Hello,
I am trying to provision a host using ansible (remote). The host is a clean
ubuntu 18.04 install, but I am blocked running a simple ansible cookbook
that requires root privileges.
I can run simple shell commands such as:
echo '{{user `ssh_password`}}' | sudo -S shutdown -P now
But I need a way to feed the sudo password into ansible, otherwise it fails:
ubuntu-18.04: fatal: [default]: FAILED! => {"cache_update_time":
1574096255, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get
-y -o \"Dpkg::Options::=--force-confdef\" -o
\"Dpkg::Options::=--force-confold\" install 'mariadb-server'' failed:
E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13:
Permission denied)\nE: Unable to acquire the dpkg frontend lock
(/var/lib/dpkg/lock-frontend), are you root?\n", "rc": 100, "stderr": "E:
Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission
denied)\nE: Unable to acquire the dpkg frontend lock
(/var/lib/dpkg/lock-frontend), are you root?\n", "stderr_lines": ["E: Could
not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission
denied)", "E: Unable to acquire the dpkg frontend lock
(/var/lib/dpkg/lock-frontend), are you root?"], "stdout": "", "stdout_lines"
: []}
I have tried to tell ansible to use become:
ubuntu-18.04: fatal: [default]: FAILED! => {"msg": "Missing sudo
password"}
I have tried to pass the password as input:
"provisioners": [
"type": "ansible",
"command": "bash -c \"echo '{{user `ssh_password`}}' |
ansible-playbook $@\"",
"extra_arguments":
[
"--ask-become-pass"
],
however, this fails as it seems we cannot pass a commands with arguments:
* Error running "bash -c "echo '<sensitive>' | ansible-playbook $@"
--version": exec: "bash -c \"echo '<sensitive>' | ansible-playbook $@\"":
executable file not found in $PATH
I have tried to use the user root directly:
"provisioners": [
"type": "ansible",
"user": "root",
however this fails because I imagine ubuntu does not allow root to SSH
directly:
ubuntu-18.04: fatal: [default]: UNREACHABLE! => {"changed": false, "msg"
: "Authentication or permission failure. In some cases, you may have been
able to authenticate and did not have permissions on the target directory.
Consider changing the remote tmp path in ansible.cfg to a path rooted in
\"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo
/root/.ansible/tmp/ansible-tmp-1574094286.5371425-44623893214428 `\" &&
echo ansible-tmp-1574094286.5371425-44623893214428=\"` echo
/root/.ansible/tmp/ansible-tmp-1574094286.5371425-44623893214428 `\" ),
exited with result 1", "unreachable": true}
I would like to find a solution that does not requires lowering the
security of my host, such as allowing root SSH, or passwordless sudo. This
seem like a pretty basic scenario, and I am surprised that I could not fine
anyone explaining how to solve this issue. The only reference I found is
this post:
https://github.com/hashicorp/packer/issues/4263#issuecomment-280103496 but
it got shutdown and the poster did not created a ticket.
Any ideas or help would be very welcome.
Thanks
Val
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to packer-tool+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/ccb64399-61d2-4826-877e-584bd2bf1262%40googlegroups.com.
