search

ansible-lockdown / UBUNTU22-CIS

Ansible role for Ubuntu22 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
181 stars 80 forks source link

Error 1.6.1.1 and 5.4.1 when blocked /var/lib/dpkg/lock-frontend. #215

Closed txsastre closed 6 months ago

txsastre commented 6 months ago

I received this error when testing 1.6.11 on Ubuntu 22 also happened with 5.4.1

Launched again and error disappeared, may be the server was self-upgrading something (its a lab).

TASK [/home/hal/ansible/hardening/UBUNTU22-CIS-devel : 1.6.1.1 | PATCH | Ensure AppArmor is installed] **** fatal: [SRV1-UBU]: FAILED! => {"cache_update_time": 1710329138, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" install 'apparmor-utils=3.0.4-2ubuntu2.3'' failed: E: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 24459 (unattended-upgr)\nE: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?\n", "rc": 100, "stderr": "E: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 24459 (unattended-upgr)\nE: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?\n", "stderr_lines": ["E: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 24459 (unattended-upgr)", "E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?"], "stdout": "", "stdout_lines": []}

uk-bolly commented 6 months ago

hi @txsastre

Can you provide more information please

e.g. branch you are using ansible version

many thanks

uk-bolly

txsastre commented 6 months ago

Hi there, sorry about not informing before.

Related to the branch, i just donwloaded the scripts from devel (default)

the ansible controller is a Debian 12

ansible [core 2.16.3] config file = None configured module search path = ['/home/hal/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/hal/.local/lib/python3.11/site-packages/ansible ansible collection location = /home/hal/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.11.8 (main, Feb 7 2024, 21:52:08) [GCC 13.2.0] (/usr/bin/python3) jinja version = 3.1.2 libyaml = True

uk-bolly commented 6 months ago

hi @txsastre

Thank you for the feedback and discussion on discord. To confirm this issue is caused the the unattended-upgrades package being enabled and this happened to clash at the time of the playbook run. That can be seen in the output above.

I will close this issue as not required.

Many thanks

uk-bolly