ansible-vault "A vault password must be specified to decrypt data"
420 views
Skip to first unread message
Larry Forsyth
Apr 29, 2021, 10:11:58 AM4/29/21
to Ansible Project
Having difficulties getting my playbook to run successfully using password encrypted by ansible-vault. Running on RHEL 7.9.
$ ansible-playbook --version
ansible-playbook 2.9.18
config file = /home/CGE/sa_cge_sm/projects/tavs-patching/ansible.cfg
configured module search path = [u'/home/CGE/sa_cge_sm/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible-playbook
python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Created user.yml via ansible-vault:
$ ansible-vault create user.yml
New Vault password: <password entered>
Confirm New Vault password: <password entered>
sent into vi, and entered password. Saved file. It appears the encryption is performed properly
]$ cat user.yml
$ANSIBLE_VAULT;1.1;AES256
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Possibly user-error here (relatively new to ansible). When I run playbook:
$ ansible-playbook redhatpatching.yml -i dfwtesting.yml -l dfwtesting -f 5 -u sa_cge_sm --vault-password-file ./user.yml -k
SSH password:
[WARNING]: Error in vault password file loading (default): A vault password must be specified to decrypt data
ERROR! A vault password must be specified to decrypt data
Isn't ansible-vault designed to not require a password to be entered?
Thanks!
Rene Paquin
Apr 29, 2021, 10:25:18 AM4/29/21
to ansible...@googlegroups.com
I believe that when encrypting a password vault you need to run with –ask-vault-password
Rene
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ansible-proje...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com.
Larry Forsyth
Apr 29, 2021, 10:32:23 AM4/29/21
to ansible...@googlegroups.com
Hi Rene,
Thanks for the reply. Are you suggesting that teh user.yml file be created in this manner?
ansible-vault create user.yml --ask-vault-pass
ansible-vault create user.yml --ask-vault-pass
??
i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I enter it, it still throws this error.
i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I enter it, it still throws this error.
Thanks
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295A059F8D70CC954351435D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM.
Rene Paquin
Apr 29, 2021, 10:36:26 AM4/29/21
to ansible...@googlegroups.com
Can you show us the contents of your playbook?
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%2BqNVcqZ6%3DmHZHGVu6_HQ%40mail.gmail.com.
Larry Forsyth
Apr 29, 2021, 11:16:33 AM4/29/21
to ansible...@googlegroups.com
I neglected to mention - this runs at command-line if I do not use the password file created by ansible-vault. I need to do this to allow me to create a Jenkins job and not have to enter a password when that runs. Sorry for that omission. Here is the playbook:
$ cat redhatpatching.yml
---
## Ansible Playbook to apply O/S patches on RHEL servers
## 1. Check for running databases.
## 2. Shut down databases if found to be running.
## 3. Check for running databases.
## 4. Stop processing playbook for server(s) with databases running.
## 5. Check integrity of the RPM database.
## 6. Fix RPM database if check failed.
## 7. Update the server via yum update
## 8. Validate whether kernel patches were applied and whether system needs to be rebooted
## 9. Reboot server if required
## 10. Wait 90 seconds minutes for servers to boot up
## 11. Confirm current version of yum-utils
## 12. Remove old kernel from host
## 13. Run all-start on all DB servers
## 14. Run db_repl_ck on all DB servers
## 15. Run db_status on all DB servers
- hosts: dfwtesting
become: true
tasks:
# Purpose: Check for running databases or if they are ALL down
- name: Check for running databases
shell: if ps -eaf | egrep "/sw/oe/11.7/bin/_mprshut|/sw/oe/11.7/bin/_mprosrv" | grep -v grep > /dev/null; then echo 'databases_running'; else echo 'databases_not_running'; fi
ignore_errors: false
register: db_running_check
# Purpose: Run all-stop on all DB servers
- name: Shut down databases
become: sa_cge_sm
shell: if /sw/bin/all-stop; then /sw/bin/all-stop;fi
when: db_running_check.stdout == "databases_running"
# Purpose: Check for running databases or if they are ALL down
- name: Check for running databases
shell: if ps -eaf | egrep "/sw/oe/11.7/bin/_mprshut|/sw/oe/11.7/bin/_mprosrv" | grep -v grep > /dev/null; then echo 'databases_running'; else echo 'databases_not_running'; fi
ignore_errors: false
register: db_shutdown_check
# Purpose: Quit playbook on server if databases are running
- name: Decision point to start applying patches
fail: msg="{{ inventory_hostname }} STILL has running databases. STOP the databases first and try patching again."
