DEBIAN_FRONTEND=noninteractive not working with ansible modules apt and shell #21691
Description
- Bug Report
COMPONENT NAME
- apt
- shell
ANSIBLE VERSION
MacBook-Pro:$ docker exec --tty "$(cat ${container_id})" bash -c " source /usr/local/bin/virtualenvwrapper.sh; workon ansible_latest; ansible-playbook --version"
ansible-playbook 2.2.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
MacBook-Pro:$
CONFIGURATION
MacBook-Pro:$ docker exec --tty "$(cat ${container_id})" bash -c " cat /etc/ansible/ansible.cfg "
[defaults]
retry_files_enabled = False
OS / ENVIRONMENT
Docker on OSX
Docker image : yabhinav/ansible:ubuntu1604
SUMMARY
When installing freeipa-server the post installation script try to setup the IPA server or krb5 configuration.
To prevent that apt-get install should be run with DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -yf freeipa-server
When using apt and shell module installation fail while running from ansible-playbook but through interactive shell terminal installation is successful with same command
Apt module source code shows debian_frontend is set noninteractive by default but it is not working
STEPS TO REPRODUCE
- shell: "export DEBIAN_FRONTEND=noninteractive && apt-get install -yf freeipa-server dnsutils sssd-ldap expect "
- shell: "DEBIAN_FRONTEND=noninteractive apt-get install -yf freeipa-server dnsutils sssd-ldap expect "
- name: Install IPA Server Packages
apt: name="{{ item }}" state=latest install_recommends=yes force=yes
with_items:
- freeipa-server
- dnsutils
- sssd-ldap
- expectEXPECTED RESULTS
When running the same command in terminal, there were no issues and freeipa-server installed successfully
root@testlab:/# export DEBIAN_FRONTEND=noninteractive ; apt-get install -yf freeipa-server dnsutils sssd-ldap expect
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
--------
--------
Fetched 148 MB in 3min 3s (806 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
--------
Setting up sssd-ad-common (1.13.4-1ubuntu1.1) ...
Setting up sssd-krb5-common (1.13.4-1ubuntu1.1) ...
Setting up sssd-ad (1.13.4-1ubuntu1.1) ...
Setting up sssd-ipa (1.13.4-1ubuntu1.1) ...
Setting up sssd-krb5 (1.13.4-1ubuntu1.1) ...
Setting up sssd-ldap (1.13.4-1ubuntu1.1) ...
Setting up sssd-proxy (1.13.4-1ubuntu1.1) ...
Setting up sssd (1.13.4-1ubuntu1.1) ...
Setting up freeipa-client (4.3.1-0ubuntu1) ...
Setting up freeipa-admintools (4.3.1-0ubuntu1) ...
Setting up krb5-kdc-ldap (1.13.2+dfsg-5ubuntu2) ...
Setting up libapache2-mod-nss (1.0.12-2) ...
libapache2-mod-nss certificate database generated.
Setting up python-ipaserver (4.3.1-0ubuntu1) ...
Setting up freeipa-server (4.3.1-0ubuntu1) ...
----------------
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
done.
ACTUAL RESULTS
MacBook-Pro:ansible-role-ipaserver abhinav$ docker exec --tty "$(cat ${container_id})" bash -c " source /usr/local/bin/virtualenvwrapper.sh; workon ansible_latest; ansible-playbook /etc/ansible/roles/role_under_test/playbooks/test.yml -vvv"
Using /etc/ansible/ansible.cfg as config file
statically included: /etc/ansible/roles/role_under_test/tasks/modssl_config.yml
statically included: /etc/ansible/roles/role_under_test/tasks/ipainstall.yml
statically included: /etc/ansible/roles/role_under_test/tasks/ipastart.yml
statically included: /etc/ansible/roles/role_under_test/tasks/kinit.yml
statically included: /etc/ansible/roles/role_under_test/tasks/ipahttp.yml
PLAYBOOK: test.yml *************************************************************
1 plays in /etc/ansible/roles/role_under_test/playbooks/test.yml
PLAY [all] *********************************************************************
TASK [setup] *******************************************************************
Using module file /root/.virtualenvs/ansible_latest/local/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487625217.44-241565292135920 `" && echo ansible-tmp-1487625217.44-241565292135920="` echo ~/.ansible/tmp/ansible-tmp-1487625217.44-241565292135920 `" ) && sleep 0'
<localhost> PUT /tmp/tmpkqgsUK TO /root/.ansible/tmp/ansible-tmp-1487625217.44-241565292135920/setup.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1487625217.44-241565292135920/ /root/.ansible/tmp/ansible-tmp-1487625217.44-241565292135920/setup.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1487625217.44-241565292135920/setup.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1487625217.44-241565292135920/" > /dev/null 2>&1 && sleep 0'
ok: [localhost]
TASK [role_under_test : Install Free IPA Server Packages] **********************
task path: /etc/ansible/roles/role_under_test/tasks/main.yml:18
