I recently found out that Homebrew can be installed on Linux. I was wondering if the homebrew role would work on it.

I am new to homebrew and just learned about the services feature, which handles the launchd stuff.

I would just install the packages with setting hombrew_installed_packages and put the rest in post tasks and handlers.
Do you have any ideas how to use this role with "brew services" in another way?

Regards
Markus

For installing cask apps, the role is still trying to use "brew cask" but it is no longer available, it should be changed to "brew install --cask"

I'm successfully installing homebrew formulae and casks on a mac (with 12.1 Monterey); but certain casks hang after installing themselves into the remote /opt/brew/Caskroom, but before being copied into /Applications. Those same casks install properly via ssh (without ansible). These casks include: google-drive, expressvpn; I imagine there will be others. As an example:

- name: Install vpn
  homebrew_cask:
    name:
      - expressvpn
    state: present

This will hang ansible-galaxy. If I interrupt and check the system I see that /opt/brew/Caskroom/expressvpn exists and contains the expected files and subdirectories, but /Applications/ExpressVPN does not exist. If I ssh to the system and execute: brew install expressvpn then it complains that the cask is already installed. If I execute brew reinstall expressvpn (or brew uninstall expressvpn && brew reinstall expressvpn) then it succeeds. I am not challenged for my password during the manual (ssh) install process. I can't figure out where to look for logs to diagnose the problem further; ansible-galaxy -vvv just shows:

<zen> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="mike"' -o ConnectTimeout=10 -o ControlPath=/Users/mike/.ansible/cp/a545970042 -tt zen '/bin/sh -c '"'"'/Users/mike/.pyenv/shims/python3.9 /Users/mike/.ansible/tmp/ansible-tmp-1640213431.403431-98216-257073436789997/AnsiballZ_homebrew_cask.py && sleep 0'"'"''

Any ideas? For now I'm having to comment out the affected casks, but this is the only part of my entire mac setup that's not working at this point, and I must be doing something stupid.

I have noticed that if i am fat-fingered, and type in my complex password wrong, the playbook hangs on the task to check permissions on the homebrew dir. Maybe check if the password is correct and fail if not.

For instance:
https://stackoverflow.com/questions/50562707/can-ansible-check-if-password-is-correct-before-running-playbook

When I try to install a list of packages with the homebrew role, I end up with a series of errors about file ownership of /usr/local/man/man5.

Screengrab attached

my homebrew_vars.yaml

---
homebrew_install_path: /usr/local/homebrew
homebrew_installed_packages:
  - autoconf
  - automake
  - bat
  - coreutils
  - curl
  - docker
  - exa
  - gzip
  - htop
  - jq
  - libtool
  - libxslt
  - libyaml
  - npm
  - pkg-config
  - tmux
  - unar
  - unixodbc
  - unzip
  - vim
  - wget
  - xz
  - yarn
  - zlib
  - zsh

homebrew_cask_appdir: /Applications
homebrew_cask_apps:
  - appcleaner
  - iterm2
  - osxfuse
  - oversight
  - postman
  - spotify
  - visual-studio-code
  - vlc

homebrew_taps:
  - homebrew/cask
  - homebrew/cask-versions
  - name: microsoft/git
    url: 'https://github.com/microsoft/homebrew-git'

my playbook

---
- hosts: localhost

  vars_files:
    - vars/homebrew_vars.yaml

  tasks:
    - name: homebrew
      include_role:
        name: geerlingguy.mac.homebrew

My ansible-playbook command

ansible-playbook playbook.yaml -i inventory -v

The screen of my 16" M1 MacBook Pro flashes and reloads(?) the dock every time a change is made to the dock. This results in a race-condition, resulting in me having to run the dock-module several times until all changes to the dock are made.

Suggestion:
Add a 1 second delay after each alteration to the dock, to give time for the reloading.

EDIT:
The role could perhaps run recursively until no changes are made.

As menstioned in https://github.com/mas-cli/mas/issues/164 the login does not work in modern OSX versions.

this results in very strange errors.

running mas install on the CLI if logged in, however, if you let the role install it errors out.
a solution may be to NOT try to log in in versions >10.13 and just try to login.

the problem with that is that you need to identify the os version.

when i run ansible -m setup on my mac it gives me this relevant information:

    "ansible_os_family": "Darwin",
    "ansible_osrevision": "199506",
    "ansible_osversion": "21A559",

maybe the kernel version would be a clue
"ansible_kernel_version": "Darwin Kernel Version 21.1.0: Wed Oct 13 17:33:24 PDT 2021; root:xnu-8019.41.5~1/RELEASE_ARM64_T8101",

I may be able to help solve this, but i do not have the information to do so.

First of all, thanks for making this role, it has worked incredibly well and has saved me so much time.

