Boostrap really need to use "root" user could it just user become true and become methode sudo and remote_user that I specified about ansible-role-bootstrap HOT 14 CLOSED

My team is seeing the same error in our workflow on Ubuntu 18.04. For our use-case, the role executes successfully on a new host, but additional configuration code is changing permissions that is causing the above error on a subsequent run if the installed packages have been changed in any way.

Would it be possible to somehow allow the user of the role to specify to not override become_user with ansible_user for installing the necessary packages? For us the error goes away if become_user is still root. Connecting as root is not an option for us.

from ansible-role-bootstrap.

I can confirm that I am also seeing the "This command has to be run under the root user." issue for python3 and sudo on bento/centos-8 and generic/rhel8 via vagrant+virtualbox when just having this role run on a brand new VM. I've tried multiple variations of become_user, become_method, become, bootstrap_user, etc

I keep hitting:

TASK [robertdebock.bootstrap : install bootstrap packages (package)] ***********
Tuesday 01 February 2022  12:07:34 -0600 (0:00:01.214)       0:00:03.702 ******
failed: [vagrant-centos8-starter-role] (item=python3) => changed=false
  ansible_loop_var: item
  item: python3
  msg: This command has to be run under the root user.
  results: []
failed: [vagrant-centos8-starter-role] (item=sudo) => changed=false
  ansible_loop_var: item
  item: sudo
  msg: This command has to be run under the root user.
  results: []

Edit: I should add this works fine on bento/centos-7

Edit 2: Rolled back to version 5.2.3 and that seems to work fine

from ansible-role-bootstrap.

@robertdebock Nope, it did not. c7cc6d4 Broke it again. I reverted your changes and it fixed it.

from ansible-role-bootstrap.

I'll have a look, sorry for the issue, thanks for the feedback.

from ansible-role-bootstrap.

About the xrdp role; you can prepare a system with the roles listed in the README.md, but you can also prepare a system differently. Most people do prepare a system differently, that's why almost no role use dependencies: in meta/main.yml.

About the issue reported; I can't reproduce it. Can I ask you to show me the playbook and variables applicable to reproduce the issue?

Regards, Robert.

from ansible-role-bootstrap.

And; was there ever a version of this role that has worked for you?

from ansible-role-bootstrap.

I'm able to reproduce with a Vagrant environment using the same play configuration from molecule/converge.yml

vagrant init ubuntu/bionic
vagrant up
ansible-playbook -i '127.0.0.1:2200,' --private-key ./.vagrant/machines/default/virtualbox/private_key -b -u vagrant play.yml

It seems like #53 is a related issue, the issue being that your have to be root to install packages, but the install bootstrap packages (package) is becoming the remote user. It seems like since the role assumes that sudo is not available, you have to run as root.

from ansible-role-bootstrap.

Edit: My scenario was a bit different. I had disabled the root account at (Fedora) installation.
Workaround: enable the root account, but disable ssh login. So become uses the sudo method.

And; was there ever a version of this role that has worked for you?

The golden question! I always suspect selinux... I'm getting this on a fresh Fedora 35 server:

TASK [robertdebock.bootstrap : install bootstrap packages (package)] *********************************************************************************************
failed: [localhost] (item=python3) => {"ansible_loop_var": "item", "changed": false, "item": "python3", "msg": "This command has to be run under the root user.", "results": []}
failed: [localhost] (item=sudo) => {"ansible_loop_var": "item", "changed": false, "item": "sudo", "msg": "This command has to be run under the root user.", "results": []}

from ansible-role-bootstrap.

I'm able to reproduce with a Vagrant environment

Me too. Used the robertdebock.development_environment collection the Vagrant.libvirt with fedora-35.

A workarround was to explicit set become_user to root.
https://github.com/robertdebock/ansible-role-bootstrap/blob/master/tasks/main.yml#L67

from ansible-role-bootstrap.

The difference between master and 5.2.3 is mostly:

5.2.3 (Working)

  vars:
    ansible_user: "{{ bootstrap_ansible_user | default(omit) }}"

latest (Broken)

  become: yes
  become_user: "{{ bootstrap_ansible_user | default(bootstrap_user) }}"

Let me revert that part.

It's difficult to automatically test this; the containers I use are root by default.

from ansible-role-bootstrap.

It's difficult to automatically test this; the containers I use are root by default.

It would make sense to have a specialized Dockerfiles.j2 file for the molecule scenarios to adapt to the vagrant-libvirt based images with a non-priviledged-user. I use it quite frequently in that way to test roles. Was one of the first things I did when testing your roles - switching to official centos/almalinux images which are enhanced and prepared by the molecule docker driver on the fly and even the reuse of already build images ( cached ) works.

see for details:
https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user

from ansible-role-bootstrap.

With version 6.0.0 (released yesterday) this issue should be resolved. Thanks all for helping!

from ansible-role-bootstrap.

Can also confirm on Alma Linux 8

failed: [almalinux8.examle.com] (item=python3) => {"ansible_loop_var": "item", "changed": false, "item": "python3", "msg": "This command has to be run under the root user.", "results": []}

from ansible-role-bootstrap.

This is still broken for RHEL 8. Seems to work fine for CentOS 7 for some reason?

from ansible-role-bootstrap.