Package dependency error for Docker installation on clean Ubuntu 18.04

[mkarlesky]

Issue

I recently used the nickjj.docker v2.0.0 Ansible role to install Docker on a clean Ubuntu 18.04 machine. On my first attempt the installation process errored out with a package dependency problem (see below).

I have successfully installed Docker on Ubuntu 18.04 using the nickjj.docker role in these two scenarios:

1. Clean Ubuntu 18.04 VMs started up with Vagrant.
2. Running the installation playbook (documented below) a second time after the error of the first attempt reported here. That is, I just ran the same playbook twice to install Docker per my configuration. Everything was correct after the second attempt with no intervention between attempts.

Playbook

---

- hosts: all
  become: true

  roles:
    - nickjj.docker

  vars_files:
    - ../../../vars.yml

  vars:
    # Prevent deprecation warning by adopting future default functionality of
    # using the discovered, most up-to-date version of Python (e.g. python3)
    - ansible_python_interpreter: auto
    - docker__users: ["{{ admin_user }}"]
    - docker__registries:
      - registry_url: "https://index.docker.io/v1/"
        username: "<snip>"
        password: "<snip>"
    - docker__default_daemon_json: |
        "log-driver": "json-file",
        "log-opts": {
          "max-size": "10m",
          "max-file": "25"
        }
    - docker__default_pip_packages:
      # Don't install docker-compose
      - name: docker-compose
        state: absent
      # Ooverriding the defaults to omit the preceding requires this be explicit
      - name: docker
        state: present

  tasks:
    - name: Ensure docker is running and starts at boot.
      service:
        name: docker
        state: started
        enabled: true