when: db_shutdown_check.stdout == "databases_running"
# Purpose: Check RPM database integrity
- name: Check RPM database integrity
shell: if cd /var/lib/rpm; /usr/lib/rpm/rpmdb_verify Packages | grep "Verification of Packages succeeded" > /dev/null; then echo 'rpm_db_ok'; else echo 'rpm_db_not_ok'; fi
ignore_errors: false
register: rpm_db_status
# Purpose: Fix RPM database if check failed
- name: Fix RPM database if check failed
shell: cd /var/lib/rpm; rm -f rm -f __db.[0-9][0-9][0-9]; rpm --quiet -qa; /usr/lib/rpm/rpmdb_verify Packages
when: rpm_db_status.stdout == "rpm_db_not_ok"
# Update the server via yum
- name: Upgrade all packages on the server
yum:
name: '*'
state: latest
when: db_shutdown_check.stdout == "databases_not_running" and ansible_distribution == 'RedHat'
register: yum_update
# Validate whether kernel patches were applied and whether system needs to be rebooted
- name: Determine whether reboot is required after update
shell: KERNEL_NEW=$(rpm -q --last kernel | head -1 | awk '{print $1}' | sed 's/kernel-//'); KERNEL_NOW=$(uname -r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed"; else echo "reboot_not_needed"; fi
ignore_errors: true
register: reboot_required
# Restart the server when required
- name: Reboot server
reboot:
when: reboot_required.stdout == "reboot_needed"
# Wait 2 minutes for server to boot up
- name: Sleep for 120 seconds after reboot
pause:
seconds: 120
when: reboot_required.stdout == "reboot_needed"
# Confirm latest yum-utils is available
- name: Ensure latest yum-utils package is installed
yum:
name: yum-utils
state: latest
# Remove old kernel from host
- name: Remove the old kernels from the system
shell: package-cleanup --oldkernels --count=2 -y
# Purpose: Run all-start on all DB servers
- name: Start up the databases
become: sa_cge_sm
shell: if /sw/bin/all-start; then /sw/bin/all-start; fi
when: db_running_check.stdout == "databases_running"
# Purpose: Run db_repl_ck on all DB servers
- name: Run db-repl-ck on all DB servers
become: sa_cge_sm
shell: /sw/bin/db-repl-ck > /tavs_sm/logs/admin/patching/db-repl-ck-$(hostname -s)-$(date +%F).out
when: db_running_check.stdout == "databases_running"
# Purpose: Run db_status on all DB servers
- name: Run db-status on all DB servers
become: sa_cge_sm
shell: /sw/bin/db-status > /tavs_sm/logs/admin/patching/db-status-$(hostname -s)-$(date +%F).out
when: db_running_check.stdout == "databases_running"
# Purpose: Run db-summary on all DB servers
- name: Run db-summary on all DB servers
become: sa_cge_sm
shell: /tavs_sm/temp/db-summary > /tavs_sm/logs/admin/patching/db-summary-$(hostname -s)-$(date +%F).out
when: db_running_check.stdout == "databases_running"
