0

I am trying to incrementally test changes to an ansible playbook using a GitHub workflow and I don't understand differences between the GitHub execution and my local execution.

In particular, I cannot reproduce Unable to install package: E:Invalid archive signature locally.

My ansible workbook succeeds When I run manually in the Docker container or when I run the GitHub workflow in the Docker container or when I run with https://github.com/nektos/act.

The playbook role in question is this tasks/main.yml:

---

- name: Ensure Download directory exists for new user
  file:
    path: "/home/{{ ansible_user }}/Downloads"
    state: directory
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
  become: True

- name: Copy hamachi installation package
  copy:
    src: logmein-hamachi_{{ hamachi_version }}.deb
    dest: /home/{{ ansible_user }}/Downloads/logmein-hamachi_{{ hamachi_version }}.deb
  when: ansible_architecture == "x86_64"

- name: Install hamachi client
  apt:
    deb: /home/{{ ansible_user }}/Downloads/logmein-hamachi_{{ hamachi_version }}.deb
  become: yes
  when: ansible_architecture == "x86_64"

I have verified that the docker container already has xz-utils insntalled as mentioned at Problems installing a Debian package (.deb) using Ansible.

When I run this locally in the docker container with -vvv, I see this in the ansible output:

TASK [vpn : Install hamachi client] *******************************************************************************
task path: /home/provisioning/playbooks/roles/vpn/tasks/main.yml:23
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: test
<localhost> EXEC /bin/sh -c 'echo ~test && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/test/.ansible/tmp `"&& mkdir "` echo /home/test/.ansible/tmp/ansible-tmp-1668021230.6183019-245-83644077654096 `" && echo ansible-tmp-1668021230.6183019-245-83644077654096="` echo /home/test/.ansible/tmp/ansible-tmp-1668021230.6183019-245-83644077654096 `" ) && sleep 0'
Using module file /usr/local/lib/python3.8/dist-packages/ansible/modules/packaging/os/apt.py
<localhost> PUT /home/test/.ansible/tmp/ansible-local-80nusit3ik/tmpayo1d58t TO /home/test/.ansible/tmp/ansible-tmp-1668021230.6183019-245-83644077654096/AnsiballZ_apt.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/test/.ansible/tmp/ansible-tmp-1668021230.6183019-245-83644077654096/ /home/test/.ansible/tmp/ansible-tmp-1668021230.6183019-245-83644077654096/AnsiballZ_apt.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xyvhbftopsgzbybndqqgsywvyjsxzlha ; /usr/bin/python3 /home/test/.ansible/tmp/ansible-tmp-1668021230.6183019-245-83644077654096/AnsiballZ_apt.py'"'"' && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/test/.ansible/tmp/ansible-tmp-1668021230.6183019-245-83644077654096/ > /dev/null 2>&1 && sleep 0'
changed: [localhost] => {
    "changed": true,
    "diff": {
        "prepared": "Selecting previously unselected package logmein-hamachi.\n(Reading database ... 123267 files and directories currently installed.)\nPreparing to unpack .../logmein-hamachi_2.1.0.203-1_amd64.deb ...\nUnpacking logmein-hamachi (2.1.0.203-1) ...\nSetting up logmein-hamachi (2.1.0.203-1) ...\nStarting LogMeIn Hamachi VPN tunneling engine logmein-hamachi\nstarting - success\nProcessing triggers for systemd (245.4-4ubuntu3.18) ..."
    },
    "invocation": {
        "module_args": {
            "allow_unauthenticated": false,
            "autoclean": false,
            "autoremove": false,
            "cache_valid_time": 0,
            "deb": "/home/test/Downloads/logmein-hamachi_2.1.0.203-1_amd64.deb",
            "default_release": null,
            "dpkg_options": "force-confdef,force-confold",
            "force": false,
            "force_apt_get": false,
            "install_recommends": null,
            "only_upgrade": false,
            "package": null,
            "policy_rc_d": null,
            "purge": false,
            "state": "present",
            "update_cache": null,
            "upgrade": null
        }
    },
    "stderr": "",
    "stderr_lines": [],
    "stdout": "Selecting previously unselected package logmein-hamachi.\n(Reading database ... 123267 files and directories currently installed.)\nPreparing to unpack .../logmein-hamachi_2.1.0.203-1_amd64.deb ...\nUnpacking logmein-hamachi (2.1.0.203-1) ...\nSetting up logmein-hamachi (2.1.0.203-1) ...\nStarting LogMeIn Hamachi VPN tunneling engine logmein-hamachi\nstarting - success\nProcessing triggers for systemd (245.4-4ubuntu3.18) ...\n",
    "stdout_lines": [
        "Selecting previously unselected package logmein-hamachi.",
        "(Reading database ... 123267 files and directories currently installed.)",
        "Preparing to unpack .../logmein-hamachi_2.1.0.203-1_amd64.deb ...",
        "Unpacking logmein-hamachi (2.1.0.203-1) ...",
        "Setting up logmein-hamachi (2.1.0.203-1) ...",
        "Starting LogMeIn Hamachi VPN tunneling engine logmein-hamachi",
        "starting - success",
        "Processing triggers for systemd (245.4-4ubuntu3.18) ..."
    ]
}
META: ran handlers
META: ran handlers