Ansible output

TASK [nickjj.docker : Install Docker] **************************************************************************************************************************************************
fatal: [10.0.20.3]: FAILED! => {"cache_update_time": 1610673101, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\"      install 'docker-ce'' failed: No apport report written because the error message indicates its a followup error from a previous failure.\nE: Sub-process /usr/bin/dpkg returned an error code (1)\n", "rc": 100, "stderr": "No apport report written because the error message indicates its a followup error from a previous failure.\nE: Sub-process /usr/bin/dpkg returned an error code (1)\n", "stderr_lines": ["No apport report written because the error message indicates its a followup error from a previous failure.", "E: Sub-process /usr/bin/dpkg returned an error code (1)"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following package was automatically installed and is no longer required:\n  libllvm9\nUse 'sudo apt autoremove' to remove it.\nThe following additional packages will be installed:\n  containerd.io docker-ce-cli docker-ce-rootless-extras git git-man\n  liberror-perl pigz\nSuggested packages:\n  aufs-tools cgroupfs-mount | cgroup-lite git-daemon-run | git-daemon-sysvinit\n  git-doc git-el git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn\nRecommended packages:\n  slirp4netns\nThe following NEW packages will be installed:\n  containerd.io docker-ce docker-ce-cli docker-ce-rootless-extras git git-man\n  liberror-perl pigz\n0 upgraded, 8 newly installed, 0 to remove and 41 not upgraded.\nNeed to get 108 MB of archives.\nAfter this operation, 484 MB of additional disk space will be used.\nGet:1 http://security.ubuntu.com/ubuntu bionic-security/main amd64 git-man all 1:2.17.1-1ubuntu0.7 [804 kB]\nGet:2 https://download.docker.com/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.4.3-1 [28.1 MB]\nGet:3 http://security.ubuntu.com/ubuntu bionic-security/main amd64 git amd64 1:2.17.1-1ubuntu0.7 [3915 kB]\nGet:4 http://archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]\nGet:5 http://archive.ubuntu.com/ubuntu bionic/main amd64 liberror-perl all 0.17025-1 [22.8 kB]\nGet:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:20.10.2~3-0~ubuntu-bionic [41.4 MB]\nGet:7 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:20.10.2~3-0~ubuntu-bionic [24.8 MB]\nGet:8 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-rootless-extras amd64 5:20.10.2~3-0~ubuntu-bionic [8911 kB]\nFetched 108 MB in 2s (47.7 MB/s)\nSelecting previously unselected package pigz.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 275385 files and directories currently installed.)\r\nPreparing to unpack .../0-pigz_2.4-1_amd64.deb ...\r\nUnpacking pigz (2.4-1) ...\r\nSelecting previously unselected package containerd.io.\r\nPreparing to unpack .../1-containerd.io_1.4.3-1_amd64.deb ...\r\nUnpacking containerd.io (1.4.3-1) ...\r\nSelecting previously unselected package docker-ce-cli.\r\nPreparing to unpack .../2-docker-ce-cli_5%3a20.10.2~3-0~ubuntu-bionic_amd64.deb ...\r\nUnpacking docker-ce-cli (5:20.10.2~3-0~ubuntu-bionic) ...\r\nSelecting previously unselected package docker-ce.\r\nPreparing to unpack .../3-docker-ce_5%3a20.10.2~3-0~ubuntu-bionic_amd64.deb ...\r\nUnpacking docker-ce (5:20.10.2~3-0~ubuntu-bionic) ...\r\nSelecting previously unselected package docker-ce-rootless-extras.\r\nPreparing to unpack .../4-docker-ce-rootless-extras_5%3a20.10.2~3-0~ubuntu-bionic_amd64.deb ...\r\nUnpacking docker-ce-rootless-extras (5:20.10.2~3-0~ubuntu-bionic) ...\r\nSelecting previously unselected package liberror-perl.\r\nPreparing to unpack .../5-liberror-perl_0.17025-1_all.deb ...\r\nUnpacking liberror-perl (0.17025-1) ...\r\nSelecting previously unselected package git-man.\r\nPreparing to unpack .../6-git-man_1%3a2.17.1-1ubuntu0.7_all.deb ...\r\nUnpacking git-man (1:2.17.1-1ubuntu0.7) ...\r\nSelecting previously unselected package git.\r\nPreparing to unpack .../7-git_1%3a2.17.1-1ubuntu0.7_amd64.deb ...\r\nUnpacking git (1:2.17.1-1ubuntu0.7) ...\r\nSetting up git-man (1:2.17.1-1ubuntu0.7) ...\r\nSetting up containerd.io (1.4.3-1) ...\r\nCreated symlink /etc/systemd/system/multi-user.target.wants/containerd.service -> /lib/systemd/system/containerd.service.\r\nSetting up liberror-perl (0.17025-1) ...\r\nSetting up docker-ce-cli (5:20.10.2~3-0~ubuntu-bionic) ...\r\nSetting up pigz (2.4-1) ...\r\nSetting up git (1:2.17.1-1ubuntu0.7) ...\r\nSetting up docker-ce (5:20.10.2~3-0~ubuntu-bionic) ...\r\nCreated symlink /etc/systemd/system/multi-user.target.wants/docker.service -> /lib/systemd/system/docker.service.\r\nCreated symlink /etc/systemd/system/sockets.target.wants/docker.socket -> /lib/systemd/system/docker.socket.\r\nJob for docker.service failed because the control process exited with error code.\r\nSee \"systemctl status docker.service\" and \"journalctl -xe\" for details.\r\ninvoke-rc.d: initscript docker, action \"start\" failed.\r\n* docker.service - Docker Application Container Engine\r\n   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)\r\n   Active: activating (auto-restart) (Result: exit-code) since Thu 2021-01-14 20:11:57 EST; 4ms ago\r\n     Docs: https://docs.docker.com\r\n  Process: 6640 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock \u001b[0;1;31m(code=exited, status=1/FAILURE)\u001b[0m\r\n Main PID: 6640 (code=exited, status=1/FAILURE)\r\ndpkg: error processing package docker-ce (--configure):\r\n installed docker-ce package post-installation script subprocess returned error exit status 1\r\ndpkg: dependency problems prevent configuration of docker-ce-rootless-extras:\r\n docker-ce-rootless-extras depends on docker-ce; however:\r\n  Package docker-ce is not configured yet.