---
## Ansible Playbook to apply O/S patches on RHEL servers
## 1. Check for running databases.
## 2. Shut down databases if found to be running.
## 3. Check for running databases.
## 4. Stop processing playbook for server(s) with databases running.
## 5. Check integrity of the RPM database.
## 6. Fix RPM database if check failed.
## 7. Update the server via yum update
## 8. Validate whether kernel patches were applied and whether system needs to be rebooted
## 9. Reboot server if required
## 10. Wait 90 seconds minutes for servers to boot up
## 11. Confirm current version of yum-utils
## 12. Remove old kernel from host
## 13. Run all-start on all DB servers
## 14. Run db_repl_ck on all DB servers
## 15. Run db_status on all DB servers
- hosts: dfwtesting
become: true
tasks:
# Purpose: Check for running databases or if they are ALL down
- name: Check for running databases
shell: if ps -eaf | egrep "/sw/oe/11.7/bin/_mprshut|/sw/oe/11.7/bin/_mprosrv" | grep -v grep > /dev/null; then echo 'databases_running'; else echo 'databases_not_running'; fi
ignore_errors: false
register: db_running_check
# Purpose: Run all-stop on all DB servers
- name: Shut down databases
become: sa_cge_sm
shell: if /sw/bin/all-stop; then /sw/bin/all-stop;fi
when: db_running_check.stdout == "databases_running"
# Purpose: Check for running databases or if they are ALL down
- name: Check for running databases
shell: if ps -eaf | egrep "/sw/oe/11.7/bin/_mprshut|/sw/oe/11.7/bin/_mprosrv" | grep -v grep > /dev/null; then echo 'databases_running'; else echo 'databases_not_running'; fi
ignore_errors: false
register: db_shutdown_check
# Purpose: Quit playbook on server if databases are running
- name: Decision point to start applying patches
fail: msg="{{ inventory_hostname }} STILL has running databases. STOP the databases first and try patching again."
when: db_shutdown_check.stdout == "databases_running"
# Purpose: Check RPM database integrity
- name: Check RPM database integrity
shell: if cd /var/lib/rpm; /usr/lib/rpm/rpmdb_verify Packages | grep "Verification of Packages succeeded" > /dev/null; then echo 'rpm_db_ok'; else echo 'rpm_db_not_ok'; fi
ignore_errors: false
register: rpm_db_status
# Purpose: Fix RPM database if check failed
- name: Fix RPM database if check failed
shell: cd /var/lib/rpm; rm -f rm -f __db.[0-9][0-9][0-9]; rpm --quiet -qa; /usr/lib/rpm/rpmdb_verify Packages
when: rpm_db_status.stdout == "rpm_db_not_ok"
# Update the server via yum
- name: Upgrade all packages on the server
yum:
name: '*'
state: latest
when: db_shutdown_check.stdout == "databases_not_running" and ansible_distribution == 'RedHat'
register: yum_update
# Validate whether kernel patches were applied and whether system needs to be rebooted
- name: Determine whether reboot is required after update
shell: KERNEL_NEW=$(rpm -q --last kernel | head -1 | awk '{print $1}' | sed 's/kernel-//'); KERNEL_NOW=$(uname -r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed"; else echo "reboot_not_needed"; fi
ignore_errors: true
register: reboot_required
# Restart the server when required
- name: Reboot server
reboot:
when: reboot_required.stdout == "reboot_needed"
# Wait 2 minutes for server to boot up
- name: Sleep for 120 seconds after reboot
pause:
seconds: 120
when: reboot_required.stdout == "reboot_needed"
# Confirm latest yum-utils is available
- name: Ensure latest yum-utils package is installed
yum:
name: yum-utils
state: latest
# Remove old kernel from host
- name: Remove the old kernels from the system
shell: package-cleanup --oldkernels --count=2 -y
# Purpose: Run all-start on all DB servers
- name: Start up the databases
become: sa_cge_sm
shell: if /sw/bin/all-start; then /sw/bin/all-start; fi
when: db_running_check.stdout == "databases_running"
# Purpose: Run db_repl_ck on all DB servers
- name: Run db-repl-ck on all DB servers
become: sa_cge_sm
shell: /sw/bin/db-repl-ck > /tavs_sm/logs/admin/patching/db-repl-ck-$(hostname -s)-$(date +%F).out
when: db_running_check.stdout == "databases_running"
# Purpose: Run db_status on all DB servers
- name: Run db-status on all DB servers
become: sa_cge_sm
shell: /sw/bin/db-status > /tavs_sm/logs/admin/patching/db-status-$(hostname -s)-$(date +%F).out
when: db_running_check.stdout == "databases_running"
# Purpose: Run db-summary on all DB servers
- name: Run db-summary on all DB servers
become: sa_cge_sm
shell: /tavs_sm/temp/db-summary > /tavs_sm/logs/admin/patching/db-summary-$(hostname -s)-$(date +%F).out
when: db_running_check.stdout == "databases_running"
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM.
