Curl & bash does not work (Newbie Question)

Newbie question:

I have this string that should run in ansible:

curl --silent https://raw.githubusercontent.com/cmuench/pacman-auto-update/master/install.sh | bash

I can not get it working!

Download works:

- name: Download File
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/cmuench/pacman-auto-update/master/install.sh
dest: /tmp/install.sh
mode: '0755'

Execution does not work (command nor script):

- name: execute script...
command: bash "/tmp/install.sh"
ignore_errors: true

can you share some more information? things like:

  • whole playbook (where possible)
  • enviroment
  • any errors

You want to execute in remote host or in localhost? You checked that the download succeed and it exists? Cna you share the error?

1 Like

Hi,

TO complete @Kevinwincott and @valkiriaaquatica answers (we need the error message at least !), I would suggest you use script module instead of command, which would be a better fit here anyway.

nachbearbeitung.yaml


  • hosts: notebook`

roles:

- nachbearbeitung

# main.yaml

---

# Autoupdate

- name: Script holen
get_url:
url: https://raw.githubusercontent.com/cmuench/pacman-auto-update/master/install.sh
dest: /tmp/
mode: '0755'

- name: Autoupdate installieren
become: yes
command: bash /tmp/install.sh

Output without become: yes

PLAY [notebook] ****************************************************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Platform linux on host notebook is using the discovered Python
interpreter at /usr/bin/python3.11, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [notebook]

TASK [nachbearbeitung : Script holen] ******************************************
ok: [notebook]

TASK [nachbearbeitung : Autoupdate installieren] *******************************
fatal: [notebook]: FAILED! => {"changed": true, "cmd": ["bash", "/tmp/install.sh"], "delta": "0:05:02.058847", "end": "2023-10-25 09:15:51.770777", "msg": "non-zero return code", "rc": 1, "start": "2023-10-25 09:10:49.711930", "stderr": "sudo: timed out reading password\nsudo: a password is required", "stderr_lines": ["sudo: timed out reading password", "sudo: a password is required"], "stdout": "", "stdout_lines": []}

PLAY RECAP *********************************************************************
notebook                   : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Output with become: yes

PLAY [notebook] ****************************************************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Platform linux on host notebook is using the discovered Python
interpreter at /usr/bin/python3.11, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [notebook]

TASK [nachbearbeitung : Script holen] ******************************************
ok: [notebook]

TASK [nachbearbeitung : Autoupdate installieren] *******************************
fatal: [notebook]: FAILED! => {"changed": true, "cmd": ["bash", "/tmp/install.sh"], "delta": "0:00:00.642764", "end": "2023-10-25 09:22:07.108811", "msg": "non-zero return code", "rc": 1, "start": "2023-10-25 09:22:06.466047", "stderr": "makePackage: ==> ERROR: Running makepkg as root is not allowed as it can cause permanent,\ncatastrophic damage to your system.", "stderr_lines": ["makePackage: ==> ERROR: Running makepkg as root is not allowed as it can cause permanent,", "catastrophic damage to your system."], "stdout": "", "stdout_lines": []}

PLAY RECAP *********************************************************************
notebook                   : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Hello Kevinwincott,
hello Fernando,

thanks for replying.

The script is running on Arch Linux (Linux notebook 6.5.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 19 Oct 2023 22:52:14 +0000 x86_64 GNU/Linux
).

Hi!! Tanks for shharing.

  1. Output without become: yes

In the output you can see that ansible is asking for the sudo password (probably you didint wrote it in the inventory) or you can do in the command line with the -K parameter and ansible will prompt a Become pass: you password . For example, ansible-playbook youPlaybook -i yourInventroy -K after executing that ansible will prompt a Become pass: where you enter your password

Sorry,

this is how I run it:

ansible-playbook -i HOSTS 'nachbearbeitung.yaml' -u "$benutzer" --ask-become-pass

  1. Output with become: yes
    Ansible is telling you that makepkg cant be execue being root :frowning:

Solutions:

  1. If you have accsss to the script and you can modify it, you can try avoiding being root for executing it and try again.

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
fatal: [notebook]: FAILED! => {“changed”: true, “msg”: “non-zero return code”, “rc”: 1, “stderr”: “Shared connection to notebook closed.\r\n”, “stderr_lines”: [“Shared connection to notebook closed.”], “stdout”: “\r\nmakePackage: ==> ERROR: Running makepkg as root is not allowed as it can cause permanent,\r\ncatastrophic damage to your system.\r\n”, “stdout_lines”: [“”, “makePackage: ==> ERROR: Running makepkg as root is not allowed as it can cause permanent,”, “catastrophic damage to your system.”]}

Try with this:

  1. ansible-playbook -i HOSTS ‘nachbearbeitung.yaml’ -u “$benutzer” --ask-become-pass -k
  2. ansible-playbook -i HOSTS ‘nachbearbeitung.yaml’ -u “$benutzer” --ask-become-pass -K

Just a moderator’s note for the future, @RJGhugo, I’ve edited your outputs to use a code block (using ```), it makes that much easier to read - please consider using code blocks in future posts! Thanks!

Welcome to the forum!

You might be in GitHub - kewlfft/ansible-aur: Ansible module to manage packages from the AUR which provides an ansible module to interact with the AUR and various AUR helpers or makepkg directly instead of your current script. In any case, you should be able to make this work by setting up an unprivileged user with password-less sudo access. There’s a section in kwelfft.aur’s documentation explaining how to do this. That applies whether you use your current approach or the kewlfft.aur.aur module.

1 Like

Thanks for your help.

I decided to just download the script in Ansible and run it manually…

name: Autoupdate holen
copy:
src: update
dest: "~/update"
mode: '0755'

https://github.com/cmuench/pacman-auto-update/issues/30

This means ansible doesn’t allow to run a command as a normal user with sudo -E -u nobody [command], which seems rather an issue with ansible itself.

I would ask the ansible developers first. And if they are unwilling to fix the issue, reopen this report.

Also right now I don’t see how this issue could be fixed here, as pacman-auto-update.service is run as a system service, hence it runs compulsory with root privileges.

So it looks like the only non messy way of running makepkg is how it is done right now, by deescalating permissions for that particular command. Which ansible doesn’t support.

The script at this url https://raw.githubusercontent.com/cmuench/pacman-auto-update/master/install.sh is short and looks fairly simple, if I were you I’d rewrite it using Ansible.