UPDATE: Adding more info to help...
I am trying to run an ansible playbook to setup one of my web VM's to remove and/or install certain packages so we can start our week of web applications (cyber blog project). I use Microsoft Azure. SSH and HTTP are allowed.
Below is the playbook:
---- name: Config Web VM with Docker hosts: webservers become: true tasks: - name: Uninstall apache if needed ansible.builtin.apt: update_cache: yes name: apache2 state: absent - name: docker.io ansible.builtin.apt: update_cache: yes name: docker.io state: present - name: Install pip3 ansible.builtin.apt: force_apt_get: yes name: python3-pip state: present - name: Install Docker python module pip: name: docker state: present extra_args: --break-system-packages - name: revert requests to 2.31.0 to bypass https://github.com/docker/docker-py/issues/3256 ansible.builtin.command: cmd: pip install --force-reinstall requests==2.31.0 - name: download and launch a docker web container docker_container: name: dvwa image: cyberxsecurity/dvwa state: started published_ports: 80:80 restart_policy: always - name: Enable docker service systemd: name: docker enabled: yesWhen running this playbook, I get:
root@2b61bbccc5f2:/etc/ansible# ansible-playbook pentest.yml[WARNING]: ansible.utils.display.initialize_locale has not been called, this may result in incorrectly calculated textwidths that can cause Display to print incorrect line lengthsPLAY [Config Web VM with Docker] ***************************************************************************************TASK [Gathering Facts] *************************************************************************************************ok: [10.0.0.5]ok: [10.0.0.6]TASK [Uninstall apache if needed] **************************************************************************************fatal: [10.0.0.6]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: unknown reason"}fatal: [10.0.0.5]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: unknown reason"}PLAY RECAP *************************************************************************************************************10.0.0.5 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=010.0.0.6 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0The errors:
fatal: [10.0.0.6]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: unknown reason"}
fatal: [10.0.0.5]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: unknown reason"}
Below is a list of the steps I have taken to create my virtual machines:
- Create resource group
- Create virtual network
- Create network security group
- Create jumpbox VM
- Create and add SSH id_rsa.pub key to jumpbox VM from personal computer
- Add inbound rule to allow SSH from personal computer to jumpbox in network security group
- Test if SSH works to jumpbox VM from personal computer (it does)
- Update the jumpbox VM doing sudo apt-get update (it completes fine)
- Install docker.io using sudo apt-get install docker.io
- Pull the "cyberxsecurity/ansible" image using sudo docker pull cyberxsecurity/ansible
- Run an ansible container using sudo docker run -it cyberxsecurity/ansible /bin/bash
- Create and add SSH id_rsa.pub key from within the ansible container
- Create web1 VM, and create an availability set
- Add SSH id_rsa.pub key to web1 VM from ansible container
- Add inbound rule to allow SSH from jumpbox within the virtual network
- Test if SSH works to web1 VM (it does)
- Repeat and create web2 VM with same SSH id_rsa.pub key and with same availability set
- Test if SSH works to web2 VM (it does)
- From ansible container, nano ansible.cfg to add remote_user using the admin of azure's username
- From ansible container, nano "hosts" to add the web(s) VM' internal IP, as well as add ansible_python_interpreter=/usr/bin/python3
- From ansible container, nano "pentest.yml" with custom playbook (it works)
- "Checking Facts" works and connects through SSH
- Tasks then fail and hang
I tried the playbook without the apache2 task, starting with docker.io - I get this error:
root@2b61bbccc5f2:/etc/ansible# ansible-playbook pentest.yml[WARNING]: ansible.utils.display.initialize_locale has not been called, this may result in incorrectly calculated textwidths that can cause Display to print incorrect line lengthsPLAY [Config Web VM with Docker] ***************************************************************************************TASK [Gathering Facts] *************************************************************************************************ok: [10.0.0.6]ok: [10.0.0.5]TASK [docker.io] *******************************************************************************************************fatal: [10.0.0.6]: FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not get lock /var/lib/apt/lists/lock. It is held by process 2324 (apt-get)"}fatal: [10.0.0.5]: FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not get lock /var/lib/apt/lists/lock. It is held by process 2659 (apt-get)"}PLAY RECAP *************************************************************************************************************10.0.0.5 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=010.0.0.6 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0The errors:
fatal: [10.0.0.6]: FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not get lock /var/lib/apt/lists/lock. It is held by process 2324 (apt-get)"}
fatal: [10.0.0.5]: FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not get lock /var/lib/apt/lists/lock. It is held by process 2659 (apt-get)"}
I then SSH into a web VM to do these manually; this is what I get when removing apache2 using sudo apt-get remove apache2:
Reading package lists... DoneBuilding dependency treeReading state information... DonePackage 'apache2' is not installed, so not removed0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.That is okay (or is it?)
