AWX Template Jobs fail with Permission denied

lmarschall · September 14, 2023, 12:42pm

Hey guys,

so I started working with Ansible recently and created some playbooks to update our servers. Using these playbooks from console with Ansible installed on my local pc works fine, but trying to use these playbooks in AWX yields the following result:

No config file found; using defaults
Skipping callback 'awx_display', as we already have a stdout callback.
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: update_ubuntu_intranet.yaml ******************************************
1 plays in ansible/playbooks/update_ubuntu_intranet.yaml
PLAY [intranet] ****************************************************************
TASK [Gathering Facts] *********************************************************
task path: /runner/project/ansible/playbooks/update_ubuntu_intranet.yaml:1
ok: [monitoring.docsinclouds.com]
TASK [Update all installed packages using APT module] **************************
task path: /runner/project/ansible/playbooks/update_ubuntu_intranet.yaml:5
fatal: [monitoring.docsinclouds.com]: FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)"}
PLAY RECAP *********************************************************************
monitoring.docsinclouds.com : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Here is the playbook.yaml

- hosts: intranet
  become: true
  become_method: sudo
  tasks:
  - name: Update all installed packages using APT module
    apt:
      name: '*'
      state: latest
      update_cache: yes
      only_upgrade: yes
    register: apt_update_status

  - name: Remove packages not needed anymore
    apt:
      autoremove: yes

#  - name: Prune everything
#    community.docker.docker_prune:
#      containers: true
#      images: true
#      networks: true
#      volumes: false
#      builder_cache: true

  - name: Reboot when packages were updated
    reboot:
      post_reboot_delay: 60
    when: apt_update_status.changed

There’s another problem with installing the docker community package, but that’s for another day Thanks in advance.

IPvSean · September 14, 2023, 1:23pm

Is that the only error, it just shows in the job output window that one error? or is the error from an individual task?

lmarschall · September 14, 2023, 1:31pm

The error is from the individual task, i’ll append the output from the template

chris · September 14, 2023, 2:25pm

Try adding this, before the apt task, to check that you are root:

- name: Check the effective user ID
  ansible.bulitin.assert:
    that:
      - ansible_effective_user_id == 0

Because this error:

E:Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)

Makes me wonder if the task is running as root?

lmarschall · September 15, 2023, 9:18am

Hey @chris ,

thank you so much for your help. I added the task to my playbook, unfortunately it seems like I do not have the sufficient root rights available.


PLAYBOOK: update_ubuntu_intranet.yaml ******************************************
1 plays in ansible/playbooks/update_ubuntu_intranet.yaml
PLAY [intranet] ****************************************************************
TASK [Gathering Facts] *********************************************************
task path: /runner/project/ansible/playbooks/update_ubuntu_intranet.yaml:1
ok: [monitoring.docsinclouds.com]
TASK [Check the effective user ID] *********************************************
task path: /runner/project/ansible/playbooks/update_ubuntu_intranet.yaml:5
fatal: [monitoring.docsinclouds.com]: FAILED! => {
    "assertion": "ansible_effective_user_id == 0",
    "changed": false,
    "evaluated_to": false,
    "msg": "Assertion failed"
}
PLAY RECAP *********************************************************************
monitoring.docsinclouds.com : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

lmarschall · September 15, 2023, 9:27am

It does work now! After realising I do not have the right priviliges, I found this article, https://groups.google.com/g/awx-project/c/xCmjY_92nEo and also had the same error, that a “Privilege Escalation Username” was defined on my Credential, after removing this entry, my job template is now running smoothly Thank you so much guys

Leo · September 15, 2023, 11:14pm

Hello, welcome and thank you for sharing the solution @lmarschall, it’s really appreciated!

I will tick the issue as solved with the checkmark in your last comment seeing you have resolved the issue and posted the solution.

By the way, you are welcome to use that any time you open a topic to mark the solution that helped you in the future!

system · October 15, 2023, 11:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AWX Ansible - Unable to select Playbook in Job template. Get Help awx , playbook , vmware , kubernetes , howto	8	347	April 23, 2024
Make manual projects under /var/lib/awx/projects to create a file using ansible playbook Get Help awx	1	264	February 24, 2024
Playbook ssh issues, AWX add ansible- prefix into the real user name Get Help awx , playbook	10	328	October 6, 2023
Job Template Permissions Project Discussions awx , dev	3	328	October 5, 2023
AWX human-readable Output Configuration (YAML) Get Help awx , playbook , ansible-core , ee	15	2039	February 7, 2024

AWX Template Jobs fail with Permission denied

Related topics