Rene Paquin
Apr 29, 2021, 11:25:11 AM4/29/21
to ansible...@googlegroups.com
I am no expert but in my playbooks I point to my files that holds variables and passwords
- hosts: localhost
gather_facts: no
vars_files:
- group_vars/vars
- group_vars/vars_sec
tasks:
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFQW1uPM0TefJhRSo%2BTL38EcUyj%2BD-bzv-hyoWHdD%2BP9POj0vQ%40mail.gmail.com.
Stefan Hornburg (Racke)
Apr 29, 2021, 11:31:57 AM4/29/21
to ansible...@googlegroups.com
On 4/29/21 5:24 PM, Rene Paquin wrote:
> I am no expert but in my playbooks I point to my files that holds variables and passwords
>
>
>
> - hosts: localhost
>
> gather_facts: no
>
> vars_files:
>
> - group_vars/vars
>
> - group_vars/vars_sec
>
>
>
> tasks:
>
>
>
> Rene
>
Usually you put the vault password into the configuration/secret variables of your CI system (Jenkins).
> I am no expert but in my playbooks I point to my files that holds variables and passwords
>
>
>
> - hosts: localhost
>
> gather_facts: no
>
> vars_files:
>
> - group_vars/vars
>
> - group_vars/vars_sec
>
>
>
> tasks:
>
>
>
> Rene
>
Regards
Racke
>
>
>
>
>
>
> *From:*ansible...@googlegroups.com <ansible...@googlegroups.com> *On Behalf Of *Larry Forsyth
> *Sent:* April 29, 2021 11:16 AM
> *To:* ansible...@googlegroups.com
> *Subject:* Re: [ansible-project] ansible-vault "A vault password must be specified to decrypt data"
> <mailto:ansible...@googlegroups.com>> *On Behalf Of *Larry Forsyth
> *Sent:* April 29, 2021 10:32 AM
> *To:* ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> *Subject:* Re: [ansible-project] ansible-vault "A vault password must be specified to decrypt data"
>
>
>
> Hi Rene,
>
>
>
> Thanks for the reply. Are you suggesting that teh user.yml file be created in this manner?
>
> ansible-vault create user.yml --ask-vault-pass
>
>
>
> ??
>
> i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I enter
> it, it still throws this error.
>
>
>
> Thanks
>
>
>
> On Thu, Apr 29, 2021 at 10:25 AM Rene Paquin <rpa...@wlu.ca <mailto:rpa...@wlu.ca>> wrote:
>
> I believe that when encrypting a password vault you need to run
with –ask-vault-password
>
>
>
> Rene
>
>
>
> *From:*ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
>
>
> Hi Rene,
>
>
>
> Thanks for the reply. Are you suggesting that teh user.yml file be created in this manner?
>
> ansible-vault create user.yml --ask-vault-pass
>
>
>
> ??
>
> i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I enter
> it, it still throws this error.
>
>
>
> Thanks
>
>
>
> On Thu, Apr 29, 2021 at 10:25 AM Rene Paquin <rpa...@wlu.ca <mailto:rpa...@wlu.ca>> wrote:
>
> I believe that when encrypting a password vault you need to run
with –ask-vault-password
>
>
>
> Rene
>
>
>
> <ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>> *On Behalf Of *Larry Forsyth
> *Sent:* April 29, 2021 10:12 AM
> *To:* Ansible Project <ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>>
> *Subject:* [ansible-project] ansible-vault "A vault password must be specified to decrypt data"
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F0522d4db-06c7-427e-8a1f-4bed98074a85n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018262715%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=spxvIW%2BJTW6XtWZCvABOOCKJ4oC%2F3c6eTazUgq5Txpw%3D&reserved=0>.
