Anisble 2.2.0.0 fails to decrypt an encrypted inventory

[erikmouw]

ISSUE TYPE

• Bug Report

COMPONENT NAME

Ansible-vault

ANSIBLE VERSION

ansible 2.2.0.0
  config file = /home/ansible/ansible/ansible.cfg
  configured module search path = Default w/o overrides

CONFIGURATION

[defaults]
inventory = hosts
remote_user = root
roles_path = roles
ask_vault_pass=True

# enable fact caching
gathering = smart
fact_caching = jsonfile
fact_caching_connection = fact-cache
fact_caching_timeout = 3600

[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no

OS / ENVIRONMENT

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.1 LTS
Release:	16.04
Codename:	xenial

SUMMARY

Ansible no longer works with encrypted inventory files. The inventory is encrypted with ansible-vault. This used to work just fine with Ansible 2.1.2.0. Ansible is installed using the Ansible PPA repo for Ubuntu Xenial.

STEPS TO REPRODUCE

• Create inventory with a few hosts
• Encrypt inventory (ansible-vault encrypt hosts)
• Try to ping all hosts in the inventory (ansible -m ping all)

ansible -m ping all

EXPECTED RESULTS

Vault password:
localhost | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
hosta | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
hostb | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
hostc | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
hostd | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

ACTUAL RESULTS

$ ansible -m ping all
Vault password:
61396265376634626134356335623738373064396163643532363236386132646535656132303633 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ControlPath too long\r\n",
    "unreachable": true
}
34373238376137316130653637313562663234333762643536626561636439616533643933396661 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ControlPath too long\r\n",
    "unreachable": true
}
...
63616661383530386538396662386436373764653461666531396664633562636235323134646138 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ControlPath too long\r\n",
    "unreachable": true
}
64313066373737613431 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname 64313066373737613431: Name or service not known\r\n",
    "unreachable": true
}

[erikmouw]

Note this bug affects both ansible and ansible-playbook.

The inventory (and all other encrypted files) were encrypted using the ansible-vault from Ansible 2.1.2.0. Rekeying the inventory using ansible-vault from 2.2.0.0 doesn't make any difference, ansible and ansible-playbook still can't decrypt the playbook.

[bcoca]

dupe of #18355

[erikmouw]

This has been sitting in my browser all day, I finally got time to submit it and didn't see the other report. If you still need more information to reproduce the issue, feel free to reopen this one.