However, I encountered the following error while trying to install mactex-no-gui:

failed: [192.168.64.50] (item=mactex-no-gui) => changed=false
  ansible_loop_var: item
  item: mactex-no-gui
  msg: |-
    ==> Homebrew is run entirely by unpaid volunteers. Please consider donating:
      https://github.com/Homebrew/brew#donations

    ==> Auto-updated Homebrew!
    Updated 1 tap (homebrew/core).
    Running `brew update --auto-update`...

    You have 50 outdated formulae and 8 outdated casks installed.
    You can upgrade them with brew upgrade
    or list them with brew outdated.

    Error: Failure while executing; `/usr/bin/sudo -A -E -- /usr/bin/env LOGNAME=******** USER=******** USERNAME=******** /usr/sbin/installer -pkg /opt/homebrew/Caskroom/mactex-no-gui/2022.0321/mactex-20220321.pkg -target / -applyChoiceChangesXML /private/tmp/choices20221109-5273-1o2wv0z.xml` exited with 1. Here's the output:
    installer: Package name is MacTeX
    installer: choices changes file '/private/tmp/choices20221109-5273-1o2wv0z.xml' applied
    installer: Installing at base path /
    installer: The install failed..

Not sure if this is a configuration / environment issue on my end or if there's an issue with the role.

Some guidance would be much appreciated!

Hello,

Your collection and your repo about how to setup a Mac is a real help for me.

I'm trying to set the Dock for all the users on my Mac used by the whole family. It seems the current dock role is designed to be used for an admin account (due to the task with Homebrew).

Is it possible to give instruction on how to use it for other users. Or can we work on an improvement to manage that in the future ?

Hello Jeff,

Thank you for all your work. I really enjoy your YouTube channel.

It would be nice if there was a variable you could set for the geerlingguy.mac.homebrew role to enable upgrading Casks greedily. This is supported by the community.general.homebrew_cask module. Basically it allows for applications that have auto-upgrade features to be forced to upgrade, ignoring their built in auto-upgrade. Thank you for considering this.

If you have recent applications turned on for the dock and the application is in your recent applications the application doesn't get added to the persistent applications on the dock.

To reproduce this error:

1. Enable recent applications for the dock
2. Close the application
3. Open the application so that it's in your recent applications
4. Have the application specified in the dockitems_persist list (example below)
5. Run the dock role (The app is not added to the persistent dock)

dockitems_persist:
  - name: "Sublime Text"
    path: "/Applications/Sublime Text.app/"
    pos: 5

I am getting an error when trying to use the homebrew role

My playbook.yml contains the following

---
- hosts: localhost
  become: no
  connection: local

  vars_files:
    - secrets.yml
  vars:
    homebrew_installed_packages:
      - mysql

  roles:
    - elliotweiser.osx-command-line-tools
    - geerlingguy.homebrew

Then I run the playbook I have the following error

TASK [geerlingguy.homebrew : Ensure configured homebrew packages are installed.] *******************************************************************************
failed: [localhost] (item=mysql) => {"ansible_loop_var": "item", "changed": false, "item": "mysql", "msg": "Error: The following directories are not writable by your user:\n/opt/homebrew\n\nYou should change the ownership of these directories to your user.\n  sudo chown -R $(whoami) /opt/homebrew\n\nAnd make sure that your user has write permission.\n  chmod u+w /opt/homebrew"}

Hi there. It seems that your role geerlingguy.mac.homebrew doesn't include the dependency on elliotweiser.osx-command-line-tools, which was present in geerlingguy.homebrew. Should it be added back?

Being a PHP developer I mostly need a particular version of PHP and generally brew runs a version a head where any of my clients running.

generally I will install the php package but the also install the [email protected] and sometime [email protected]. What I would nive is that I can then specify in my playbook a task to unlink php and link [email protected]

Log:

[...]
TASK [geerlingguy.mac.mas : Ensure unwanted MAS apps are uninstalled.] **********************************************************************************************************************************************************
failed: [127.0.0.1] (item={'id': 406056744, 'name': 'Evernote (7.14)'}) => changed=true 
  ansible_loop_var: item
  cmd:
  - mas
  - uninstall
  - '406056744'
  delta: '0:00:00.022895'
  end: '2022-02-12 12:55:54.149690'
  item:
    id: 406056744
    name: Evernote (7.14)
  msg: non-zero return code
  rc: 1
  start: '2022-02-12 12:55:54.126795'
  stderr: |-
    Warning: Apps installed from the Mac App Store require root permission to remove.
    Error: Unable to move app to trash.
    Error: Uninstall failed
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>
failed: [127.0.0.1] (item={'id': 406825478, 'name': 'Telephone (1.4)'}) => changed=true 
  ansible_loop_var: item
  cmd:
  - mas
  - uninstall
  - '406825478'
  delta: '0:00:00.022060'
  end: '2022-02-12 12:55:54.288822'
  item:
    id: 406825478
    name: Telephone (1.4)
  msg: non-zero return code
  rc: 1
  start: '2022-02-12 12:55:54.266762'
  stderr: |-
    Warning: Apps installed from the Mac App Store require root permission to remove.
    Error: Unable to move app to trash.
    Error: Uninstall failed
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>
[...]

