New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--ask-vault-pass set but still got: A vault password must be specified to decrypt data #6820
Comments
Can you share as much as you can about a minimal setup to reproduce this problem, perhaps in a github gist? Thanks! |
@discordianfish I am not able to reproduce this based on your description. I do notice that your task is prefixed by a role name, so could you please show the output from "tree ." in your playbook directory? |
@jctanner Here is the tree output with the role in question. And a small correction: I have also two host_vars/ files that are encrypted and part of the 'prod' group. @mpdehaan I'll try to come up with a minimal example if I find time tomorrow.
|
Okay here is a minimal example: http://5pi.de/ansible-issue-6820-playbook.tar.gz
|
I picked up the same problem this morning. It almost exactly matches @discordianfish's issue. The pattern that I've identified is that using hostvars in a template does not work properly when at least one group_vars file is encrypted. Here is my template loop:
One of my files in group_vars/ is encrypted. If I unencrypt the file, everything works perfectly. |
Reproduced via the tarball files. Debugging now. |
@discordianfish and @johanmeiring this should be fixed in devel now. Please let me know otherwise. |
Now I'm getting: |
@discordianfish the only change i made to the files in your tarball were to the inventory file:
And the result is ...
|
I had this problem a few days ago, trying to get vars from a host for which facts were not yet read. To resolve this, i added a pretask to gather facts for all hosts |
@jctanner Never mind, this was unrelated (a "host" in my ansible_hosts had really no ansible_ssh_host), so all good! |
I'm having this problem. Running ansible-playbook version 1.8.2 on Linux Mint 17. What version was it supposed to be fixed in? |
I'm still having issues with v2.0.0.2-2 on Ubuntu 16.04. The 'ansible-vault' command works perfectly, but ansible-playbook always produce this error:
I've tried it with both --ask-vault-pass AND --vault-password-file and both fail to work for me ;-( |
I've found my issue, Ansible Vault is not usable when you require output to be unbuffered. For example:
I do this so my logs have colour in them :-) Obviously in the playbook I have an 'include_vars: vault.yml' type line to include my vault data. If I remove the unbuffer command things run smoothly and vault data is usable. |
Issue Type:
Bug report
Ansible Version:
ansible 1.6 (devel fe88fcb) last updated 2014/04/02 17:33:35 (GMT +200)
Environment:
Host running ubuntu saucy, managed systems running ubuntu precise.
Summary:
I have 3 files in group_vars/: all, prod and test. They are all encrypted by ansible-vault and using the same password. Everything else is plain text/not encrypted.
I'm running the playbook like this:
The playbook has 3 plays. One for group 'test', and two for specific hosts. The first two plays run fine although they depend already on encrypted group variables. But the last one dies with:
The tasks is straight forward:
And the only template logic in prometheus.conf.j2 is:
Steps To Reproduce:
Expected Results:
Actual Results:
The text was updated successfully, but these errors were encountered: