search

geerlingguy / ansible-role-docker

Ansible Role - Docker
https://galaxy.ansible.com/geerlingguy/docker/
MIT License
1.81k stars 853 forks source link

privilege escalation not passed via "--become-method" #400

Closed altsalt closed 1 year ago

altsalt commented 1 year ago

I am trying to run spantaleev/matrix-docker-ansible-deploy updates for the first time since they transitioned to relying on this package and have hit a couple of snags that seem related to a privilege escalation bug.

Here is the command I am using to upgrade: just setup-all --ask-pass --become-user matrix_docker_ansible --become-method sudo

Below is an example of the errors being thrown. I'm going through and manually addressing them for now but would love for the underlying problem to be addressed.

TASK [galaxy/geerlingguy.docker : Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems).] ******************************************************************************************************
fatal: [matrix.sal.td]: FAILED! => changed=false 
  cache_update_time: 1675711110
  cache_updated: false
  msg: |-
    '/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold"       install 'gnupg2=2.2.27-2+deb11u2'' failed: E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
    E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?
  rc: 100
  stderr: |-
    E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
    E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>
altsalt commented 1 year ago

Whoops, looks like I was missing a second password toggle for Ansible. Thanks to Slavi on Matrix for helping to work through it.

Here is the final command (the become stuff was moved into the inventory): just setup-all --ask-pass --ask-become-pass