Its due to an issue with mas itself, but I think it should be filed here as well.

Issue: mas-cli/mas#216

I have set the homebrew_use_brewfile variable to true in mac-dev-playbook, together with a Brewfile containing approx 85 items.

I've encountered the following problems:

• The "Install from Brewfile" task is disproportionately long compared to the other tasks of the playbook and gives no visibility with respect to its progress.
• When an item of the Brewfile fails installation (for example, I can't manage to get cask "virtualbox" to work in a macOS 10.13 vm), the playbook is aborted.
• (this one is more related to mac-dev-playbook) If depending on the mas role to perform sign-in to the App Store, as this role is triggered after the homebrew role in the playbook, the "Install from Brewfile" task is going to fail all the mas instructions (due to lack of sign-in).

I believe a simple fix can be devised to prevent aborting the playbook (using failed_when: false for example).
To help the user of the homebrew role to read the task progress, an easy but rather dirty fix is to add a debug step following it printing both stdout and stderr.
For the last problem, reordering roles in mac-dev-playbook seems to suffice.

But I kept being frustrated with this so I tried the approach of splitting up the Brewfile commands via ansible tasks and feeding them one by one to brew bundle --file=-.
I made a new role (taking large inspiration from your collection!) base on this approach, which you can see here: https://github.com/lajarre/ansible-collection-macstuff/blob/master/roles/homebrew_brewfile/tasks/main.yml

It makes sense to me that there is a role separate from the homebrew role and which handes brewfiles / brew bundle. Indeed, Brewfile is a language (DSL) that, if well designed for handling homebrew installs, is already going beyond brew itself as it contains mas instructions as well.
But it could also make sense to include this in the homebrew role itself.

What do you think of the aforementioned approach for splitting up tasks?

I'd be happy to contribute this back into your collection and to mac-dev-playbook if this makes sense.

Thanks for the work on this repo (and on the book) @geerlingguy 👏🏼

I've just started using this to install a suite of software across our fleet of DC M1's using Homebrew. I can't see to find any way of pinning the software version installed.

I've tried a couple of ways and looked through the source code and can't find any references.

The command locally could be:

brew install node@16

I've tried:

homebrew_installed_packages:
  - name: node@16

homebrew_installed_packages:
  - name: node
    version: 16

But neither work. Is this supported at all?

This will be a TODO until I have geerlingguy.homebrew and geerlingguy.mas fully incorporated into this collection, and have a release I'm happy with. At that point I'll close all issues in those repos, update their READMEs and project descriptions to mention this new collection, and archive them, and then mark them as deprecated on Ansible Galaxy itself.

While using this role I had my .zshrc updated and the path for homebrew has been removed. As I'm using arm64 it's installed into /opt/homebrew so /opt/homebrew/bin/ is not within the default PATH and thus brew cannot be used on the command line.

Shouldn't the arm64 path (/opt/homebrew/bin/) be checked if it's in the path of ZSH? And if not added to it?

If this should be the case I can work on it and create a PR.

Managing a device with multiple user using the ansible dock role is complicated
due to the role not supporting the --allhomes or the dock-plist.

It would be great supporting either of the options.
A problem with that is that this would require the role potentially needing
to become root.

Getting the dock position would probably be a lot more complicated, too.
Maybe it would be easier just passing the plist location and a user potentially running/including
the role multiple times.

Thanks for all the hard work you put into all your roles!

Hi,

I have a fresh install of Big Sur on a Mac Mini (M1) and I run this role remotely from an Ansible 2.9. Unfortunately it fails at [homebrew : Ensure configured taps are tapped].

TASK [homebrew : Ensure configured taps are tapped] ****************************************************************************************************************
failed: [loxodon] (item={u'url': u'https://github.com/Homebrew/homebrew-core.git', u'name': u'homebrew/core'}) => changed=false
  ansible_loop_var: item
  item:
    name: homebrew/core
    url: https://github.com/Homebrew/homebrew-core.git
  msg: 'Failed to find required executable brew in paths: /usr/bin:/bin:/usr/sbin:/sbin'
failed: [loxodon] (item={u'url': u'https://github.com/Homebrew/homebrew-cask.git', u'name': u'homebrew/cask'}) => changed=false
  ansible_loop_var: item
  item:
    name: homebrew/cask
    url: https://github.com/Homebrew/homebrew-cask.git
  msg: 'Failed to find required executable brew in paths: /usr/bin:/bin:/usr/sbin:/sbin'

I've added /opt/homebrew/bin to my PATH in .zshrc and .bash_profile just in case

% echo 'export PATH="$PATH:/opt/homebrew/bin"' >> ~/.zshrc
% echo 'export PATH="$PATH:/opt/homebrew/bin"' >> ~/.bash_profile

Now my user's PATH looks like:

nico@loxodon ~ % echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/homebrew/bin

And root's PATH is

loxodon:~ root# echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin

Did I miss something?