\r\n\r\ndpkg: error processing package docker-ce-rootless-extras (--configure):\r\n dependency problems - leaving unconfigured\r\nProcessing triggers for man-db (2.8.3-2ubuntu0.1) ...\r\nProcessing triggers for ureadahead (0.100.0-21) ...\r\nProcessing triggers for systemd (237-3ubuntu10.43) ...\r\nErrors were encountered while processing:\r\n docker-ce\r\n docker-ce-rootless-extras\r\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following package was automatically installed and is no longer required:", "  libllvm9", "Use 'sudo apt autoremove' to remove it.", "The following additional packages will be installed:", "  containerd.io docker-ce-cli docker-ce-rootless-extras git git-man", "  liberror-perl pigz", "Suggested packages:", "  aufs-tools cgroupfs-mount | cgroup-lite git-daemon-run | git-daemon-sysvinit", "  git-doc git-el git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn", "Recommended packages:", "  slirp4netns", "The following NEW packages will be installed:", "  containerd.io docker-ce docker-ce-cli docker-ce-rootless-extras git git-man", "  liberror-perl pigz", "0 upgraded, 8 newly installed, 0 to remove and 41 not upgraded.", "Need to get 108 MB of archives.", "After this operation, 484 MB of additional disk space will be used.", "Get:1 http://security.ubuntu.com/ubuntu bionic-security/main amd64 git-man all 1:2.17.1-1ubuntu0.7 [804 kB]", "Get:2 https://download.docker.com/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.4.3-1 [28.1 MB]", "Get:3 http://security.ubuntu.com/ubuntu bionic-security/main amd64 git amd64 1:2.17.1-1ubuntu0.7 [3915 kB]", "Get:4 http://archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]", "Get:5 http://archive.ubuntu.com/ubuntu bionic/main amd64 liberror-perl all 0.17025-1 [22.8 kB]", "Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:20.10.2~3-0~ubuntu-bionic [41.4 MB]", "Get:7 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:20.10.2~3-0~ubuntu-bionic [24.8 MB]", "Get:8 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-rootless-extras amd64 5:20.10.2~3-0~ubuntu-bionic [8911 kB]", "Fetched 108 MB in 2s (47.7 MB/s)", "Selecting previously unselected package pigz.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 275385 files and directories currently installed.)", "Preparing to unpack .../0-pigz_2.4-1_amd64.deb ...", "Unpacking pigz (2.4-1) ...", "Selecting previously unselected package containerd.io.", "Preparing to unpack .../1-containerd.io_1.4.3-1_amd64.deb ...", "Unpacking containerd.io (1.4.3-1) ...", "Selecting previously unselected package docker-ce-cli.", "Preparing to unpack .../2-docker-ce-cli_5%3a20.10.2~3-0~ubuntu-bionic_amd64.deb ...", "Unpacking docker-ce-cli (5:20.10.2~3-0~ubuntu-bionic) ...", "Selecting previously unselected package docker-ce.", "Preparing to unpack .../3-docker-ce_5%3a20.10.2~3-0~ubuntu-bionic_amd64.deb ...", "Unpacking docker-ce (5:20.10.2~3-0~ubuntu-bionic) ...", "Selecting previously unselected package docker-ce-rootless-extras.", "Preparing to unpack .../4-docker-ce-rootless-extras_5%3a20.10.2~3-0~ubuntu-bionic_amd64.deb ...", "Unpacking docker-ce-rootless-extras (5:20.10.2~3-0~ubuntu-bionic) ...", "Selecting previously unselected package liberror-perl.", "Preparing to unpack .../5-liberror-perl_0.17025-1_all.deb ...", "Unpacking liberror-perl (0.17025-1) ...", "Selecting previously unselected package git-man.", "Preparing to unpack .../6-git-man_1%3a2.17.1-1ubuntu0.7_all.deb ...", "Unpacking git-man (1:2.17.1-1ubuntu0.7) ...", "Selecting previously unselected package git.", "Preparing to unpack .../7-git_1%3a2.17.1-1ubuntu0.7_amd64.deb ...", "Unpacking git (1:2.17.1-1ubuntu0.7) ...", "Setting up git-man (1:2.17.1-1ubuntu0.7) ...", "Setting up containerd.io (1.4.3-1) ...", "Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service -> /lib/systemd/system/containerd.service.", "Setting up liberror-perl (0.17025-1) ...", "Setting up docker-ce-cli (5:20.10.2~3-0~ubuntu-bionic) ...", "Setting up pigz (2.4-1) ...", "Setting up git (1:2.17.1-1ubuntu0.7) ...", "Setting up docker-ce (5:20.10.2~3-0~ubuntu-bionic) ...", "Created symlink /etc/systemd/system/multi-user.target.wants/docker.service -> /lib/systemd/system/docker.service.", "Created symlink /etc/systemd/system/sockets.target.wants/docker.socket -> /lib/systemd/system/docker.socket.", "Job for docker.service failed because the control process exited with error code.", "See \"systemctl status docker.service\" and \"journalctl -xe\" for details.", "invoke-rc.d: initscript docker, action \"start\" failed.", "* docker.service - Docker Application Container Engine", "   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)", "   Active: activating (auto-restart) (Result: exit-code) since Thu 2021-01-14 20:11:57 EST; 4ms ago", "     Docs: https://docs.docker.com", "  Process: 6640 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock \u001b[0;1;31m(code=exited, status=1/FAILURE)\u001b[0m", " Main PID: 6640 (code=exited, status=1/FAILURE)", "dpkg: error processing package docker-ce (--configure):", " installed docker-ce package post-installation script subprocess returned error exit status 1", "dpkg: dependency problems prevent configuration of docker-ce-rootless-extras:", " docker-ce-rootless-extras depends on docker-ce; however:", "  Package docker-ce is not configured yet.", "", "dpkg: error processing package docker-ce-rootless-extras (--configure):", " dependency problems - leaving unconfigured", "Processing triggers for man-db (2.8.3-2ubuntu0.1) ...", "Processing triggers for ureadahead (0.100.0-21) ...", "Processing triggers for systemd (237-3ubuntu10.43) ...", "Errors were encountered while processing:", " docker-ce", " docker-ce-rootless-extras"]}

