(Oh fun, new users can only include two links?)There were several problems. For this project I was seconded from my usual dept, and given ssh and sudo access to a production server in another department.
For installing MAAS, I wrote a wrapper script following the example in the maas-ansible-playbook repo, maas-deploy-ansible.sh · GitHub, but it consistently gets stuck on the ‘[maas_region_controller : Wait For MAAS To Create Secret File’ step, waiting some time and the failing with a ‘Timeout when waiting for file /var/lib/maas/secret’ error message. The transcript is at typescript.txt · GitHub
There are a lot of moving parts, so I’m not sure what the problem is. And time is never in unlimited supply, and I’m supposed to get this running soon… so it didn’t look like fighting with ansible would be the way forward. (Which lead me to the mystery of maas init region+rack…)
As this is someone else’s hardware I wanted to be sure I could clean up after myself, and that’s where I ran into another ansible problem; I wrote a wrapper script around the teardown.yaml playbook, gist github com jjdavis f1180e63076907da90dfff57dbaf18aa, but running that fell into an apt black hole
mfatal: [localhost]: FAILED! => {“changed”: false, “msg”: "‘apt-get remove
‘postgresql-14’ ‘acl’ ‘python3-psycopg2’’ failed: E: Error, pkgProblemResolver:
:Resolve generated breaks …
followed by many lines of the usual apt unhelpfulness about what the actual problem is,
and my luck with resolving weird apt dependency problems is right up there with sorting out GRUB booting issues. The full transcript is at gist github com jjdavis ab7ebbd96ad648f4dd6f491d737908b4, and both transcripts were run through col -b to stop gh complaining about uploading a binary file. I also made some attempt to censor the passwords, though this obviously isn’t the production system, if there ever is to be one.
The icing on the ansible cake was discovering that
- name: “Remove iptables rules”
# ansible.builtin.include_role:
# name: maas_firewall
# tasks_from: teardown
meant remove all firewall rules, not just the ones added for MAAS, and remove iptables-persistent too for good measure! Trashing the firewall on someone else’s production system was not, I suspect, what they intended me to do. Yes I should have read through the full playbook, but I’d still argue Astonishment, Principle, Least Of.
Not an ansible issue per se, but another trap for the unwary is if you want to try to remove and purge the MAAS packages by hand, there’s one purge step that will fail (I think it was for the regional controller) because some previous purge had removed the maas user account. No worries, “useradd maas” and carry on? Not so fast – a step in the next install attempt will then fail because that needed to be a ‘system’ user, not an ordinary user. Probably obvious in hindsight, but still an annoyance.