It looks like the mas app no longer supports logging in (after I spent ages trying to debug getting the credential conditions in ansible to work! 😭)

Can you imagine a valid reason for these to be kept in the playbook now this is the case? If not, I can submit a PR to remove them.

Hi there,

Dockutil < 3.0 uses python2 that has been removed from macOS.

Dockutil > 3.0 solves this by reimplementing in swift, but this results in a binary distribution format.

Brew will not accept prebuilt binaries as other than casks. This issue is described here:
kcrawford/dockutil#127

The workaround is given in the thread, tap your own recipe that installs binary instead.

To make this work with your ansible-collection it would be great to make the dockutil install optional - or - to allow a variable for a tap.

Recently found your 101 series, I'm trying out your dock role. I have a problem where the dock tasks fail with errors like this

FAILED! => {"msg": "The conditional check '\"No such file or directory\" in dockitem_exists.stdout or \"command not found\" in dockitem_exists.stdout\n' failed. The error was: error while evaluating conditional (\"No such file or directory\" in dockitem_exists.stdout or \"command not found\" in dockitem_exists.stdout\n): 'dict object' has no attribute 'stdout'"}

The reason there is no stdout is because the command dockutil cannot be found. The reason for that is because the path exposed by the ssh server on macos does not include /usr/local/bin which is where Homebrew installed dockutil. SSH also has by default PermitUserEnvironment set to no.

The SSH man page suggests the path it exposes is a compile-time option. You can see it like this

ssh [email protected] env
..
PATH=/usr/bin:/bin:/usr/sbin:/sbin
..

A fix that worked for me is to prefix dockutil with the full path /usr/local/bin/dockutil in all of the task files. However I am suprised you haven't hit this so suspect there is something I'm missing?
I've tried a couple of available macs here, one mojave and another catalina one. My Ansible client is running on Linux and is 2.10.4. The version of your collection is 1.4.0.

Copy from README.md of mas (https://github.com/mas-cli/mas#%EF%B8%8F-known-issues)

Over time, Apple has changed the APIs used by mas to manage App Store apps, limiting its capabilities. Please sign in or purchase apps using the App Store app instead. Subsequent redownloads can be performed with mas install.

⛔️ The signin command is not supported as of macOS 10.13 High Sierra. mas-cli/mas#164
⛔️ The purchase command is not supported as of macOS 10.15 Catalina. mas-cli/mas#289
⛔️ The account command is not supported as of macOS 12 Monterey. mas-cli/mas#417

The way I see it, the best way would be to either remove the first few checks, or simply set a requirement on OS-version. To remove them (or come up with a workaround) would be more stringent, as the behaviour would be constant for different OS-versions.

I'd like to reopen geerlingguy/ansible-role-homebrew#146 here, as the issue still exists.

I have a Brewfile with multiple mas apps in it. When I run the playbook over SSH, it fails:

TASK [geerlingguy.mac.homebrew : Install from Brewfile.] *******************************************************************************************************************************************************************************************************************************************************************
fatal: [ws547]: FAILED! => changed=true
  cmd:
  - /usr/local/bin/brew
  - bundle
  delta: '0:00:09.632515'
  end: '2022-04-01 15:18:18.952991'
  msg: non-zero return code
  rc: 1
  start: '2022-04-01 15:18:09.320476'
  stderr: 'Error: Unable to install Affinity Designer app. mas installation failed.'
  stderr_lines: <omitted>
  stdout: 
(Lot of Brewfile content)
  stdout_lines: <omitted>

However, it works using ansible_connection=local therefor I'm using this workaround now:

- name: Set controller_host fact
  set_fact:
    controller_host: "{{lookup('pipe','hostname')}}"

- name: Switch to local connection if this is the device
  set_fact:
    ansible_connection: local
  when: ansible_hostname == controller_host

After #43, we added a 7-second pause between dock item changes since the commands can sometimes fail with an error like "Move failed for 'App Name' in com.apple.dock.plist" since Ansible runs the command before the Dock has completed its restart. Annoyingly, it's something that would be better handled by dockutil not exiting until the operation is complete/confirmed... but it is what it is.

If we used retry with like a 1 or 2 second backoff to the tasks that can fail (e.g. "Move dock item to the correct position"), it might go faster when you have a bunch of dock items to move.

