Silverblue + Ansible

Hi All.

I’m trying to install Brave browser into a toolbox as part of an ansible script but having some issues.

If I run the commands directly in the shell (ie. outside of ansible), it works.

$ toolbox run sudo dnf -y config-manager --add-repo https://brave-browser-rpm-release.s3.brave.com/x86_64/)

However, when run inside an ansible task shell: command it is failing with rc=129.

Can anyone give me some pointers on how to handle this? Perhaps I’m on completely the wrong path and someone has a better strategy for how to accomplish this…

Hey @u297b! Return code 129 most likely comes from Podman that is used by Toolbox under the hood. I’d suggest to run Toolbox with the --verbose or even --very-verbose options to see what’s going on. The said command would look like this:

$ toolbox --verbose run sudo dnf -y config-manager --add-repo https://brave-browser-rpm-release.s3.brave.com/x86_64/

Running dnf commands as Ansible tasks with the shell module carries with it a lot of possible errors. Why not use dnf capabilities in Ansible instead? This is usually a lot less error prone and the modules usually have built in error checking, idempotence, etc.

I assume it would be this module: https://docs.ansible.com/ansible/latest/modules/yum_repository_module.html

And then use the regular dnf module in a separate task to actually install it.

I have a bit of Ansible experience, but almost solely for Debian/Ubuntu servers, so not an expert on what your tasks should look like, specifically. But in my experience the shell or command modules should always be the last resort when using Ansible.

Hmmm…I’d love to do that, but how does ansible “enter” the toolbox to run the command?

Maybe there is a way to do it via the ansible docker module?

Oh, I misunderstood what you were attempting, sorry. I always just run Ansible from inside the Toolbox. What if you run toolbox run ansible-playbook etc etc.?

I will try toolbox run ansible-playbook... strategy.

The strange thing is I have all my commands to install Brave inside a toolbox in a install.sh shell script, and this runs and installs fine from normal user prompt.

However, even running this command from ansible fails. My guess is there is something wacky happening with environmental variables when running toolbox commands from within ansible that is causing things to break.

As previous poster suggested, I’ve used the --verbose and --very-verbose commands, but didn’t to my eyes yield anything super useful in terms of tracking down the issue.

The shell and command modules are run outside of interactive shells and will often fail unless you add environment vars manually. In some cases you can bypass this issue like this: command: bash -lc 'COMMAND' , but special modules are always better.

Tested this for fun now. This script supposes that you have Ansible installed in .local/bin (say, with pip) or similar /home directory in your path so that you can access it both outside and inside of the toolbox. If not, you need to install it with dnf inside the toolbox before running the rest.

# Create a new toolbox if needed:
toolbox create -c brave-test 
# Create the Ansible yml file:
cat - > brave.yml <<EOF
---

- name: Run playbook on localhost
  hosts: 127.0.0.1
  connection: local
  tasks:
  - name: Add Brave repo
    become: yes
    yum_repository:
      name: Brave
      description: Brave YUM repo
      baseurl: https://brave-browser-rpm-release.s3.brave.com/x86_64/
      gpgkey: https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
  - name: Install Brave
    become: yes
    dnf:
      name: brave-browser
      state: latest
EOF
# Run Ansible inside toolbox and force a bash login shell to avoid path issues
# The 'sudo -ls' bit is because Ansible doesn't know that there's no sudo 
# password inside toolboxes, so you need to workaround this: 
toolbox run -c brave-test bash -lc "sudo ls && ansible-playbook brave.yml"
# Then run Brave itself (path should be fine since it's installed as root)
toolbox run -c brave-test brave-browser

This worked for me.

Many thanks for this!

I am testing now.

@u297b would you mind posting those logs here??

Hello! Is there any reason why you might not use the app binary/files from their release page? (latest 1.8.86). I was also trying to run brave from a toolbox, and while I did have a lot of success, the audio was not as reliable as I wanted. I found a post on another thread (THANK YOU @kcalvelli) that made lots of sense to me… so while it is obviously a much more manual process (for me) to check for and “install” updates, the integration is TIGHT with SilverBlue and feels akin to layering the brave package onto the OS.

So maybe, if anything, use Ansible to check for, download, and unzip new stable Brave releases for you :slight_smile:

I sure hope this is useful information!

@phaedoruh200313

Not a bad idea. Another way to slightly get “automatic updates” would be to do following:

  1. Download latest rpm from repo (don’t install only download).

  2. do something like rpm2cpio brave-browser-1.8.86-1.x86_64.rpm| cpio -i --make-directories, which will extract the files from the rpm into current folder (so will create /opt/brave.com/brave folder)

  3. Run from this location.

  4. Updates would just be a matter of checking if dnf download brave-browser downloaded a new rpm and if so, extract it over the existing.

Pretty hacky solution, but could work (and could be automatable)

1 Like