> https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com
>
> --
> You received this message because you are subscribed to a topic
in the Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018272707%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=iSxsqKxPDwSGAFIDZNTcl9eNjMUAFJOr6C%2FlI6XN3lk%3D&reserved=0>.
> --
> You received this message because you are subscribed to a topic
in the Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com
> <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295A059F8D70CC954351435D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295A059F8D70CC954351435D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018272707%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=X8EhmwYWluYVywnP821h1LLpoXx%2FTWNzY90U3LD%2Fdk0%3D&reserved=0>.
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%2BqNVcqZ6%3DmHZHGVu6_HQ%40mail.gmail.com
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%252BqNVcqZ6%253DmHZHGVu6_HQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018282705%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=1A0iCYRWHNQeBLqQsbsY5XAM55e4SS5rfscabPB2%2F6M%3D&reserved=0>.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018282705%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Ts2VL3TUFvx6MAIBpsAHpTIVQAESmCwWOO%2FUVg89Gbs%3D&reserved=0>.
> --
> You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> To unsubscribe from this group and all its topics, send an email to
ansible-proje...@googlegroups.com
> <mailto:ansible-proje...@googlegroups.com>.
ansible-proje...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018292698%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7OK8oWrlW2OeMd%2FvtjGaUanMiTxO%2Fl42E3Dj9eCJMbs%3D&reserved=0>.
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAFQW1uPM0TefJhRSo%2BTL38EcUyj%2BD-bzv-hyoWHdD%2BP9POj0vQ%40mail.gmail.com
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPM0TefJhRSo%252BTL38EcUyj%252BD-bzv-hyoWHdD%252BP9POj0vQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018292698%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LuzzpLd4cYJ2OV3%2F2GolKG3ggYllM%2BmTuaeiYVGa9kI%3D&reserved=0>.
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
Larry Forsyth
Apr 29, 2021, 12:08:20 PM4/29/21
to ansible...@googlegroups.com
I have this in my inventory file:
$ more dfwtesting.yml
---
all:
children:
testing:
hosts:
xxxxxxxxxx.xxx.xxx.xxx:
vars:
host_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ansible_user: "myuser"
ansible_password: "{{ host_password }}"
anislbe_sudo_user: "{{ ansible_user }}"
ansible_sudo_pass: "{{ host_password }}"
ansible_become: yes
ansible_become_password: "{{ host_password }}"
$ more dfwtesting.yml
---
all:
children:
testing:
hosts:
xxxxxxxxxx.xxx.xxx.xxx:
vars:
host_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ansible_user: "myuser"
ansible_password: "{{ host_password }}"
anislbe_sudo_user: "{{ ansible_user }}"
ansible_sudo_pass: "{{ host_password }}"
ansible_become: yes
ansible_become_password: "{{ host_password }}"
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM.
Larry Forsyth
Apr 29, 2021, 12:09:55 PM4/29/21
to ansible...@googlegroups.com
Racke,
I would agree, but I am prohibited from putting passwords into Jenkins in plain-text due to contractual restrictions. Hence, trying to use what ansible-vault (I thought) was supposed to provide.
Thanks,
Larry
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/89483cc8-aa0e-877f-f94f-1f676fa0a19e%40linuxia.de.