Hi,
the mas account (see https://github.com/mas-cli/mas#%EF%B8%8F-known-issues) command is not supported on MacOS Monterey.
The mas role fails at this task:

This may be something to be fixed upstream by homebrew, but it breaks the flow of the playbook so we may have to workaround around this issue.

failed: [127.0.0.1] (item=viscosity) => changed=false ansible_loop_var: item item: viscosity msg: |- Runningbrew update --auto-update... ==> Auto-updated Homebrew! Updated 3 taps (homebrew/core, homebrew/cask and homebrew/services). ==> New Formulae ---------stuff------------ Error: It seems there is already an App at '/Applications/Viscosity.app'.

It would be handy to either

• ignore errors for installations (so the playbook continues even if one item fails)
• check and skip if /Applications/{{ item }}.app allready exists. (this will break updating)

I'm getting this error:

The task includes an option with an undefined variable. The error was: 'ansible_user_id' is undefined

The error appears to be in '<REDACTED>/.ansible/collections/ansible_collections/geerlingguy/mac/roles/homebrew/tasks/main.yml': line 2, column 3

- hosts: localhost
  connection: local
  gather_facts: false
  vars:
    homebrew_installed_packages:
     - nvm
  roles:
    - geerlingguy.mac.homebrew

Trying to update to the new role (iow: coming from geerlinguy.homebrew)

ERROR! couldn't resolve module/action 'homebrew_cask'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '~/.ansible/collections/ansible_collections/geerlingguy/mac/roles/homebrew/tasks/main.yml': line 119, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

    # Cask.
    - name: Ensure blacklisted cask applications are not installed.
      ^ here

roles include like so

    roles:
      - geerlingguy.mac.homebrew
      - geerlingguy.mac.mas
      - geerlingguy.mac.dock

and requirements

---
roles:
  - name: elliotweiser.osx-command-line-tools

collections:
  - name: geerlingguy.mac

Intro

It's still unclear to me, but this error seems to happen on ARM-based macOS

What you could get

When using the homebrew role in a playbook as follows

roles:
  - elliotweiser.osx-command-line-tools
  - geerlingguy.mac.homebrew

you could get errors like Failed to find required executable brew in paths

TASK [homebrew : Ensure configured taps are tapped.] ***************************
failed: [default] (item=homebrew/core) => {"ansible_loop_var": "item", "changed": false, "item": "homebrew/core", "msg": "Failed to find required executable brew in paths: /opt/homebrew/Homebrew:/usr/bin:/bin:/usr/sbin:/sbin"}
failed: [default] (item=homebrew/cask) => {"ansible_loop_var": "item", "changed": false, "item": "homebrew/cask", "msg": "Failed to find required executable brew in paths: /opt/homebrew/Homebrew:/usr/bin:/bin:/usr/sbin:/sbin"}
failed: [default] (item=adoptopenjdk/openjdk) => {"ansible_loop_var": "item", "changed": false, "item": "adoptopenjdk/openjdk", "msg": "Failed to find required executable brew in paths: /opt/homebrew/Homebrew:/usr/bin:/bin:/usr/sbin:/sbin"}

How to solve it

tasks:
  - name: Install HomeBrew
    include_role:
      name: geerlingguy.mac.homebrew
      apply:
        environment:
          PATH: '{{homebrew_install_path}}/bin:{{ ansible_env.PATH }}'

If I try to include custom taps, the role progresses until the package/formulae install that requires the custom tap, and then stalls with no warning or error. Maybe I'm not referencing the tapped formula correctly?

Trivial configuration:

# homebrew_install_path: /usr/local/homebrew
homebrew_installed_packages:
  - autoconf
  - automake
  # appears to freeze during "automake" but it is the `msodbcsql17` formula that freezes;
  # if I rerun, both `autoconf` and `automake` register as installed and it still stalls here
  - msodbcsql17  # requires tap

homebrew_taps:
  - homebrew/cask
  - homebrew/cask-versions
  - name: microsoft/mssql-release
    url: 'https://github.com/Microsoft/homebrew-mssql-release'

See: https://github.com/geerlingguy/ansible.jeffgeerling.com

Performing an ansible run on a single VM running 11.4 (Big Sur). This is a fresh VM, nothing else installed. Port forwarding has been configured.

The ansible files are simple as to just test the roles work as intended over the configured ssh connection.

playbook.yml

---
- name: Golden image configuration
  hosts: packer

  vars:
    homebrew_installed_packages:
      - git
      - openjdk@8

  roles:
    - geerlingguy.mac.homebrew

requirements.yml

---
roles:
  - name: elliotweiser.osx-command-line-tools

collections:
  - name: geerlingguy.mac

inventory

[packer]
127.0.0.1 ansible_ssh_pass=***** ansible_user=***** ansible_port=10000

TASK [geerlingguy.mac.homebrew : Ensure Homebrew is installed.] just craps out, and with -vvvv I get the following traceback.

