Thanks Rickard, that did the trick.
For clarity on this thread, the solution is to use the following:
"provisioners": [
"type": "ansible",
"extra_arguments":
[
"--extra-vars",
"ansible_become_pass={{user `pass`}}"
],
On Saturday, November 23, 2019 at 7:16:01 AM UTC-8, Rickard von Essen wrote:
> See https://stackoverflow.com/a/29799758/226174
>
> On Mon, Nov 18, 2019, 19:20 Valentin Leon <valentin....@gmail.com
> <javascript:>> wrote:
>
>> Apologies for the double posting, I kept seeing Google Groups errors..
>> some days nothing works.
>>
>> An error (#847) occurred while communicating with the server.
>> RELOAD
>>
>> On Monday, November 18, 2019 at 10:18:55 AM UTC-8, Valentin Leon wrote:
>>>
>>> Hello,
>>>
>>> I am trying to provision a host using ansible (remote). The host is a
>>> clean ubuntu 18.04 install, but I am blocked running a simple ansible
>>> cookbook that requires root privileges.
>>>
>>> I can run simple shell commands such as:
>>> echo '{{user `ssh_password`}}' | sudo -S shutdown -P now
>>>
>>> But I need a way to feed the sudo password into ansible, otherwise it
>>> fails:
>>> ubuntu-18.04: fatal: [default]: FAILED! => {"cache_update_time":
>>> 1574096255, "cache_updated": false, "changed": false, "msg":
>>> "'/usr/bin/apt-get
>>> -y -o \"Dpkg::Options::=--force-confdef\" -o
>>> \"Dpkg::Options::=--force-confold\" install 'mariadb-server''
>>> failed: E: Could not open lock file /var/lib/dpkg/lock-frontend - open
>>> (13: Permission denied)\nE: Unable to acquire the dpkg frontend lock
>>> (/var/lib/dpkg/lock-frontend), are you root?\n", "rc": 100, "stderr":
>>> "E:
>>> Could not open lock file /var/lib/dpkg/lock-frontend - open (13:
>>> Permission denied)\nE: Unable to acquire the dpkg frontend lock
>>> (/var/lib/dpkg/lock-frontend), are you root?\n", "stderr_lines": ["E:
>>> Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission
>>> denied)", "E: Unable to acquire the dpkg frontend lock
>>> (/var/lib/dpkg/lock-frontend), are you root?"], "stdout": "",
>>> "stdout_lines": []}
>>>
>>> I have tried to tell ansible to use become:
>>> ubuntu-18.04: fatal: [default]: FAILED! => {"msg": "Missing sudo
>>> password"}
>>>
>>> I have tried to pass the password as input:
>>> "provisioners": [
>>>
>>> "type": "ansible",
>>>
>>> "command": "bash -c \"echo '{{user `ssh_password`}}' |
>>> ansible-playbook $@\"",
>>> "extra_arguments":
>>> [
>>> "--ask-become-pass"
>>> ],
>>>
>>> however, this fails as it seems we cannot pass a commands with arguments:
>>>
>>> * Error running "bash -c "echo '<sensitive>' | ansible-playbook $@"
>>> --version": exec: "bash -c \"echo '<sensitive>' | ansible-playbook $@\""
>>> : executable file not found in $PATH
>>>
>>> I have tried to use the user root directly:
>>> "provisioners": [
>>> "type": "ansible",
>>>
>>> "user": "root",
>>>
>>> however this fails because I imagine ubuntu does not allow root to SSH
>>> directly:
>>>
>>> ubuntu-18.04: fatal: [default]: UNREACHABLE! => {"changed": false,
>>> "msg": "Authentication or permission failure. In some cases, you may
>>> have been able to authenticate and did not have permissions on the target
>>> directory. Consider changing the remote tmp path in ansible.cfg to a path
>>> rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo
>>> /root/.ansible/tmp/ansible-tmp-1574094286.5371425-44623893214428 `\" &&
>>> echo ansible-tmp-1574094286.5371425-44623893214428=\"` echo
>>> /root/.ansible/tmp/ansible-tmp-1574094286.5371425-44623893214428 `\" ),
>>> exited with result 1", "unreachable": true}
>>>
>>> I would like to find a solution that does not requires lowering the
>>> security of my host, such as allowing root SSH, or passwordless sudo. This
>>> seem like a pretty basic scenario, and I am surprised that I could not fine
>>> anyone explaining how to solve this issue. The only reference I found is
>>> this post:
>>> https://github.com/hashicorp/packer/issues/4263#issuecomment-280103496
>>> but it got shutdown and the poster did not created a ticket.
>>>
>>> Any ideas or help would be very welcome.
>>>
>>> Thanks
>>>
>>> Val
>>>
>> --
>> This mailing list is governed under the HashiCorp Community Guidelines -
>> https://www.hashicorp.com/community-guidelines.html. Behavior in
>> violation of those guidelines may result in your removal from this mailing
>> list.
>>
>> GitHub Issues: https://github.com/mitchellh/packer/issues
>> IRC: #packer-tool on Freenode
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Packer" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to packe...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/packer-tool/827f4b20-b10e-4090-83de-5dac7e641ca8%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/packer-tool/827f4b20-b10e-4090-83de-5dac7e641ca8%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to packer-tool+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/8bdda73a-10b8-4a50-96aa-60dd42cbdb0c%40googlegroups.com.