Larry Forsyth
Apr 29, 2021, 12:16:05 PM4/29/21
to ansible...@googlegroups.com
Here is my command-line run without using the encrypted password provided by ansible-vault (in this case nothing is done because the server in the inventory has already been patched):
$ ansible-playbook redhatpatching.yml -i testing.yml -l testing -f 5 -u sa_cge_sm -k -K
SSH password:
BECOME password[defaults to SSH password]:
PLAY [dfwtesting] ***************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Check for running databases] **********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Shut down databases] ******************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Check for running databases] **********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Decision point to start applying patches] *********************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Check RPM database integrity] *********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Fix RPM database if check failed] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Upgrade all packages on the server] ***************************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Determine whether reboot is required after update] ************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Reboot server] ************************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Sleep for 120 seconds after reboot] ***************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Ensure latest yum-utils package is installed] *****************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Remove the old kernels from the system] ***********************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Start up the databases] ***************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Run db-repl-ck on all DB servers] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Run db-status on all DB servers] ******************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Run db-summary on all DB servers] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
PLAY RECAP **********************************************************************************************************************************************************************************
xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx : ok=8 changed=5 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
$ ansible-playbook redhatpatching.yml -i testing.yml -l testing -f 5 -u sa_cge_sm -k -K
SSH password:
BECOME password[defaults to SSH password]:
PLAY [dfwtesting] ***************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Check for running databases] **********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Shut down databases] ******************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Check for running databases] **********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Decision point to start applying patches] *********************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Check RPM database integrity] *********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Fix RPM database if check failed] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Upgrade all packages on the server] ***************************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Determine whether reboot is required after update] ************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Reboot server] ************************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Sleep for 120 seconds after reboot] ***************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Ensure latest yum-utils package is installed] *****************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Remove the old kernels from the system] ***********************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Start up the databases] ***************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Run db-repl-ck on all DB servers] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Run db-status on all DB servers] ******************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
TASK [Run db-summary on all DB servers] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]
PLAY RECAP **********************************************************************************************************************************************************************************
xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx : ok=8 changed=5 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
Stefan Hornburg (Racke)
Apr 29, 2021, 12:18:34 PM4/29/21
to ansible...@googlegroups.com
On 4/29/21 6:09 PM, Larry Forsyth wrote:
> Racke,
>
> I would agree, but I am prohibited from putting passwords into Jenkins in plain-text due to contractual restrictions.
> Hence, trying to use what ansible-vault (I thought) was supposed to provide.
>
> Thanks,
> Larry
>
Hello Larry,
> Racke,
>
> I would agree, but I am prohibited from putting passwords into Jenkins in plain-text due to contractual restrictions.
> Hence, trying to use what ansible-vault (I thought) was supposed to provide.
>
> Thanks,
> Larry
>
you could put the password as a secret (https://www.jenkins.io/doc/developer/security/secrets/) into Jenkins.
Regards
Racke
> On Thu, Apr 29, 2021 at 11:31 AM Stefan Hornburg (Racke) <ra...@linuxia.de <mailto:ra...@linuxia.de>> wrote:
>
> On 4/29/21 5:24 PM, Rene Paquin wrote:
> > I am no expert but in my playbooks I point to my files that holds
variables and passwords
> >
> >
> >
> > - hosts: localhost
> >
> > gather_facts: no
> >
> > vars_files:
> >
> > - group_vars/vars
> >
> > - group_vars/vars_sec
> >
> >
> >
> > tasks:
> >
> >
> >
> > Rene
> >
>
> Usually you put the vault password into the configuration/secret variables of your CI system (Jenkins).
>
> Regards
> Racke
>
> >
> >
> >
> >
> >
> >
> > *From:*ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> <ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>> *On Behalf Of *Larry Forsyth
> <ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>> *On Behalf Of *Larry Forsyth
> > *Sent:* April 29, 2021 11:16 AM
> > *To:* ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> > *Subject:* Re: [ansible-project] ansible-vault "A vault password must be specified to decrypt data"
> >
> >
> >
> > *Subject:* Re: [ansible-project] ansible-vault "A vault password must be specified to decrypt data"
> >
> >
> >
> <mailto:rpa...@wlu.ca>>> wrote:
> >
> > Can you show us the contents of your playbook?
> >
> >
> >
> > Rene
> >
> >
> >
> > *From:*ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> <mailto:ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>>
> >
> > Can you show us the contents of your playbook?
> >
> >
> >
> > Rene
> >
> >
> >
> > *From:*ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> <ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> > <mailto:ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>>> *On Behalf Of *Larry Forsyth
> > *Sent:* April 29, 2021 10:32 AM
> > *To:* ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> <mailto:ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>>
> > *To:* ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> > *Subject:* Re: [ansible-project] ansible-vault
"A vault password must be specified to decrypt data"
> >
> >
> >
> > Hi Rene,
> >
> >
> >
> > Thanks for the reply. Are you suggesting
that teh user.yml file be created in this manner?
