Today I ran into a rather odd issue attempting to patch a base image using Ansible and Packer. Randomly and sporadically, my playbook would fail with the error of:
Could not get lock /var/lib/dpkg/lock-frontend
If you ever try to run Ansible on Ubuntu 16.10 and later, be aware that Unattended Upgrades is enabled by default. On boot of new Packer bake instances, I noticed that it would sometimes lock apt to do security updates by default. I spent a good part of my day tracking this down as to why sometimes it would work and other times it would not; turns out it was a race condition (could apt finish faster then next step). Seeing as it’s 2018 and we should not be afraid of security fixes, I didn’t want to disable this because this is useful for security and such.
To get around this, I created a role called prerun, which does the following task:
# Check for unattended-upgrades - name: Wait for automatic system updates to complete shell: while pgrep unattended; do sleep 10; done;
After including this in roles that used apt, my error went away. One of my builds took almost 30 seconds to get past this; which would have otherwise failed. Hope this helps another poor soul out there. 🙂
Source: https://github.com/ansible/ansible/issues/25414#issuecomment-401212950
Thank you for saving my time!