at 14:55
  • Does your user have sudo privs? Can you log in and do this manually with success? – Paul Hodges Oct 10 '17 at 15:00
  • Please edit your original post to show that. You have to use sudo? What are the directory permissions? – Paul Hodges Oct 10 '17 at 15:48
7

I think you're confusing become_user and remote_user. remote_user is the user Ansible will use to ssh to the server and become_user is the user Ansible will switch to and run tasks while on the server. You can find out more about become_user and remote_user inside Ansible's docs.

So what's happening here is your playbook is trying to become the "user" user and install packages. It's not installing the packages as root which is what you need. To fix this you can either remove the become_user param from your playbook (become_user defaults as root) or you can add a become_user param to your task.

- name: Update repositories cache and install "python-minimal" package
  apt:
    name: python-minimal
    update_cache: yes
  become_user: root
kfreezy
  • 1,499
  • 12
  • 16
  • 2
    I don't have access to root user, I have sudoers user account. Is this the root of my problem? (no pun intended) :) – metalcamp Oct 10 '17 at 16:07
  • 1
    if you `sudo -l`, what commands do you have permission to run? I hope we don't have to tweak the ansible.cfg – Paul Hodges Oct 10 '17 at 16:18
  • 1
    You need to install packages as root. You might already have the access to do this - I'm not sure what sudoers user account means. `sudo -l` will tell us if you can or not. – kfreezy Oct 10 '17 at 17:01