> >
> > ansible-vault create user.yml --ask-vault-pass
> >
> >
> >
> > ??
> >
> > i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I
> enter
> > it, it still throws this error.
> >
> >
> >
> > Thanks
> >
> >
> >
> > On Thu, Apr 29, 2021 at 10:25 AM Rene Paquin <rpa...@wlu.ca <mailto:rpa...@wlu.ca> <mailto:rpa...@wlu.ca
"A vault password must be specified to decrypt data"
> >
> >
> >
> > Hi Rene,
> >
> >
> >
> > Thanks for the reply. Are you suggesting
that teh user.yml file be created in this manner?
> >
> > ansible-vault create user.yml --ask-vault-pass
> >
> >
> >
> > ??
> >
> > i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I
> enter
> > it, it still throws this error.
> >
> >
> >
> > Thanks
> >
> >
> >
> <mailto:rpa...@wlu.ca>>> wrote:
> >
> > I believe that when encrypting a
password vault you need to run
> with –ask-vault-password
> >
> >
> >
> > Rene
> >
> >
> >
> > *From:*ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> <mailto:ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>>
> >
> > I believe that when encrypting a
password vault you need to run
> with –ask-vault-password
> >
> >
> >
> > Rene
> >
> >
> >
> > *From:*ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> > <ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> <mailto:ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>>> *On Behalf Of *Larry Forsyth
> > *Sent:* April 29, 2021 10:12 AM
> > *To:* Ansible Project <ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> <mailto:ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>>>
> > *To:* Ansible Project <ansible...@googlegroups.com <mailto:ansible...@googlegroups.com>
> <mailto:ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>>.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com>
> > https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com
> >
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F0522d4db-06c7-427e-8a1f-4bed98074a85n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018262715%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=spxvIW%2BJTW6XtWZCvABOOCKJ4oC%2F3c6eTazUgq5Txpw%3D&reserved=0
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F0522d4db-06c7-427e-8a1f-4bed98074a85n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018262715%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=spxvIW%2BJTW6XtWZCvABOOCKJ4oC%2F3c6eTazUgq5Txpw%3D&reserved=0>>.
> >
> > --
> > You received this message because you are subscribed to a topic
> in the Google Groups "Ansible Project" group.
> > To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> <https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe>
> >
> > --
> > You received this message because you are subscribed to a topic
> in the Google Groups "Ansible Project" group.
> > To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> >
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018272707%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=iSxsqKxPDwSGAFIDZNTcl9eNjMUAFJOr6C%2FlI6XN3lk%3D&reserved=0
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018272707%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=iSxsqKxPDwSGAFIDZNTcl9eNjMUAFJOr6C%2FlI6XN3lk%3D&reserved=0>>.
> > To unsubscribe from this group and all its topics, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>
> > To unsubscribe from this group and all its topics, send an email to
> > <mailto:ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295A059F8D70CC954351435D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295A059F8D70CC954351435D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM>
> >
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295A059F8D70CC954351435D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> >
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295A059F8D70CC954351435D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018272707%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=X8EhmwYWluYVywnP821h1LLpoXx%2FTWNzY90U3LD%2Fdk0%3D&reserved=0
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295A059F8D70CC954351435D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018272707%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=X8EhmwYWluYVywnP821h1LLpoXx%2FTWNzY90U3LD%2Fdk0%3D&reserved=0>>.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to
> > ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to
> <mailto:ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/CAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%2BqNVcqZ6%3DmHZHGVu6_HQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%2BqNVcqZ6%3DmHZHGVu6_HQ%40mail.gmail.com>
> >
> https://groups.google.com/d/msgid/ansible-project/CAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%2BqNVcqZ6%3DmHZHGVu6_HQ%40mail.gmail.com
> >
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%252BqNVcqZ6%253DmHZHGVu6_HQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018282705%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=1A0iCYRWHNQeBLqQsbsY5XAM55e4SS5rfscabPB2%2F6M%3D&reserved=0
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%252BqNVcqZ6%253DmHZHGVu6_HQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018282705%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=1A0iCYRWHNQeBLqQsbsY5XAM55e4SS5rfscabPB2%2F6M%3D&reserved=0>>.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
> > To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> <https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe>
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
> > To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> >
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018282705%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Ts2VL3TUFvx6MAIBpsAHpTIVQAESmCwWOO%2FUVg89Gbs%3D&reserved=0
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018282705%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Ts2VL3TUFvx6MAIBpsAHpTIVQAESmCwWOO%2FUVg89Gbs%3D&reserved=0>>.
