githubixx / ansible-role-harden-linux

Ansible role for hardening Linux
https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-harden-the-instances/
GNU General Public License v3.0
129 stars 44 forks source link

Missing required packages in Ubuntu 18.04 image : sudo & python-minimal #1

Closed AlexandreGohier closed 6 years ago

AlexandreGohier commented 6 years ago

Hi TauCeti,

First of all thank you for this great tutorial and for the ansible roles. I'm trying to follow along and build my own k8s cluster using Ansible on Scaleway instances.

FYI, using the recently released Bionic Beaver image at Scaleway, there are a few missing packages to get started: there is no python and no sudo package.

So a prerequisite to running ansible is to install at least python-minimal.

Then when trying to apply this role I got this error message: screen shot 2018-05-04 at 16 25 44

It turns out the Scaleway image has no sudo package installed by default. So maybe this task could be included in the playbook ? Otherwise it might also be simpler just to install it along with python-minimal when preparing the instances...

   - name: Install sudo
     apt:
       name: sudo
       state: latest
       update_cache: yes

I'll let you know if I run into anything else that might be useful to others.

githubixx commented 6 years ago

I haven't played with Bionic Beaver until now but I was pretty sure that something like that will happen as a colleage of mine already ran in a few issues while migrating from 16.04 to 18.04 esp. with the new systemd-resolve thingy.

That's pretty annoying that even Python is missing... Basically that could be solved by preparing a Bionic Beaver image with Python included with Packer (packer.io) and use that as a starting point from which Ansible can operate.

But looks like it is possible to install Python with the raw module described in this this Gist: https://gist.github.com/gwillem/4ba393dceb55e5ae276a87300f6b8e6f

I will have a look at this issue next week and adjust accordingly if needed.

githubixx commented 6 years ago

Mainly fixed in https://github.com/githubixx/ansible-role-harden-linux/pull/4. But Python isn't missing. The thing is that the binary is called python3 and Ansible doesn't know about. To make it work you should a) use at least Ansible 2.5 and b) change the Ansible hosts file e.g.:

[k8s_worker]
host01.domain.tld ansible_python_interpreter=/usr/bin/python3

Also have a look at http://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html which describes more examples how to accomplish this.

AlexandreGohier commented 6 years ago

Ok thanks and my bad for python, I didn't notice python3 was installed. But I'll stick with python2 anyway for the time being, I have no urge to do unnecessary Ansible debugging which seems more or less mature when using python3...