Open jmcgnh opened 8 years ago
This is happening persistently. Perhaps something changed in the packages?
TASK: [common | Install encfs & fuse] ***** failed: [10.200.200.77] => (item=encfs,fuse,libfuse-dev) => {"failed": true, "item": "encfs,fuse,libfuse-dev"} stderr: E: Unable to correct problems, you have held broken packages.
stdout: Reading package lists... Building dependency tree... Reading state information... Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation:
The following packages have unmet dependencies: libfuse-dev : Depends: libfuse2 (= 2.9.0-2+deb7u2) but 2.9.3-15+deb8u1 is to be installed Depends: libselinux-dev
msg: '/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" install 'encfs' 'libfuse-dev'' failed: E: Unable to correct problems, you have held broken packages.
FATAL: all hosts have already failed -- aborting
There's some indication that this message can occur when a kernel update has occurred but not yet rebooted.
https://lists.debian.org/debian-user/2014/05/msg00354.html
Indeed, rebooting does alter the message.
Next failure says encfs can't successfully decode volume key. Removing both /encrypted and /decrypted then allows the provisioning to continue.
I found the Dupuy command in this blogpost to be suitable.
https://coderwall.com/p/0nckqg/ansible-reboot-ubuntu-if-needed
I added lines to roles/common/tasks/main.yml
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 4fbb1be..3da3e96 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -41,6 +41,10 @@ tags:
+- name: Reboot system if required
and also added to to roles/common/tasks/encfs.yml after the fuse package is updated.
This is the code that finally worked:
git diff roles/common/tasks/encfs.yml diff --git a/roles/common/tasks/encfs.yml b/roles/common/tasks/encfs.yml index e7c33de..c91b5c6 100644 --- a/roles/common/tasks/encfs.yml +++ b/roles/common/tasks/encfs.yml @@ -7,6 +7,28 @@ tags:
+- name: check status of fuse
TASK: [common | If /encrypted is empty, create the encfs there] *** failed: [jessie] => {"changed": true, "cmd": "printf \"p\ntestPassword\" | encfs /encrypted /decrypted --public --stdinpass && touch /decrypted/test", "delta": "0:00:04.123265", "end": "2015-12-21 06:46:05.672522", "rc": 1, "start": "2015-12-21 06:46:01.549257", "warnings": []} stderr: fuse: device not found, try 'modprobe fuse' first fuse failed. Common problems:
Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 3:0:2 Filename encoding: "nameio/block", version 3:0:1 Key Size: 256 bits Block Size: 1024 bytes, including 8 byte MAC header Each file contains 8 byte header with unique IV data. Filenames encoded using IV chaining mode. File data IV is chained to filename IV. File holes passed through to ciphertext.
-------------------------- WARNING -------------------------- The external initialization-vector chaining option has been enabled. This option disables the use of hard links on the filesystem. Without hard links, some programs may not work. The programs 'mutt' and 'procmail' are known to fail. For more information, please see the encfs mailing list. If you would like to choose another configuration setting, please press CTRL-C now to abort and start over.
Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl.
FATAL: all hosts have already failed -- aborting
Then, on retrying, get:
TASK: [common | Create encrypted directory] *** ok: [jessie]
TASK: [common | Check if the /encrypted directory is empty] *** failed: [jessie] => {"changed": false, "cmd": "ls /encrypted/_", "delta": "0:00:00.006089", "end": "2015-12-21 07:02:37.148157", "rc": 2, "start": "2015-12-21 07:02:37.142068", "stdoutlines": [], "warnings": []} stderr: ls: cannot access /encrypted/: No such file or directory ...ignoring
TASK: [common | If /encrypted is empty, create the encfs there] *** failed: [jessie] => {"changed": true, "cmd": "printf \"p\ntestPassword\" | encfs /encrypted /decrypted --public --stdinpass && touch /decrypted/test", "delta": "0:00:03.191178", "end": "2015-12-21 07:02:40.534868", "rc": 1, "start": "2015-12-21 07:02:37.343690", "warnings": []} stdout: Error decoding volume key, password incorrect