> > To unsubscribe from this group and all its topics, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>
> > To unsubscribe from this group and all its topics, send an email to
> > <mailto:ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM>
> >
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> >
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018292698%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7OK8oWrlW2OeMd%2FvtjGaUanMiTxO%2Fl42E3Dj9eCJMbs%3D&reserved=0
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018292698%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7OK8oWrlW2OeMd%2FvtjGaUanMiTxO%2Fl42E3Dj9eCJMbs%3D&reserved=0>>.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it,
send an email to
> > ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it,
send an email to
> <mailto:ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/CAFQW1uPM0TefJhRSo%2BTL38EcUyj%2BD-bzv-hyoWHdD%2BP9POj0vQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAFQW1uPM0TefJhRSo%2BTL38EcUyj%2BD-bzv-hyoWHdD%2BP9POj0vQ%40mail.gmail.com>
> >
> https://groups.google.com/d/msgid/ansible-project/CAFQW1uPM0TefJhRSo%2BTL38EcUyj%2BD-bzv-hyoWHdD%2BP9POj0vQ%40mail.gmail.com
> >
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPM0TefJhRSo%252BTL38EcUyj%252BD-bzv-hyoWHdD%252BP9POj0vQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018292698%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LuzzpLd4cYJ2OV3%2F2GolKG3ggYllM%2BmTuaeiYVGa9kI%3D&reserved=0
> <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPM0TefJhRSo%252BTL38EcUyj%252BD-bzv-hyoWHdD%252BP9POj0vQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crpaquin%40wlu.ca%7C701fe295329548337f9408d90b21bf43%7Cb45a5125b29846bc8b89ea5a7343fde8%7C1%7C0%7C637553062018292698%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LuzzpLd4cYJ2OV3%2F2GolKG3ggYllM%2BmTuaeiYVGa9kI%3D&reserved=0>>.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it,
send an email to
> > ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it,
send an email to
> <mailto:ansible-proje...@googlegroups.com <mailto:ansible-project%2Bunsu...@googlegroups.com>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM>
> >
> <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer
> >
> https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
> <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM>
> >
> <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>>.
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> <https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe>.
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
> To unsubscribe from this group and all its topics, send an email to
ansible-proje...@googlegroups.com
> <mailto:ansible-project%2Bunsu...@googlegroups.com>.
ansible-proje...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/89483cc8-aa0e-877f-f94f-1f676fa0a19e%40linuxia.de
> <https://groups.google.com/d/msgid/ansible-project/89483cc8-aa0e-877f-f94f-1f676fa0a19e%40linuxia.de>.
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAFQW1uPAxAYWaUUegUgByBvH304FP5x5i6zOKZ2x8feXiXk9zA%40mail.gmail.com
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/ansible-project/CAFQW1uPAxAYWaUUegUgByBvH304FP5x5i6zOKZ2x8feXiXk9zA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Larry Forsyth
Apr 29, 2021, 12:54:04 PM4/29/21
to ansible...@googlegroups.com
I will take a look at this. thanks!
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5233bf3f-b5a4-4d4e-6ff9-c4915b5528eb%40linuxia.de.
Larry Forsyth
Apr 29, 2021, 4:52:25 PM4/29/21
to ansible...@googlegroups.com
this has been solved. I found an expert here and he suggested this:
The solution was under Configureà “Invoke Ansible Playbook”à”Vault Credentials”. Click “Add” which brings up Jenkins Credentials Provider: Jenkins. Click “Kind” and select “Secret text” from the pull-down. Enter the password at Secret, leave ID (it will be auto-generated) and a description, then Add.
worked like a champ!
Thanks all!
Reply all
Reply to author
Forward
0 new messages