Using module file /root/.virtualenvs/ansible_latest/local/lib/python2.7/site-packages/ansible/modules/core/packaging/os/apt.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487625220.99-102478099607273 `" && echo ansible-tmp-1487625220.99-102478099607273="` echo ~/.ansible/tmp/ansible-tmp-1487625220.99-102478099607273 `" ) && sleep 0'
<localhost> PUT /tmp/tmpbktIKQ TO /root/.ansible/tmp/ansible-tmp-1487625220.99-102478099607273/apt.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1487625220.99-102478099607273/ /root/.ansible/tmp/ansible-tmp-1487625220.99-102478099607273/apt.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1487625220.99-102478099607273/apt.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1487625220.99-102478099607273/" > /dev/null 2>&1 && sleep 0'
failed: [localhost] (item=[u'freeipa-server', u'dnsutils', u'sssd-ldap', u'expect']) => {
"cache_update_time": 1487625224,
"cache_updated": false,
"failed": true,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoremove": false,
"cache_valid_time": 0,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": true,
"install_recommends": true,
"name": [
"freeipa-server",
"dnsutils",
"sssd-ldap",
"expect"
],
"only_upgrade": false,
"package": [
"freeipa-server",
"dnsutils",
"sssd-ldap",
"expect"
],
"purge": false,
"state": "latest",
"update_cache": false,
"upgrade": null
},
"module_name": "apt"
},
"item": [
"freeipa-server",
"dnsutils",
"sssd-ldap",
"expect"
],
"msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" --force-yes install 'freeipa-server' 'dnsutils' 'sssd-ldap' 'expect' -o APT::Install-Recommends=yes' failed: debconf: delaying package configuration, since apt-utils is not installed\nW: --force-yes is deprecated, use one of the options starting with --allow instead.\nE: Sub-process /usr/bin/dpkg returned an error code (1)\n",
"stderr": "debconf: delaying package configuration, since apt-utils is not installed\nW: --force-yes is deprecated, use one of the options starting with --allow instead.\nE: Sub-process /usr/bin/dpkg returned an error code (1)\n",
--------
"dpkg: error processing package freeipa-client (--configure):",
" subprocess installed post-installation script returned error exit status 1",
"dpkg: dependency problems prevent configuration of freeipa-admintools:",
" freeipa-admintools depends on freeipa-client (>= 4.3.1-0ubuntu1); however:",
" Package freeipa-client is not configured yet.",
"",
"dpkg: error processing package freeipa-admintools (--configure):",
" dependency problems - leaving unconfigured",
"Setting up krb5-kdc-ldap (1.13.2+dfsg-5ubuntu2) ...",
"Setting up libapache2-mod-nss (1.0.12-2) ...",
"libapache2-mod-nss certificate database generated.",
"Setting up python-ipaserver (4.3.1-0ubuntu1) ...",
"dpkg: dependency problems prevent configuration of freeipa-server:",
" freeipa-server depends on freeipa-admintools (= 4.3.1-0ubuntu1); however:",
" Package freeipa-admintools is not configured yet.",
" freeipa-server depends on freeipa-client (= 4.3.1-0ubuntu1); however:",
" Package freeipa-client is not configured yet.",
"",
"dpkg: error processing package freeipa-server (--configure):",
" dependency problems - leaving unconfigured",
"dpkg: dependency problems prevent configuration of freeipa-server-dns:",
" freeipa-server-dns depends on freeipa-server (>= 4.3.1-0ubuntu1); however:",
" Package freeipa-server is not configured yet.",
"",
"dpkg: error processing package freeipa-server-dns (--configure):",
" dependency problems - leaving unconfigured",
"Processing triggers for libc-bin (2.23-0ubuntu5) ...",
"Processing triggers for systemd (229-4ubuntu13) ...",
"Processing triggers for sgml-base (1.26+nmu4ubuntu1) ...",
"Processing triggers for dbus (1.10.6-1ubuntu3.3) ...",
"Processing triggers for ca-certificates (20160104ubuntu1) ...",
"Updating certificates in /etc/ssl/certs...",
"0 added, 0 removed; done.",
"Running hooks in /etc/ca-certificates/update.d...",
"",
"done.",
"done.",
"Errors were encountered while processing:",
" freeipa-client",
" freeipa-admintools",
" freeipa-server",
" freeipa-server-dns"
]
}
As you can see apt-get is trying to configure the packages which it shouldn't do in noninteractive mode.
Both the above commands fail from ansible-playbook. Checked the ansible core module and DEBIAN_FRONTEND=noninteractive is set by default. -yf option is configured by install_recommends=yes force=yes.
REPRODUCE IT
use my docker image for ansible on ubuntu16.04 and reproduce it with the above test playbook and commands
docker run --detach -h testlab.example.com --volume="${PWD}":/etc/ansible/roles/role_under_test:ro yabhinav/ansible:ubuntu1604 > "${container_id}"