The full traceback is:
Traceback (most recent call last):
  File "/Users/anka/.ansible/tmp/ansible-tmp-1633819721.422527-15747-48633493768772/AnsiballZ_git.py", line 100, in <module>
    _ansiballz_main()
  File "/Users/anka/.ansible/tmp/ansible-tmp-1633819721.422527-15747-48633493768772/AnsiballZ_git.py", line 92, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/Users/anka/.ansible/tmp/ansible-tmp-1633819721.422527-15747-48633493768772/AnsiballZ_git.py", line 41, in invoke_module
    run_name='__main__', alter_sys=True)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 188, in run_module
    fname, loader, pkg_name)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 82, in _run_module_code
    mod_name, mod_fname, mod_loader, pkg_name)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/var/folders/f0/r0_px1z90y14c9r4ts7nt20m0000gn/T/ansible_git_payload_DkMYht/ansible_git_payload.zip/ansible/modules/git.py", line 1333, in <module>
  File "/var/folders/f0/r0_px1z90y14c9r4ts7nt20m0000gn/T/ansible_git_payload_DkMYht/ansible_git_payload.zip/ansible/modules/git.py", line 1214, in main
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/version.py", line 296, in __cmp__
    return cmp(self.version, other.version)
AttributeError: 'NoneType' object has no attribute 'version'
fatal: [127.0.0.1]: FAILED! => {
    "changed": false,
    "module_stderr": "Shared connection to 127.0.0.1 closed.\r\n",
    "module_stdout": "Traceback (most recent call last):\r\n  File \"/Users/anka/.ansible/tmp/ansible-tmp-1633819721.422527-15747-48633493768772/AnsiballZ_git.py\", line 100, in <module>\r\n    _ansiballz_main()\r\n  File \"/Users/anka/.ansible/tmp/ansible-tmp-1633819721.422527-15747-48633493768772/AnsiballZ_git.py\", line 92, in _ansiballz_main\r\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n  File \"/Users/anka/.ansible/tmp/ansible-tmp-1633819721.422527-15747-48633493768772/AnsiballZ_git.py\", line 41, in invoke_module\r\n    run_name='__main__', alter_sys=True)\r\n  File \"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py\", line 188, in run_module\r\n    fname, loader, pkg_name)\r\n  File \"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py\", line 82, in _run_module_code\r\n    mod_name, mod_fname, mod_loader, pkg_name)\r\n  File \"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py\", line 72, in _run_code\r\n    exec code in run_globals\r\n  File \"/var/folders/f0/r0_px1z90y14c9r4ts7nt20m0000gn/T/ansible_git_payload_DkMYht/ansible_git_payload.zip/ansible/modules/git.py\", line 1333, in <module>\r\n  File \"/var/folders/f0/r0_px1z90y14c9r4ts7nt20m0000gn/T/ansible_git_payload_DkMYht/ansible_git_payload.zip/ansible/modules/git.py\", line 1214, in main\r\n  File \"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/version.py\", line 296, in __cmp__\r\n    return cmp(self.version, other.version)\r\nAttributeError: 'NoneType' object has no attribute 'version'\r\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

Might be difficult to replicate this unless you have access to an environment running Anka. That is what I'm using to create the VM. Hopefully it's just a simple oversight on my end.

Not only because I hate seeing Dock restart a zillion times every time I run this role, but also because it breaks the CI idempotence test:

TASK [geerlingguy.mac.dock : Ensure correct Dock order.] ***********************
changed: [localhost] => (item={'name': 'Safari', 'path': '/Applications/Safari.app/', 'pos': 1})

Should be able to parse out the current position with:

$ dockutil --find Safari
Safari was found in persistent-apps at slot 4 in /Users/jgeerling/Library/Preferences/com.apple.dock.plist

First off, thank you so much for providing so many excellent ansible roles. It's made my job a lot easier.

I'm installing homebrew on an M1 Mac Mini using the geerlingguy.mac.homebrew role. I'm seeing this error:

TASK [geerlingguy.mac.homebrew : Ensure configured taps are tapped.] *********************************************************
*******************************************************
failed: [opentrons-control-1] (item=homebrew/core) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "homebrew/core"
}

MSG:

added: 0, unchanged: 0, error: failed to tap: homebrew/core due to error: could not lock config file .git/config: Permission d
enied
error: cannot lock ref 'REBASE_HEAD': Unable to create '/opt/homebrew/Homebrew/.git/REBASE_HEAD.lock': Permission denied
==> Homebrew has enabled anonymous aggregate formula and cask analytics.
Read the analytics documentation (and how to opt-out) here:
  https://docs.brew.sh/Analytics
No analytics have been recorded yet (nor will be during this `brew` run).

