Ansible Galaxy error “list index out of range” during role installation

ERROR! Unexpected Exception, this is probably a bug: list index out of range

was the message I was met with when recently tried using ansible-galaxy.  I decided to use Ansible for a Jenkins project instead of Puppet because a role for Jenkins v2 already exists on Ansible Galaxy.

The error

When I attempted to install the Jenkins role using the ansible-galaxy command into my home directory I received what looks like a programming error.

$ ansible-galaxy install geerlingguy.jenkins
- downloading role 'jenkins', owned by geerlingguy
- downloading role from
- extracting geerlingguy.jenkins to /etc/ansible/roles/geerlingguy.jenkins
- extracting geerlingguy.jenkins to /usr/share/ansible/roles/geerlingguy.jenkins
ERROR! Unexpected Exception, this is probably a bug: list index out of range
to see the full traceback, use -vvv

list index out of range usually means something internal failed in a bad way.

The solution

Turning to Google, I found   Basically, ansible-galaxy does not take into which account is running the ansible-galaxy command.  It reads the ansible configuration file and uses the defined directory.  This results in ansible-galaxy wanting to write to /etc/ansible which a regular user account cannot write to.

Using the -p flag I was able to my home directory and install the role.

$ ansible-galaxy install -vvv -p /home/example/src/ansible/jenkins/roles geerlingguy.jenkins
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/example/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-galaxy
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Using /etc/ansible/ansible.cfg as config file
Opened /home/example/.ansible_galaxy
Processing role geerlingguy.jenkins
Opened /home/example/.ansible_galaxy
- downloading role 'jenkins', owned by geerlingguy
- downloading role from
- extracting geerlingguy.jenkins to /home/example/src/ansible/jenkins/roles/geerlingguy.jenkins
- geerlingguy.jenkins (3.2.2) was installed successfully
- adding dependency:
Processing role
Opened /home/example/.ansible_galaxy
- downloading role 'java', owned by geerlingguy
- downloading role from
- extracting to /home/example/src/ansible/jenkins/roles/
- (1.7.4) was installed successfully


Securing /etc/puppet on CentOS

I’ve recently delved in to the world of Puppet to manage some CentOS servers. In the process I noticed something. The /etc/puppet directory is owned by root:root but puppet runs as the user puppet. What does this mean? A couple of things:

  • To edit the manifests or modules I either have to be root or constantly be typing sudo (annoying).
  • For the puppetmaster process, which runs as puppet:puppet to access the files, the manifest and modules must be world readable.  This means a lot of information is visible to the world, encrypted or not.
  • I can’t use my favorite editor to edit files over ssh. (I know, a personal gripe, but valid in my books.)

So I’m trying an experiment that I hope will secure the data a bit more and make editing the files more hastle free.

  • Recursively changed the group of /etc/puppet to puppet.
  • Put myself in the puppet group.  I can now edit the files without being root.  (See newgrp(1).)
  • I’ll slowly begin to set the Other permission bits to 0, hiding the files and their contents from prying eyes.




Test your Docker image builds on multiple Linux distributions

Test your Docker image builds on multiple Linux distributions.

Why? It seems things behave differently on different distos. Here is a situation I just ran into.

I have been working on a new Docker image for an up coming post. The post uses CentOS and I generally use CentOS on my servers so I naturally built the image on a CentOS host. Once everything was way I wanted it I committed the changes to Github and had Dockerhub pull and build the image. To my surprise the build failed with the error

Could not find 'which' command, make sure it's available first before continuing installation.

I went back to my CentOS host and built the image again.  No errors.  On a hunch, I created an Ubuntu VM to build the image. Bingo! While the image built cleanly on CentOS, under Ubuntu it would fail with the error above.

While the fix was as simple as explicitly installing the which package as part of the build process, it showed me two things.

  1. Don’t assume your images build on all Linux distributions.
  2. Don’t assume Docker behaves the same on all Linux Distributions.

Happy image building!

