community.general
community.general copied to clipboard
ansible-collections
Cannot install homebrew casks that require sudo
Summary
Hello. In the docs for community.general.packaging.os.homebrew_cask, it says we can pass a sudo_password: "{{ansible_become_pass}}" argument in.
However this variable is undefined, even if running with -K or --ask-become-pass. There doesn't seem to be any way to install casks that require sudo, short of re-prompting or re-entering the sudo password some other way. I've seen suggestions for example to add sudo password to the inventory, which seems like a significantly bad idea for security.
Example casks: wkhtmltopdf, karabiner-elements
Issue Type
Bug Report
Component Name
homebrew_cask
Ansible Version
$ ansible --version
ansible [core 2.13.1]
config file = None
configured module search path = ['/Users/mfowle/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/homebrew/Cellar/ansible/6.1.0/libexec/lib/python3.10/site-packages/ansible
ansible collection location = /Users/mfowle/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/homebrew/bin/ansible
python version = 3.10.5 (main, Jun 23 2022, 17:14:57) [Clang 13.1.6 (clang-1316.0.21.2.5)]
jinja version = 3.1.2
libyaml = True
Community.general Version
$ ansible-galaxy collection list community.general
# /opt/homebrew/Cellar/ansible/6.1.0/libexec/lib/python3.10/site-packages/ansible_collections
Collection Version
----------------- -------
community.general 5.3.0
Configuration
$ ansible-config dump --only-changed
(empty)
OS / Environment
MacOS 12.3
Steps to Reproduce
Documented:
- homebrew_cask:
name: "karabiner-elements"
state: present
sudo_password: "{{ ansible_become_password }}"
Or trying to just use become directly:
- homebrew_cask:
name: "karabiner-elements"
state: present
become: true
Or trying to mis-use homebrew with become:
- homebrew:
name: "karabiner-elements"
state: present
become: true
Expected Results
There should be some way to install casks that require sudo without weird workarounds to re-ask the password.
Actual Results
If doing as documented, we get:
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible_become_pass' is undefined\n\nThe error appears to be in '/Users/mfowle/src/st-up-ansible/roles/base-util/tasks/main.yaml': line 42, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: brew install things that need sudo\n ^ here\n"}
If trying to use become: true, we stumble into https://github.com/ansible-collections/community.general/issues/4708
Or if trying to use homebrew rather than homebrew_cask, a failure with:
"msg": "Error: Running Homebrew as root is extremely dangerous and no longer supported.\nAs Homebrew does not drop privileges on installation you would be giving all\nbuild scripts full access to your system."
Code of Conduct
- [X] I agree to follow the Ansible Code of Conduct
Files identified in the description:
If these files are incorrect, please update the component name section of the description or use the !component bot command.
cc @Akasurde @danieljaouen @enriclluelles @indrajitr @kyleabenson @martinm82 click here for bot help
Hi @pinko-fowle thanks for your report. Forgive me if it sounds like a silly question: Can't you use become: true on the play or the task?
Hi there. I have tried adding become: true.
If I recall correctly, the homebrew_cask action stalls out & never complete. I'm having a hard time reproducing & verifying this old memory, because this issue only affects the first time we install any given cask. After that, re-installs of that Cask seem to work just fine, even after brew uninstalls. If I could find some other casks that also had this issue, I could try them, and I've ran into one other in the past, but I forget which! I think wkhtmltopdf but I've installed that Cask too here.
Riffing on the documentation itself, if I try just a simple debug with become action, things don't look likely to improve, as ansible_become_password is seemingly not available there.
$ ansible -m debug -b -a "msg={{ansible_become_password}}" all
localhost | FAILED! => {
"msg": "The task includes an option with an undefined variable. The error was: 'ansible_become_password' is undefined. 'ansible_become_password' is undefined"
}
I think ansible_become_password is only defined when the become password is passed in via the inventory (which means: it is passed in as exactly that variable), and not via --ask-become-pass.
Files identified in the description:
If these files are incorrect, please update the component name section of the description or use the !component bot command.
For me, sudo_password: just doesn't seem to work.
Even if I hardcode a password in there, I still get sudo: no password was provided:
fatal: [tmac]: FAILED! => {"changed": false, "msg": "/var/folders/cd/80666smx571dkz_nttfhf7dw0000gn/T/tmpwrm1c1fj: line 3: unexpected EOF while looking for matching `''\n/var/folders/cd/80666smx571dkz_nttfhf7dw0000gn/T/tmpwrm1c1fj: line 4: syntax error: unexpected end of file\nsudo: no password was provided\nsudo: a password is required\nError: multipass: Failure while executing; `/usr/bin/sudo -A -E -- /usr/bin/xargs -0 -- /bin/rm -r -f --` exited with 1. Here's the output:\n/var/folders/cd/80666smx571dkz_nttfhf7dw0000gn/T/tmpwrm1c1fj: line 3: unexpected EOF while looking for matching `''\n/var/folders/cd/80666smx571dkz_nttfhf7dw0000gn/T/tmpwrm1c1fj: line 4: syntax error: unexpected end of file\nsudo: no password was provided\nsudo: a password is required"}
