Apologies for the double posting, I kept seeing Google Groups errors.. some
days nothing works.
An error (#847) occurred while communicating with the server.
RELOAD
On Monday, November 18, 2019 at 10:18:55 AM UTC-8, Valentin Leon wrote:
>
> Hello,
>
> I am trying to provision a host using ansible (remote). The host is a
> clean ubuntu 18.04 install, but I am blocked running a simple ansible
> cookbook that requires root privileges.
>
> I can run simple shell commands such as:
> echo '{{user `ssh_password`}}' | sudo -S shutdown -P now
>
> But I need a way to feed the sudo password into ansible, otherwise it
> fails:
> ubuntu-18.04: fatal: [default]: FAILED! => {"cache_update_time":
> 1574096255, "cache_updated": false, "changed": false, "msg":
> "'/usr/bin/apt-get
> -y -o \"Dpkg::Options::=--force-confdef\" -o
> \"Dpkg::Options::=--force-confold\" install 'mariadb-server''
> failed: E: Could not open lock file /var/lib/dpkg/lock-frontend - open
> (13: Permission denied)\nE: Unable to acquire the dpkg frontend lock
> (/var/lib/dpkg/lock-frontend), are you root?\n", "rc": 100, "stderr": "E:
> Could not open lock file /var/lib/dpkg/lock-frontend - open (13:
> Permission denied)\nE: Unable to acquire the dpkg frontend lock
> (/var/lib/dpkg/lock-frontend), are you root?\n", "stderr_lines": ["E:
> Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission
> denied)", "E: Unable to acquire the dpkg frontend lock
> (/var/lib/dpkg/lock-frontend), are you root?"], "stdout": "",
> "stdout_lines": []}
>
> I have tried to tell ansible to use become:
> ubuntu-18.04: fatal: [default]: FAILED! => {"msg": "Missing sudo
> password"}
>
> I have tried to pass the password as input:
> "provisioners": [
>
> "type": "ansible",
>
> "command": "bash -c \"echo '{{user `ssh_password`}}' |
> ansible-playbook $@\"",
> "extra_arguments":
> [
> "--ask-become-pass"
> ],
>
> however, this fails as it seems we cannot pass a commands with arguments:
>
> * Error running "bash -c "echo '<sensitive>' | ansible-playbook $@"
> --version": exec: "bash -c \"echo '<sensitive>' | ansible-playbook $@\"":
> executable file not found in $PATH
>
> I have tried to use the user root directly:
> "provisioners": [
> "type": "ansible",
>
> "user": "root",
>
> however this fails because I imagine ubuntu does not allow root to SSH
> directly:
>
> ubuntu-18.04: fatal: [default]: UNREACHABLE! => {"changed": false,
> "msg": "Authentication or permission failure. In some cases, you may have
> been able to authenticate and did not have permissions on the target
> directory. Consider changing the remote tmp path in ansible.cfg to a path
> rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo
> /root/.ansible/tmp/ansible-tmp-1574094286.5371425-44623893214428 `\" &&
> echo ansible-tmp-1574094286.5371425-44623893214428=\"` echo
> /root/.ansible/tmp/ansible-tmp-1574094286.5371425-44623893214428 `\" ),
> exited with result 1", "unreachable": true}
>
> I would like to find a solution that does not requires lowering the
> security of my host, such as allowing root SSH, or passwordless sudo. This
> seem like a pretty basic scenario, and I am surprised that I could not fine
> anyone explaining how to solve this issue. The only reference I found is
> this post:
> https://github.com/hashicorp/packer/issues/4263#issuecomment-280103496
> but it got shutdown and the poster did not created a ticket.
>
> Any ideas or help would be very welcome.
>
> Thanks
>
> Val
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/827f4b20-b10e-4090-83de-5dac7e641ca8%40googlegroups.com.
