vault-encrypted admin_password issues in azure_rm_virtualmachine module
34 views
Skip to first unread message
Alex Pilon
Mar 13, 2018, 11:23:33 AM3/13/18
to Ansible Project
Hello,
And here's the vault's content (username/password removed, for obvious reasons) :
Having an issue here.
I created a role with variables both stored in the role's /vars folder, and in a /group_vars' encrypted vault.
The variables in the encrypted vault are for username and password when creating/accessing Windows servers.
Using azure_rm_virtualmachine, I wanted to create a new VM. It creates fine with no errors, but once I try to RDP into it, it doesn't accept the password from the vault. The only way for me to access the server is to manually go in Azure's GUI and reset the password, with the same password from the vault, and then it works.
The password contains only letters and numbers, no special characters.
Here's the appropriate role code:
---
- name: Import default Windows variables from /group_vars/windows
include_vars:
file: /etc/ansible/group_vars/windows/vault.yaml
- name: Create new Windows Server 2016 DC w/ SQL Server Standard 2016 SP1
azure_rm_virtualmachine:
admin_password: "{{ vault_cloud_windows_admin_password }}"
admin_username: " {{ vault_cloud_windows_admin_user }}"And here's the vault's content (username/password removed, for obvious reasons) :
---
vault_cloud_windows_admin_password:
vault_cloud_windows_admin_user:
...The vault is auto-decrypted with a password file, already configured in the ansible.cfg file. Proof is, the admin_username field gets properly populated.
I can't seem to figure out where my issue is, does someone have a clue ?
Thanks!
Alex Pilon
Mar 14, 2018, 6:41:09 PM3/14/18
to Ansible Project
bump.
Jordan Borean
Mar 14, 2018, 6:46:42 PM3/14/18
to Ansible Project
2 things you can try;
* Run `- debug: var=vault_cloud_windows_admin_password` before the task and make sure the password is what you expect
* Just write the password as a string to the module task instead of sourcing from a variable
The first thing tells you the correct variable is being sourced from vault and is what you expect. The second thing let's you know whether there may be a bug in the module as you are explicitly telling what one to use.
* Run `- debug: var=vault_cloud_windows_admin_password` before the task and make sure the password is what you expect
* Just write the password as a string to the module task instead of sourcing from a variable
The first thing tells you the correct variable is being sourced from vault and is what you expect. The second thing let's you know whether there may be a bug in the module as you are explicitly telling what one to use.
Alex Pilon
Mar 20, 2018, 3:58:08 PM3/20/18
to Ansible Project
Hey Jordan,
Thanks for the answer, and sorry for my delay. Weekend, AWX setup and other things got in the way of me trying this out.
Did your suggestions. The first one returned the proper value, so that's a good sign.
Did the second one: Worked fine as well, which confused me.
I removed the literal password string, re-configured the vault variable while leaving the debug task there, and tried again....and it worked.
I'm thoroughly confused as to why it now works, but hey, I won't complain haha
Thanks for your help!
Jordan Borean
Mar 20, 2018, 7:04:31 PM3/20/18
to Ansible Project
No worries, glad it worked out in the end and wasn't a bug in the module.
Reply all
Reply to author
Forward
0 new messages