Modify `user.username` with `ansible_user` in Molecule

[artis3n]

I don't really think this is an issue with this project but I'm hoping you might provide some guidance.

I am Molecule-izing a large playbook to get it to run a full CI inside a GitHub Action workflow. Regardless of whether I run it locally or on the workflow, I need to get the Molecule Docker container running first with privilege and then as a non-root "ansible" user for this extension to work. I do so here and have the username for this role set in requirements.yml here:

- src: gantsign.visual-studio-code
  users:
    - username: "{{ ansible_user }}"
      visual_studio_code_extensions:
        - Shan.code-settings-sync

However, when I run Molecule on my local system or on a GitHub Actions workflow I get an error at:

TASK [gantsign.visual-studio-code : install extensions] ************************
    fatal: [instance]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: invalid user: 'artis3n'\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}

For the GitHub Workflow I get the same error for the user runner.

I've tried modifying the ansible_user via molecule.yml:

provisioner:
  name: ansible
  lint:
    name: ansible-lint
  options:
    'vault-id': ../../.vault_pass
  inventory:
    host_vars:
      instance:
        ansible_user: ansible

and my playbook.yml:

- name: Converge
  hosts: all
  gather_facts: yes
  vars:
    ansible_user: ansible

But it looks like ansible_user isn't correctly being set when the roles are run. Or, maybe there is something else happening in your role that I am completely missing? This should correspond to this:

- name: install extensions
  become: yes
  become_user: '{{ item.0.username }}'
  visual_studio_code_install_extension:
    executable: '{{ visual_studio_code_exe }}'
    name: '{{ item.1 }}'
  with_subelements:
    - '{{ users }}'
    - visual_studio_code_extensions
    - skip_missing: yes

which suggests it should be accepting my modified ansible_user as ansible.

Do you have any suggestions how I might continue to troubleshoot this?

[artis3n]

I should add that the Molecule Docker container I am using is modified to include an ansible user with sudo privileges: https://github.com/artis3n/docker-ubuntu1804-ansible/blob/master/Dockerfile#L52

[freemanjp]

I'm guessing it's a problem with your sudo configuration. I've changed the Molecule tests to run using a non-privileged user (see #167). Be aware the name of the sudo group varies between Linux distributions (sometimes it's sudo and others it's wheel). Be aware you may want to be more selective with the permissions grant to the user/group in the /etc/sudoers.

Hope that helps.

[artis3n]

I appreciate you taking the time to look into it. I'll have to play around with this ubuntu sudo configuration and make sure my Docker image has properly set it up.

[artis3n]

...... I updated requirements.yml to use ansible_user for the username to this role but did not update my playbook.

roles:
    - role: gantsign.visual-studio-code
      users:
        - username: "{{ ansible_user }}" # <-- this was still set to lookup('env', 'USER')
          visual_studio_code_extensions:
            - Shan.code-settings-sync
    - role: artis3n.bitwarden_app

... well I hate everything but thanks again @freemanjp for looking into it. I still get an error running from a GitHub Actions workflow but now it has to do with missing dependencies in my docker image, that I can work with.

    TASK [gantsign.visual-studio-code : install extensions] ************************
    failed: [instance] (item=[{'username': 'ansible'}, 'Shan.code-settings-sync']) => {"ansible_loop_var": "item", "changed": false, "item": [{"username": "ansible"}, "Shan.code-settings-sync"], "msg": "Error querying installed extensions [Shan.code-settings-sync]: /usr/share/code/bin/../code: error while loading shared libraries: libX11-xcb.so.1: cannot open shared object file: No such file or directory\n"}