I then try to install docker.io, using sudo apt-get install docker.io:
Reading package lists... DoneBuilding dependency treeReading state information... DonePackage docker.io is not available, but is referred to by another package.This may mean that the package is missing, has been obsoleted, oris only available from another sourceE: Package 'docker.io' has no installation candidateThis doesn't make any sense because on the jumpbox machine, it installs perfectly normal. Everything on the jumpbox machine works fine.
So, I try a suggested command when Googling and it is to use sudo apt-get update from the target VM itself. This is what I get:
- First, it will hang on this for some time:
0% [Connecting to azure.archive.ubuntu.com (20.53.66.23)]
- Second, it will spit out these errors:
myadmin@myweb1:~$ sudo apt-get updateErr:1 http://azure.archive.ubuntu.com/ubuntu focal InRelease Could not connect to azure.archive.ubuntu.com:80 (20.53.66.23), connection timed outErr:2 http://azure.archive.ubuntu.com/ubuntu focal-updates InRelease Unable to connect to azure.archive.ubuntu.com:http:Err:3 http://azure.archive.ubuntu.com/ubuntu focal-backports InRelease Unable to connect to azure.archive.ubuntu.com:http:Err:4 http://azure.archive.ubuntu.com/ubuntu focal-security InRelease Unable to connect to azure.archive.ubuntu.com:http:Reading package lists... DoneW: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/focal/InRelease Could not connect to azure.archive.ubuntu.com:80 (20.53.66.23), connection timed outW: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease Unable to connect to azure.archive.ubuntu.com:http:W: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease Unable to connect to azure.archive.ubuntu.com:http:W: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/focal-security/InRelease Unable to connect to azure.archive.ubuntu.com:http:W: Some index files failed to download. They have been ignored, or old ones used instead.What in the hell do I do?
EDIT: Extra info
When running the playbook to install pip3:
root@2b61bbccc5f2:/etc/ansible# ansible-playbook pentest.yml[WARNING]: ansible.utils.display.initialize_locale has not been called, this may result in incorrectly calculated textwidths that can cause Display to print incorrect line lengthsPLAY [Config Web VM with Docker] ***************************************************************************************TASK [Gathering Facts] *************************************************************************************************ok: [10.0.0.5]ok: [10.0.0.6]TASK [Install pip3] ****************************************************************************************************fatal: [10.0.0.5]: FAILED! => {"changed": false, "msg": "No package matching 'python3-pip' is available"}fatal: [10.0.0.6]: FAILED! => {"changed": false, "msg": "No package matching 'python3-pip' is available"}PLAY RECAP *************************************************************************************************************10.0.0.5 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=010.0.0.6 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0The errors:
fatal: [10.0.0.5]: FAILED! => {"changed": false, "msg": "No package matching 'python3-pip' is available"}
fatal: [10.0.0.6]: FAILED! => {"changed": false, "msg": "No package matching 'python3-pip' is available"}
Steps done to troubleshoot:
- Manually ran tasks (commands)
- Restarted all resources on Azure to start fresh
- Changed regions on Azure to try and see if connection was an issue
- Tried different Ubuntu LTS versions (24 will not work with ansible for me/ needs to be 20.04 or less)
- Tried updating VM's manually (jumpbox works fine)