Today I ran into a rather odd issue attempting to patch a base image using Ansible and Packer. Randomly and sporadically, my playbook would fail with the error of:
Could not get lock /var/lib/dpkg/lock-frontend
If you ever try to run Ansible on Ubuntu 16.10 and later, be aware that Unattended Upgrades is enabled by default. On boot of new Packer bake instances, I noticed that it would sometimes lock apt to do security updates by default. I spent a good part of my day tracking this down as to why sometimes it would work and other times it would not; turns out it was a race condition (could apt finish faster then next step). Seeing as it’s 2018 and we should not be afraid of security fixes, I didn’t want to disable this because this is useful for security and such.
To get around this, I created a role called prerun, which does the following task:
# Check for unattended-upgrades - name: Wait for automatic system updates to complete shell: while pgrep unattended; do sleep 10; done;
After including this in roles that used apt, my error went away. One of my builds took almost 30 seconds to get past this; which would have otherwise failed. Hope this helps another poor soul out there. 🙂
Source: https://github.com/ansible/ansible/issues/25414#issuecomment-401212950
EDIT:
Another way as I was shown with Packer (to avoid adding additional Ansible roles) is to run a pre and post script in between your Ansible run!
In your base Packer JSON provisioners section, you would do:
{ "script": "scripts/startup.sh", "type": "shell" }, { "extra_arguments": [ "-vv" ], "playbook_dir": "playbooks", "playbook_file": "playbooks/example.yml", "type": "ansible-local" }, { "script": "scripts/postrun.sh", "type": "shell" }
In startup.sh, you would need a section to do whatever you need (most likely install ansible and such):
# Ensure to disable u-u to prevent breaking later sudo systemctl mask unattended-upgrades.service sudo systemctl stop unattended-upgrades.service
# Ensure process is in fact off: echo "Ensuring unattended-upgrades are in fact disabled" while systemctl is-active --quiet unattended-upgrades.service; do sleep 1; done
Finally, in postrun.sh (and whatever else you need, like delete ansible dir and such):
sudo systemctl unmask unattended-upgrades.service
sudo systemctl start unattended-upgrades.service
EDIT 2:
Another solution could be to add this in you Ansible roles before package installation:
- name: Wait for /var/lib/dpkg/lock-frontend to be released
shell: while lsof /var/lib/dpkg/lock-frontend ; do sleep 10; done;
Thanks Gordon Kirkland for the additional solution!
Hope one of these many solutions helps others stuck with the same problem!
My name is Nannie Morris. And I am a professional academic writer with many years of experience in writing.
My interest is to solve problems related to writing. And I have been doing it for many years. I have been with several organizations as a volunteer and have assisted in many ways.
My love for writing has no end. It is like the air we breathe, something I cherish with all my being. I am a full-time writer who started at an early age.
I’m happy that I`ve already sold several copies of my poems in different countries like England and others too numerous to mention.
I also work in a company that provides assistance to many students from different parts of the world. People always come to me because I work no matter how difficult their projects are. I help them to save time, because I feel happy when people come to me for professional help.
Academic Writer – Nannie Morris – elearninag.com Band
Thank you for posting this, it was driving me crazy 🙂
Edit 1 works great. Using just Packer and shell provisioners in my case.
FYI that unattended-upgrades.service script doesn’t do what you think it does. It just seems to be a helper script to prevent OS shutdown when unattended-upgrades are running.
Confirm that you are not a robot, and Here is nicepremium pay for victory. http://bit.ly/2EPXdoM
Thanks!
The end of my headache 😉
Thanks man.
Thanks. Saved my day.
Thanks !
Thank you for saving my time!