==> Homebrew is run entirely by unpaid volunteers. Please consider donating:
  https://github.com/Homebrew/brew#donations
==> Tapping homebrew/core
fatal: could not create leading directories of '/opt/homebrew/Homebrew/Library/Taps/homebrew/homebrew-core': Permission denied
Error: Failure while executing; `git clone https://github.com/Homebrew/homebrew-core /opt/homebrew/Homebrew/Library/Taps/homeb
rew/homebrew-core --origin=origin --template=` exited with 128.
Error: Failure while executing; `/opt/homebrew/bin/brew tap homebrew/core` exited with 1.
==> Tapping homebrew/core
fatal: could not create leading directories of '/opt/homebrew/Homebrew/Library/Taps/homebrew/homebrew-core': Permission denied
Error: Failure while executing; `git clone https://github.com/Homebrew/homebrew-core /opt/homebrew/Homebrew/Library/Taps/homeb
rew/homebrew-core --origin=origin --template=` exited with 128.

While the homebrew_user owns /opt/homebrew/Homebrew/, all of the files in that directory are owned by root.

When installing homebrew with geerlingguy.mac.homebrew and trying to install packages directly afterwards using ansible.builtin.package, this fails with the following error message:

The full traceback is:
NoneType: None
fatal: [127.0.0.1]: FAILED! => {
    "changed": false,
    "msg": "Could not find a module for unknown."
}

This is because ansible_pkg_mgr is set to unknown when first loading the playbook. This is then loaded in ansible.builtin.package. After the installation, the facts are not recollected.

I'm using an M1 mac and the playbook works for cask applications, but it fails for homebrew packages:

TASK [geerlingguy.mac.homebrew : Ensure configured homebrew packages are installed] *****************************
failed: [localhost] (item=stow) => {"ansible_loop_var": "item", "changed": false, "item": "stow", 
"msg": "Error: Cannot install in Homebrew on ARM processor in Intel default prefix (/usr/local)!\nPlease create a new installation in /opt/homebrew using one of the\n\"Alternative Installs\" from:\n  https://docs.brew.sh/Installation\nYou can migrate your previously installed formula list with:\n  brew bundle dump"}

One possible way to fix this issue is adding the path explicitly in "homebrew":

- name: Ensure configured homebrew packages are installed.
      homebrew:
        path: "{{ homebrew_brew_bin_path }}"
        name: "{{ item.name | default(item) }}"
        install_options: "{{ item.install_options | default(omit) }}"
        state: "{{ item.state | default('present') }}"

Thanks, I've been using your Ansible roles for years!

Just updated from the deprecated geerlingguy.homebrew Ansible role and when trying to run my playbook, Ansible hangs at this step:

TASK [geerlingguy.mac.homebrew : Ensure Homebrew parent directory has correct permissions (MacOS >= 10.13).] ***********************************************************************************************

My Hombrew directory is at /usr/local/Homebrew, so it's prefix (homebrew_prefix) should be /usr/local. I checked myself that the parent directory does have the correct ownership, but can't figure out why it hangs at that point, like if it was expecting some user input at that point.

My Ansible version is 2.12.1.

The task "Ensure configured MAS apps are installed." cant get finished, its completely stuck. I saw this as an issue in the old mac.mas role but not a good solution. Any ideas?

I recently found out, that when the SSHd on a macOS is configured that pubkey auth is being used instead of password auth the playbook keeps hanging when the "mas install" tasks are executed.

This seems to be an issue macOS handling the security context for SSH tunnels (somehow)...

What helped me was the solution suggested in that github issue answer (installing the reattach-to-user-namespace brew and running mas using that).

I've tested it locally vía manually installing that brew and copying the mas tasks into a local yml file (instead of using the rule - what messes up the order of role/task execution) - and that way it works.

Has anyone experienced the same issue?

Would be nice if the role supports that way (toggled by a mas-reattach-to-user-namespace boolean config). What's your suggestion?

Got a mac Mini with M1 chip and geerlingguy.mac.homebrew role that works great on my Intel mac fails on my M1 mac.

Playbook called macos_workstation.yml

- name: macOS Workstation Playbook
  hosts: all

  vars:
    ansible_python_interpreter: "/usr/bin/python3"
    homebrew_installed_packages:
      - git
    homebrew_taps:
      - homebrew/core
    homebrew_cask_apps:
      - powershell

  roles:
    - geerlingguy.mac.homebrew
    - geerlingguy.mac.mas

Ansible run

$ ansible-playbook -i testing  --limit="macmini" -K ../macos_workstation.yml

Error

TASK [geerlingguy.mac.homebrew : Install configured cask applications.] ********
failed: [macmini] (item=powershell) => {"ansible_loop_var": "item", "changed": false, "item": "powershell", "msg": "Failed to find required executable brew in paths: /usr/bin:/bin:/usr/sbin:/sbin"}

The defaults set

homebrew_prefix: "{{ (ansible_machine == 'arm64') | ternary('/opt/homebrew', '/usr/local') }}"
homebrew_install_path: "{{ homebrew_prefix }}/Homebrew"
homebrew_brew_bin_path: "{{ homebrew_prefix }}/bin"

Does the homebrew_cask look into the homebrew_brew_bin_path?

