This is with ansible 1.9.2 so I might just need to upgrade. Posting this because I still want to run this playbook as one of many roles in a playbook.
I believe I have found an ansible related bug in a command in this playbook but I am unsure on how to debug deeper.
This does not impact the full playbook you provide.
I have been working on a fork to make a generic grsec role so as to to add it to pre-existing machines or vagrant dev machines.
What I have done so far: extracted the playbooks for "build-grsec-kernel" "build-grsec-metapackage" and "install-grsec-kernel" added the files build-grsecurity-kernel-test.yml/install-grsecurity-kernel.yml into the playbook root and changed the hosts: grsec-install to all.
In my playbook I have set the order of execution of the plays as:
- name: build grsec
include: roles/grsec/build-grsecurity-kernel-test.yml
- name: install grsec
include: roles/grsec/install-grsecurity-kernel.yml
Is there a better way to do this as this method causes me a lot of failures?
(unrelated bug I have not thus far been able to get to work correctly as a role and that is not the purpose of this issue).
The error message is:
TASK: [build-grsec-kernel | Extract Linux tarball (.tar -> directory).] *******
changed: [default] => {"changed": true, "check_results": {"cmd": "/bin/tar -C \"/usr/local/src\" --diff -f \"/usr/local/src/linux-4.4.4.tar\"", "err": "/bin/tar: linux-4.4.4: Warning: Cannot stat: No such file or directory\n/bin/tar: linux-4.4.4/.get_maintainer.ignore: Warning: Cannot stat: No such file or directory\n/bin/tar
this continues for every file in the linux-4.4.4 directory.
In order for me to solve this problem I modified the "xz --decompress" command and use "unxz" instead and that effectively bypassed the issue. In previous ansible playbooks I worked on I found that the command module for whatever reason has a tendency to mess up with alphanumeric characters (even while quoted).
With my change above I get the desired result:
TASK: [build-grsec-kernel | Extract Linux tarball (.xz -> .tar).] *************
changed: [default] => {"changed": true, "cmd": ["unxz", "/usr/local/src/linux-4.4.5.tar.xz"], "delta": "0:00:10.621326", "end": "2016-03-11 04:58:21.955393", "rc": 0, "start": "2016-03-11 04:58:11.334067", "stderr": "", "stdout": "", "warnings": []}
Additionally, the following play also fails in this setup: "Extract Linux tarball (.tar -> directory)".
With which manually changing to command tar gets past.
The last error which I'm now giving up on solving is:
TASK: [install-grsec-kernel | Install grsecurity-patched kernel deb package.] ***
failed: [default] => {"failed": true, "parsed": false}
BECOME-SUCCESS-zsmccdpktxieywucqbxaqcxjqrlrzfyb
Traceback (most recent call last):
File "/home/vagrant/.ansible/tmp/ansible-tmp-1457676639.85-211174664282747/apt", line 2246, in
main()
File "/home/vagrant/.ansible/tmp/ansible-tmp-1457676639.85-211174664282747/apt", line 602, in main
force=force_yes, dpkg_options=p['dpkg_options'])
File "/home/vagrant/.ansible/tmp/ansible-tmp-1457676639.85-211174664282747/apt", line 369, in install_deb
m.fail_json(msg="Error: %s\nSystem Error: %s" % (pkg._failure_string,str(e)))
UnboundLocalError: local variable 'pkg' referenced before assignment
and none of the grsec kernel deb files can be found.