When provisioning an AWS instance running Ubuntu 20.04.3 LTS (GNU/Linux 5.11.0-1028-aws x86_64) provisioning stops at the following tasks:
TASK [Gathering Facts] task when become:true is set in the playbook. The following error message is displayed: Missing sudo password
apt: update_cache=yes task when become: true is set in the playbook and gather_facts: false. The following error message is displayed: Missing sudo password
apt: update_cache=yes task when become: true is not set in the playbook. The following error message is displayed: Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)"
TASK [geerlingguy.pip : Ensure Pip is installed.] task when become: true is not set in the playbook. The following error messages are displayed:
"E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)",
"E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?"
I suspect this is happening because this is a AWS modified OS, being GNU/Linux 5.11.0-1028-aws. I can ssh into the instance and run sudo apt update and sudo apt install python3-pip and it works without a password because I have ALL=(ALL:ALL) NOPASSWD:ALL set in sudoers for my ssh user. However, when I run sudo apt update and sudo apt install python3-pip with become: true is not set in the playbook, the above error messages are displayed.
I have run all versions of these and re-ran the playbook.
sudo rm /var/lib/apt/lists/lock
sudo rm /var/cache/apt/archives/lock
sudo rm /var/lib/dpkg/lock
sudo rm /var/lib/apt/lists/lock
sudo rm /var/lib/dpkg/lock-frontend
I found this stack overflow answer Ansible playbook fails to lock apt and added those tasks but it would fail at this step raw: apt-get -y purge unattended-upgrades.
unattended-upgrades seems to be disabled because I no longer see this message when I login to the instance.
2 updates could not be installed automatically. For more details, see /var/log/unattended-upgrades/unattended-upgrades.log
This is the first time I have had an issue with running these very basic ansible tasks. Given that AWS has its own ansible modules, I am sure I am doing something wrong or missing something obvious. I've had a hard time finding a solution to this problem because Googling has been ineffective. There are too many irrelevant results due to the popularity of the AWS ansible modules. I'm not trying to create or modify any AWS instances. I'm just trying to provision one.
I'm hoping one of the many AWS or Ansible experts here can help me out.
Here's the code: https://github.com/kahunacoder/ansible-wikijs
Here's an example
playbook.yml:
- hosts: all
gather_facts: true
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
pip_package: python3-pip
pip_install_packages:
- name: docker
tasks:
- name: Update apt
apt: update_cache=yes
roles:
- geerlingguy.pip
hosts.yml:
ansible_host: wiki.mydomain.com # dev machine
ansible_ssh_user: wiki
ansible_ssh_private_key_file: "~/.ssh/id_rsa"
ansible_connection: ssh
ansible_python_interpreter: /usr/bin/python3
sudoers:
wiki ALL=(ALL:ALL) NOPASSWD:ALL