    - name: Install configured cask applications.
      homebrew_cask:
        name: "{{ item.name | default(item) }}"
        state: present
        install_options: "{{ item.install_options | default('appdir=' + homebrew_cask_appdir) }}"
        accept_external_apps: "{{ homebrew_cask_accept_external_apps }}"
        sudo_password: "{{ ansible_become_password | default(omit) }}"
      loop: "{{ homebrew_cask_apps }}"
      notify:
        - Clear homebrew cache

Seems like homebrew_cask does not follow the homebrew_brew_bin_path. Changed playbook, addd a pre-task

  pre_tasks:
    - debug:
        msg: "{{ homebrew_brew_bin_path }}"

Ansible shows homebrew_brew_bin_path correct.

TASK [debug] *******************************************************************
ok: [macmini.castle.real-time.com] => {
    "msg": "/opt/homebrew/bin"
}

% file /opt/homebrew/bin/brew
/opt/homebrew/bin/brew: Bourne-Again shell script text executable, ASCII text

% /opt/homebrew/bin/brew --version
Homebrew 3.3.4
Homebrew/homebrew-core (git revision e2dbff3dad5; last commit 2021-11-16)

Do I need to apply a work-around like in #10 ?

% echo $SHELL
/bin/zsh

% sw_vers
ProductName:	macOS
ProductVersion:	12.0.1
BuildVersion:	21A559

% python3 -V
Python 3.8.9

$ ansible --version
ansible 2.9.16.post0

Error: The following directories are not writable by your user:

/usr/local/etc/bash_completion.d
/usr/local/lib/pkgconfig
/usr/local/share/aclocal
/usr/local/share/info
/usr/local/share/man/man3
/usr/local/share/man/man8
/usr/local/var/homebrew/locks
/usr/local/var/log

You should change the ownership of these directories to your user.
  sudo chown -R $(whoami) /usr/local/etc/bash_completion.d /usr/local/lib/pkgconfig /usr/local/share/aclocal /usr/local/share/info /usr/local/share/man/man3 /usr/local/share/man/man8 /usr/local/var/homebrew/locks /usr/local/var/log

And make sure that your user has write permission.
  chmod u+w /usr/local/etc/bash_completion.d /usr/local/lib/pkgconfig /usr/local/share/aclocal /usr/local/share/info /usr/local/share/man/man3 /usr/local/share/man/man8 /usr/local/var/homebrew/locks /usr/local/var/log

Does setting these folder permissions need to be added to the homebrew role? I am trying to configure homebrew on a large number of macs to be configured by a single admin user. Currently some of the macs have homebrew installed with the wrong user.

Add a Dock role that manages the macOS Dock, migrating all the Dock-specific content from https://github.com/geerlingguy/mac-dev-playbook/

Related: geerlingguy/mac-dev-playbook#116

On macOS Big Sur I currently can't seem to get mas to install apps. However, running mas install directly produces the exact same error message so the error is most likely not in the Role, but in mas-cli itself: I'm opening this ticket just for tracking purposes.

Redownload Unavailable with This Apple ID
This redownload is not available for this Apple ID either because it was bought by a different user or the item was refunded or cancelled.

Hi there,

I'm running the mac-dev-setup playbook on a remote machine, and it's failing on the mas account task, as follows…

TASK [geerlingguy.mac.mas : Get MAS account status] **************************************************************************************
task path: /Users/toby/.ansible/collections/ansible_collections/geerlingguy/mac/roles/mas/tasks/main.yml:5
fatal: [marvin]: FAILED! => changed=false
  cmd: mas account
  failed_when_result: true
  msg: '[Errno 2] No such file or directory'
  rc: 2
  stderr: ''
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>

I can run mas on the command line when logged in locally to the machine, without the full path, since /usr/local/bin is in my $PATH.

I've added a debug step to dump out the $PATH when using ansible and it seems to be missing /usr/local/bin for some reason…

TASK [geerlingguy.mac.mas : Debug mas cmd part 1] ****************************************************************************************
task path: /Users/toby/.ansible/collections/ansible_collections/geerlingguy/mac/roles/mas/tasks/main.yml:5
changed: [marvin] => changed=true
  cmd:
  - echo
  - $PATH
  delta: '0:00:00.002861'
  end: '2021-06-25 20:38:35.642596'
  rc: 0
  start: '2021-06-25 20:38:35.639735'
  stderr: ''
  stderr_lines: <omitted>
  stdout: /usr/bin:/bin:/usr/sbin:/sbin
  stdout_lines: <omitted>

What's the best way to fix this? I can submit a PR, but where should I be adding /usr/local/bin to the PATH? For all users (/etc/profile) or to just the current users, perhaps?

I used the example playbook to install homebrew with packages but after installation it didn't find "brew" as a command cause nothing was there to set the environment.