When it runs on GitHub, I instead see:

TASK [vpn : Install hamachi client] ********************************************
task path: /__w/provisioning/provisioning/playbooks/roles/vpn/tasks/main.yml:23
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: test
<localhost> EXEC /bin/sh -c 'echo ~test && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/test/.ansible/tmp `"&& mkdir "` echo /home/test/.ansible/tmp/ansible-tmp-1668021055.5272934-194-25666056901473 `" && echo ansible-tmp-1668021055.5272934-194-25666056901473="` echo /home/test/.ansible/tmp/ansible-tmp-1668021055.5272934-194-25666056901473 `" ) && sleep 0'
Using module file /usr/local/lib/python3.8/dist-packages/ansible/modules/packaging/os/apt.py
<localhost> PUT /github/home/.ansible/tmp/ansible-local-29l26pmsan/tmpgdik1b9e TO /home/test/.ansible/tmp/ansible-tmp-1668021055.5272934-194-25666056901473/AnsiballZ_apt.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/test/.ansible/tmp/ansible-tmp-1668021055.5272934-194-25666056901473/ /home/test/.ansible/tmp/ansible-tmp-1668021055.5272934-194-25666056901473/AnsiballZ_apt.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ojrlohnifjpvkipcgubozeiflqswtqli ; /usr/bin/python3 /home/test/.ansible/tmp/ansible-tmp-1668021055.5272934-194-25666056901473/AnsiballZ_apt.py'"'"' && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/test/.ansible/tmp/ansible-tmp-1668021055.5272934-194-25666056901473/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_apt_payload_xhq7uxgw/ansible_apt_payload.zip/ansible/modules/packaging/os/apt.py", line 715, in install_deb
  File "/usr/lib/python3/dist-packages/apt/debfile.py", line 77, in __init__
    self.open(filename)
  File "/usr/lib/python3/dist-packages/apt/debfile.py", line 87, in open
    self._debfile = apt_inst.DebFile(self.filename)
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_unauthenticated": false,
            "autoclean": false,
            "autoremove": false,
            "cache_valid_time": 0,
            "deb": "/home/test/Downloads/logmein-hamachi_2.1.0.203-1_amd64.deb",
            "default_release": null,
            "dpkg_options": "force-confdef,force-confold",
            "force": false,
            "force_apt_get": false,
            "install_recommends": null,
            "only_upgrade": false,
            "package": null,
            "policy_rc_d": null,
            "purge": false,
            "state": "present",
            "update_cache": null,
            "upgrade": null
        }
    }
}

MSG:

Unable to install package: E:Invalid archive signature
sage
  • 4,863
  • 2
  • 44
  • 47
  • And presumably you've already done the sane thing by checking the md5/sha256 checksum to ensure that the file is what you think it is? I have to lobby for `curl -f` all the time to keep people from writing the html of 404 or 500 error pages, so it's not without precedent – mdaniel Nov 09 '22 at 19:52
  • I just confirmed that the md5sum of the .deb matches the one that can be fetched from https://www.vpn.net/installers/logmein-hamachi_2.1.0.203-1_amd64.deb – sage Nov 09 '22 at 19:53
  • 1
    And does `command: apt-get install -y /home/{{ ansible_user }}/Downloads/logmein-hamachi_{{ hamachi_version }}.deb` succeed, meaning it's just odd behavior of `apt:`? – mdaniel Nov 09 '22 at 19:57
  • 1
    And what if you actually do `deb: https://www.vpn.net/installers/logmein-hamachi_2.1.0.203-1_amd64.deb`, just to test the file didn't went corrupted somewhere? – β.εηοιτ.βε Nov 09 '22 at 20:00
  • I created a minimal github repo attempting to reproduce and I could not reproduce the issue using the base docker image, `willhallonline/ansible:2.9-ubuntu-20.04`. Interesting – sage Nov 09 '22 at 20:15
  • mdaniel's suggestion gave the same error and β.εηοιτ.βε's suggestion led to the solution, which I posted below: it appears to be an LFS issue, so the file is effectively "corrupted" by my GitHub workflow configuration. – sage Nov 09 '22 at 20:32

1 Answers1

0

It appears that β.εηοιτ.βε was on the right track.

When I switch to direct fetching of the URL, it succeeds. This made me suspect that my client had set up this project with LFS and that the GitHub workflow is not giving me the file, but rather the few line placeholder for the LFS fetch.

I confirmed that the issue was in .github/workflows/linux.yml:

     steps:
       - uses: actions/checkout@v1
       ...

This had to change to enable LFS explicitly:

     steps:
       - uses: actions/checkout@v1
         with:
           lfs: true
       ...
sage
  • 4,863
  • 2
  • 44
  • 47
  • And now I was able to reproduce the failure by switching to using an LFS file instead of fetching the file. – sage Nov 09 '22 at 20:31