snap semaphore fails in certain condition

[ySp-chld]

Playbooks:

---

- hosts: all
  connection: local

  tasks:
    - name: Include vars from vaulted file.
      ansible.builtin.include_vars:
        file: ./crypted-var.yml

    - name: this is a 1rst vault test
      ansible.builtin.debug:
        msg: "this logstash password: {{ logstash_password }}"

./crypted-var.yml:

$ANSIBLE_VAULT;1.1;AES256
35303934343462646664663661613832366264623038333638336165663633333532643532616663
3964363565353264393762363934343164316337306461650a306139643534323163383335636565
64323231666563343630323635666665636331373832626436633964326234393130653836656563
3533383034616664610a646666393738663935666131613935303434666430396336663032366364
32313261313332383637646366373838363863613237393961343366323630363730363935306265
64636262626438623735633066386236393331373638366630626531393263336138303439323838
65653632623736613031663731643032353261666166336639663463386461383065633462346636
62643766653063386661356631613566343130373637616433323931363931343433316165336135
3538

I've put hte password of vault in my vault key.
When starting this I have this error on any node I'm working on :

 3:53:01 PM fatal: [node1]: FAILED! => changed=false
3:53:01 PM ansible_facts: {}
3:53:01 PM failed_modules:
3:53:01 PM ansible.legacy.setup:
3:53:01 PM ansible_facts:
3:53:01 PM discovered_interpreter_python: /usr/bin/python3
3:53:01 PM cmd: /sbin/ip -4 route get 8.8.8.8
3:53:01 PM failed: true
3:53:01 PM invocation:
3:53:01 PM module_args:
3:53:01 PM fact_path: /etc/ansible/facts.d
3:53:01 PM filter: []
3:53:01 PM gather_subset:
3:53:01 PM - all
3:53:01 PM gather_timeout: 10
3:53:01 PM msg: '[Errno 13] Permission denied: b''/sbin/ip'''
3:53:01 PM rc: 13
3:53:01 PM stderr: ''
3:53:01 PM stderr_lines: []
3:53:01 PM stdout: ''
3:53:01 PM stdout_lines: []
3:53:01 PM msg: |-
3:53:01 PM The following modules failed to execute: ansible.legacy.setup
3:53:01 PM

Is it because I'm using a vault ? it works perfectly in local if I call it like that :
ansible-playbook -e @./crypted-var.yml --vault-password-file ./afilewithpassword ./vault-test.yml

I think this should work properly as it is very convenient to be able to have multiple password in a vault file.

I'm working on the latest release on snap installed on Ubuntu 22.04.

[ySp-chld]

If you wonder my original non encrypted vault contains :

---
logstash_password: apassword
admin_password: adifferentpassword

[ySp-chld]

OK after more digging the error comes from fact_gathering in correlation with connection: local
If I remove connection: local or disable fact_gathering then it works properly.
I suppose there's a bug with connection: local and certain module that will try to use /usr/bin/ip to get default route of the snap installation. and it will fails.
I think I came with a similar issue in this discussion : #1096
Some reference on when and why ansible is trying to get route to 8.8.8.8 maybe there's a fix to do in the snap package.

https://github.com/ansible/ansible/blob/6ea058315f555bbedfaa9171f7de0d7915a37928/lib/ansible/module_utils/facts/network/linux.py#L52

ansible/ansible#74869

[ySp-chld]

I 've corrected this issue by installing semphore as a package. precise documentation on install process should be written btw.
Way less complicated than dealing with running in a snap.
restricted snap cannot even have a share folder between host and application makes it way too complicated when you need to generate private key with external tool.