search

nginxinc / ansible-role-nginx

Ansible role for installing NGINX
https://galaxy.ansible.com/nginxinc/nginx
Apache License 2.0
644 stars 348 forks source link

Unable to install NGINX on SLES (packagekit locks system management) #578

Closed jattind closed 1 year ago

jattind commented 1 year ago

Describe the bug

When trying to deploy ansible-role-nginx on SLES15 VM, I am getting a failure. It fails at different point within the role, but consistently with the same error "System management is locked by the application with pid 4278 (/usr/lib/packagekitd).\nClose this application before trying again"

To reproduce

  1. Deploy NGINX role using playbook.yml
  2. View output/logs/configuration on '...'
  3. See error 
    
docker run --rm -v ~/.ssh/id_rsa:/root/.ssh/id_rsa -v ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub -v ~/.ssh/known_hosts:/root/.ssh/known_hosts -v $(pwd):/crv-ansible -w /crv-ansible ansible:1.0 ansible-playbook -i inv-t2-node pb-site.yml --limit rancher-loadbalancers
[WARNING]: Invalid characters were found in group names but not replaced, use
-vvvv to see details

PLAY [Rancher k8s Nodes] *** skipping: no hosts matched

PLAY [Rancher Load Balancers] **

TASK [Gathering Facts] ***** [WARNING]: Platform linux on host rancher-lb is using the discovered Python interpreter at /usr/bin/python3.6, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.13/reference_appendices/interpreter_discovery.html for more information. ok: [rancher-lb]

TASK [sempre.common : install htop] **** changed: [rancher-lb]

TASK [geerlingguy.firewall : Ensure iptables is present.] ** ok: [rancher-lb]

TASK [geerlingguy.firewall : Flush iptables the first time playbook runs.] ***** changed: [rancher-lb]

TASK [geerlingguy.firewall : Copy firewall script into place.] ***** changed: [rancher-lb]

TASK [geerlingguy.firewall : Copy firewall init script into place.] **** skipping: [rancher-lb]

TASK [geerlingguy.firewall : Copy firewall systemd unit file into place (for systemd systems).] *** changed: [rancher-lb]

TASK [geerlingguy.firewall : Configure the firewall service.] ** changed: [rancher-lb]

TASK [geerlingguy.firewall : Check if firewalld package is installed (on RHEL).] *** skipping: [rancher-lb]

TASK [geerlingguy.firewall : Disable the firewalld service (on RHEL, if configured).] *** skipping: [rancher-lb]

TASK [geerlingguy.firewall : Check if ufw package is installed (on Ubuntu).] *** skipping: [rancher-lb]

TASK [geerlingguy.firewall : Disable the ufw firewall (on Ubuntu, if configured).] *** skipping: [rancher-lb]

TASK [geerlingguy.firewall : Check if ufw package is installed (on Archlinux).] *** skipping: [rancher-lb]

TASK [geerlingguy.firewall : Disable the ufw firewall (on Archlinux, if configured).] *** skipping: [rancher-lb]

TASK [singleplatform-eng.users : Creating groups] **

TASK [singleplatform-eng.users : Per-user group creation] **

TASK [singleplatform-eng.users : User creation] ****

TASK [singleplatform-eng.users : SSH keys] *****

TASK [singleplatform-eng.users : Setup user profiles] **

TASK [singleplatform-eng.users : Deleted user removal] *****

TASK [singleplatform-eng.users : Deleted per-user group removal] ***

TASK [nginxinc.nginx : Check whether you are using a supported NGINX distribution] *** ok: [rancher-lb] => { "changed": false, "msg": "Your OS, SLES is supported by NGINX Open Source" }

TASK [nginxinc.nginx : Check that NGINX setup is an allowed value] ***** ok: [rancher-lb] => { "changed": false, "msg": "All assertions passed" }

TASK [nginxinc.nginx : Set up prerequisites] *** included: /crv-ansible/roles/nginxinc.nginx/tasks/prerequisites/prerequisites.yml for rancher-lb

TASK [nginxinc.nginx : Install dependencies] *** included: /crv-ansible/roles/nginxinc.nginx/tasks/prerequisites/install-dependencies.yml for rancher-lb

TASK [nginxinc.nginx : (Alpine Linux) Install dependencies] **** skipping: [rancher-lb]

TASK [nginxinc.nginx : (Debian/Ubuntu) Install dependencies] *** skipping: [rancher-lb]

TASK [nginxinc.nginx : (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies] *** skipping: [rancher-lb]

TASK [nginxinc.nginx : (SLES) Install dependencies] **** fatal: [rancher-lb]: FAILED! => {"changed": false, "cmd": ["/usr/bin/zypper", "--quiet", "--non-interactive", "--xmlout", "refresh"], "msg": "Zypper run command failed with return code 7.", "rc": 7, "stderr": "", "stderr_lines": [], "stdout": "<?xml version='1.0'?>\n\n<prompt id=\"23\">\nAsk PackageKit to quit?\n<option value=\"yes\" desc=\"\"/>\n<option default=\"1\" value=\"no\" desc=\"\"/>\n\n<message type=\"error\">System management is locked by the application with pid 9213 (/usr/lib/packagekitd).\nClose this application before trying again.\n\n", "stdout_lines": ["<?xml version='1.0'?>", "", "<prompt id=\"23\">", "Ask PackageKit to quit?", "<option value=\"yes\" desc=\"\"/>", "<option default=\"1\" value=\"no\" desc=\"\"/>", "", "<message type=\"error\">System management is locked by the application with pid 9213 (/usr/lib/packagekitd).", "Close this application before trying again.", ""]}

RUNNING HANDLER [geerlingguy.firewall : restart firewall] **

PLAY RECAP ***** rancher-lb : ok=11 changed=5 unreachable=0 failed=1 skipped=17 rescued=0 ignored=0 



### Expected behavior

I should be able to run the playbook and nginx should be deployed on my VM
alessfg commented 1 year ago

The SLES tests seem to be passing just fine over here https://github.com/nginxinc/ansible-role-nginx/actions/runs/3985607539/jobs/6836656717 so I don't think this is an issue related to this role.

I have never run into anything related to packagekit, but I did a quick Google search and I found this reddit thread https://www.reddit.com/r/openSUSE/comments/eq8e2h/is_there_a_way_to_make_packagekit_go_away/ -- I would suggest giving it a try and trying to use the role again?

jattind commented 1 year ago

It seems when the playbooks were being run using Ansible it was enabling/disabling packagekitd at various times. As per link you provided I disabled packagekit as below and that seem to do the trick. 

sudo systemctl disable --now packagekit
sudo systemctl mask packagekit

Not sure what the implications of completely disabling packagekit is, but for now it gets me past the issue. Thanks for your help!

alessfg commented 1 year ago

Happy to hear that! I am not that knowledgeable on SLES myself so I don't know if there are any implications either. Hopefully not!

I've added some info to the issue title to hopefully help any users down the line should they run into this same issue 😄