Puppet-lint Plugins List

Based on the Puppet-lint Plugins list available at the Puppet Community site, I’ve added the gem command line and Gemfile commands for easy installation.


  • Check relative class name inclusions.
  • gem install puppet-lint-absolute_classname-check


  • Check if paths to the template() function are relative.
  • gem install puppet-lint-absolute_template_path


  • Check for alias parameters in resources.
  • gem install puppet-lint-alias-check
  • gem 'puppet-lint-alias-check', :require => false


  • Check that the appends operator (+=) is not used (removed in Puppet 4.0.0).
  • gem install puppet-lint-appends-check
  • gem 'puppet-lint-appends-check', :require => false


  • Check for types and class names that begin with digits.
  • gem install puppet-lint-classes_and_types_beginning_with_digits-check
  • gem 'puppet-lint-classes_and_types_beginning_with_digits-check', :require => false


  • Check for variables assigned to the empty string.
  • gem install puppet-lint-classes_and_types_beginning_with_digits-check
  • gem 'puppet-lint-empty_string-check', :require => false


  • Check the ensure attribute on file resources.
  • gem install puppet-lint-file_ensure-check
  • gem 'puppet-lint-file_ensure-check', :require => false


  • Check file rights when providing a source.
  • gem install puppet-lint-file_source_rights-check
  • gem 'puppet-lint-file_source_rights-check', :require => false


  • Check if puppet:/// is used instead of file().
  • gem install puppet-lint-fileserver-check


  • Ensure that your manifests have no global resources.
  • gem install puppet-lint-global_resource-check


  • Check for unquoted numbers with leading zero.
  • gem install puppet-lint-leading_zero-check
  • gem 'puppet-lint-leading_zero-check', :require =>; false


  • Extends puppet-lint to ensure that your variables are not numeric.
  • gem install puppet-lint-numericvariable


  • Check the ensure attribute on package resources.
  • gem install puppet-lint-package_ensure-check
  • gem 'puppet-lint-package_ensure-check'


  • Check that validates all parameters are documented.
  • gem install puppet-lint-param-docs


  • Check if resources exist outside of a class or defined type.
  • gem install puppet-lint-resource_outside_class-check


  • Ensure that the reference syntax follows Puppet 4 style.
  • gem install puppet-lint-resource_reference_syntax
  • gem 'puppet-lint-resource_reference_syntax'


  • Check that a node definition declares only a role, a role class does not have any param and only declares profiles, and a profiles class can declare anything but a role. gem install puppet-lint-roles_and_profiles-check
  • gem install puppet-lint-roles_and_profiles-check
  • gem 'puppet-lint-roles_and_profiles-check'


  • Checks puppet manifests for security related problems.
  • gem install puppet-lint-security-plugins


  • Check that spaceship operator is called with a tag.
  • gem install puppet-lint-spaceship_operator_without_tag-check
  • gem 'puppet-lint-spaceship_operator_without_tag-check', :require => false


  • Ensure that your manifests follow a strict indentation pattern.
  • gem install puppet-lint-strict_indent-check


  • Check for missing trailing commas.
  • gem install puppet-lint-trailing_comma-check
  • gem 'puppet-lint-trailing_comma-check', :require => false


  • Ensure that your manifest files end with newlines.
  • gem install puppet-lint-trailing_newline-check


  • Check for undef in function calls.
  • gem install puppet-lint-undef_in_function-check


  • Check that selectors and case statements cases are quoted.
  • gem install puppet-lint-unquoted_string-check
  • gem 'puppet-lint-unquoted_string-check', :require => false


  • Check that manifest files contain only US ASCII.
  • gem install puppet-lint-usascii_format-check


  • Ensure that your variables are all lower case.
  • gem install puppet-lint-variable_contains_upcase


  • Check for versions compared as numbers.
  • gem install puppet-lint-version_comparison-check
  • gem 'puppet-lint-version_comparison-check', :require => false


  • Check for vim comment (modeline) as the last line in a manifest.
  • gem install puppet-lint-vim_modeline-check