[nickjj]

Hi,

For clarity did you successfully run it on a fresh Vagrant box on the first run, or did you always need to run it twice because the first time had the error?

Did you run an apt-get update before the first run at any point in time outside this role? That's typically something that you would run on any Ansible managed server beforehand during a bootstrap process.

You can see in this CI run https://github.com/nickjj/ansible-docker/runs/1631249824?check_suite_focus=true, the playbook and role runs against Ubuntu 18.04 successfully and is also idempotent.

[mkarlesky]

Thank you for the quick response and for your work on this role.

Things have worked fine on a fresh Vagrant box. No second run needed. Given that experience I expected to see the same on real hardware. I assumed the appropriate package update was happening in the role somewhere.

I have another clean Ubuntu 18.04 hardware box I'll be running the same process against shortly. I've added an apt-get update pretask to my playbook as you've suggested. I'll report back when I've run the process. Surely, you've identified the issue here.

Thanks again.

[nickjj]

No problem.

The reason apt-get update isn't added to this role specifically is because let's say you have 8 roles that all apt install something. It ends up being a huge time sink to have each role run their own apt update and coordinating an apt cache variable across every role isn't the best pattern either (I used to do that 5ish years ago).

Plus, to bootstrap a role to run Ansible typically you're installing python3 and depending on how bare bones your distro is, sudo, lsb-release and other things too. All of which require running an apt update there. I handle those things in a dedicated "bootstrap" role which is the first role that runs on the system.

[nickjj]

Going to close this as I believe it would be fixed.

Feel free to re-open it if it doesn't after you check it out.

[mkarlesky]

pre_tasks:
    - name: Run the equivalent of "apt-get update"
      apt:
        update_cache: true
      changed_when: false

Incredibly, the very same problem occurred on the other clean Ubuntu 18.04 hardware box. I even copied your apt-get update pre_task into my playbook verbatim, and I see that the task ran when executing Docker set up. Once again a second execution yielded successful installation and configuration.

[nickjj]

Which Vagrant box are you using?

[nickjj]

For refence it's passing on Ubuntu 18.04 in the CI run and I just spun up an Ubuntu 18.04 LTS server on DigitalOcean and AWS and in both cases it ran through successfully on the first run using this as the inventory configuration:

---

docker__registries:
  - username: "[redacted]"
    password: "[redacted]"

docker__default_pip_packages:
  # Don't install docker-compose
  - name: docker-compose
    state: absent
  # Ooverriding the defaults to omit the preceding requires this be explicit
  - name: docker
    state: present

The only thing I did prior to the run was make sure python3 is installed. I also used v2.1.0 of this role which I pushed yesterday. It sets the virtualenv interpreter on the pip install task to use python3 instead of having to explicitly set the ansible interpreter.

But I don't think the interpreter is the issue here because yours is stalling out in the Install Docker task which is before the pip install task.

Do you have any roles that might be installing Docker before this role, or are using some Vagrant box that has Docker pre-installed?

[mkarlesky]

Things have worked fine with Vagrant boxes. These errors are happening only with real world hardware boxes. I'm developing with Vagrant and deploying to real hardware. The issue is happening only on the real hardware—now two different clean boxes. The boxes are mini-PCs from System76 with Ubuntu pre-installed.

Docker is definitely not installed. These are brand new machines with only a bare minimum of set up for ssh. Python3 is installed. I am using the 2.0.0 version of the role from Galaxy.

If there's an inventory or environment dump from these machines I can provide I'm happy to do so. As far as I know they're pretty standard machines and once set up everything else has been working fine. I'm just hitting this odd package dependency issue.

I'd guess I'm missing some necessary set up step that for whatever reason isn't necessary in Vagrant or DigitalOcean contexts.

Thanks for the support. I'm at a loss on the issue, and the problem is likely not with the role given how much it's exercised elsewhere.

[nickjj]

After Googling your error I see this open issue from Docker: https://github.com/moby/moby/issues/41792

Is your box connected to a VPN? That's one potential case based on a few upvotes in that thread.

iptables being misconfigured is another, and there's steps to maybe fix it based on https://stackoverflow.com/a/22876662 being linked in the issue a few times.

Have you also rebooted your box before attempting to install Docker? Maybe initially installing Docker kicks something off that allows it to work the 2nd time around. I don't know how System76 sets up their systems and I don't have one of their Ubuntu ISOs to test it against.

[mkarlesky]

I suppose we'll just need to leave this as an unsolved mystery.

There's no VPN involved. As part of the minimal set up before switching to Ansible I applied all available patches and rebooted. There may be some iptable issue, but all networking has been working fine otherwise.

I can't see a way to definitively recreate the problem without purchasing a new machine from the same vendor, and two machines is all we need for this particular project. I strongly suspect trying to roll things back and try again will be a fruitless exercise.

Thanks again for the help and for the role. I imagine we'll have better luck the next time we use it.

[nickjj]

Thanks for the report. I'm not a fan of unsolved mysteries but if it works in the end after a 2nd run that's always a plus.