I’m having some permissions-related problems when adding new roles I got off of Ansible galaxy. It looks like they need sudo privileges but aren’t getting them. Here’s the bit I added to my server.yml file after grabbing the roles with ansible-galaxy install:
- name: myroles
hosts: web:&{{ env }}
roles:
- crushlovely.imagemagick #this one actually works
- franklinkim.vim #complains /etc/vim not writeable..
- name: postfix
hosts: web:&{{ env }}
roles:
- { role: debops.postfix, tags: [postfix] } #complains that /var/cache/debconf/passwords.dat not writeable...
vars:
- postfix_relayhost: mail.domain.com
- postfix: [ 'client' ] #capabilities
- virtual_alias_maps:
- no_capability: 'local'
list: [ 'hash:/etc/postfix/virtual_alias_maps' ]
The first role for installing imagemagick works fine, but the latter two have permissions issues. When I run ansible-playbook server.yml -e env=production I get these errors:
TASK [franklinkim.vim : Installing packages] ***********************************
System info:
Ansible 2.2.1.0; Vagrant 1.8.7; Linux
Trellis at "Check Ansible version before Ansible validates task attributes"
---------------------------------------------------
'/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options
::=--force-confold" install 'vim'' failed: E: Could not open lock file
/var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you
root?
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you
root?
failed: [default] (item=[u'vim']) => {"cache_update_time": 1491974898, "cache_updated": false, "failed": true, "item": ["vim"], "stdout": "", "stdout_lines": []}
and
PLAY [postfix] *****************************************************************
TASK [setup] *******************************************************************
ok: [my_ip]
TASK [debops.secret : Create secret directories on Ansible Controller] *********
TASK [debops.ferm : Configure ferm status in debconf] **************************
System info:
Ansible 2.2.1.0; Linux
Trellis at "Check Ansible version before Ansible validates task attributes"
---------------------------------------------------
debconf: DbDriver "passwords" warning: could not open
/var/cache/debconf/passwords.dat: Permission denied
debconf: DbDriver "config": could not write /var/cache/debconf/config.dat-
new: Permission denied
fatal: [my_ip]: FAILED! => {"changed": false, "failed": true}
I’m just assuming I’ve done something wrong here. I’ve disabled root login, not sure if that makes a difference. And I tried adding this to dev.yml and running vagrant provision but got the same errors locally. I’ve provisioned the server successfully multiple times and the site runs fine, just having problems with these roles. Any guidance?
Thanks.
P.S. I’d also appreciate general advice on adding new Ansible roles. Wasn’t sure if I was supposed to add stuff to requirements.yml or how things should be grouped.
P.P.S Oh, and if anyone happens to know how to set up email forwarding with postfix, I’m all ears