Vault : ordinal not in range
34 views
Skip to first unread message
YvanM
Dec 21, 2018, 12:46:18 PM12/21/18
to Ansible Project
Hi,
I am using Ansible from a Debian testing host. Each time I try to use a vault file it makes Ansible crash. The content of the vault file is really simple:
dyndns_pwd: 1234
smtpd_pwd: 1234I am sure that it contains only ASCII characters.
Here is the command line I use:
ansible-playbook -i host.ini -bkK --vault-id @prompt main.yml -vvvHere is the log:
TASK [include_vars] ******************************************************************************************************************************************************************************
task path: /some/path/to/playbook/main.yml:33
The full traceback is:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ansible/executor/task_executor.py", line 139, in run
res = self._execute()
File "/usr/lib/python2.7/dist-packages/ansible/executor/task_executor.py", line 603, in _execute
result = self._handler.run(task_vars=variables)
File "/usr/lib/python2.7/dist-packages/ansible/plugins/action/include_vars.py", line 131, in run
self._load_files(self.source_file)
File "/usr/lib/python2.7/dist-packages/ansible/plugins/action/include_vars.py", line 236, in _load_files
b_data, show_content = self._loader._get_file_contents(filename)
File "/usr/lib/python2.7/dist-packages/ansible/parsing/dataloader.py", line 162, in _get_file_contents
return self._decrypt_if_vault_data(data, b_file_name)
File "/usr/lib/python2.7/dist-packages/ansible/parsing/dataloader.py", line 132, in _decrypt_if_vault_data
b_data = self._vault.decrypt(b_vault_data, filename=b_file_name)
File "/usr/lib/python2.7/dist-packages/ansible/parsing/vault/__init__.py", line 658, in decrypt
plaintext, vault_id, vault_secret = self.decrypt_and_get_vault_id(vaulttext, filename=filename)
File "/usr/lib/python2.7/dist-packages/ansible/parsing/vault/__init__.py", line 743, in decrypt_and_get_vault_id
display.vvvvv('Decrypt%s successful with secret=%s and vault_id=%s' % (file_slug, vault_secret, vault_secret_id))
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 36: ordinal not in range(128)
fatal: [home-server]: FAILED! => {
"msg": "Unexpected failure during module execution.",
"stdout": ""
}Would you have any hint?
Thanks in advance,
Yvan
Dick Visser
Dec 21, 2018, 1:00:29 PM12/21/18
to ansible...@googlegroups.com
What version of ansible are you using on this host?
I don't think it matters if the file you're encrypting contains ASCII
or UTF8, or anything else, really.
ansible can encrypt blobs just a well.
What does you encrypted vars file look like?
Because that *should* be only numbers, with a header something like this:
$ANSIBLE_VAULT;1.2;AES256
Dick
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7bd319bf-9d41-45a5-bfe9-a7bc1b4e2727%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
I don't think it matters if the file you're encrypting contains ASCII
or UTF8, or anything else, really.
ansible can encrypt blobs just a well.
What does you encrypted vars file look like?
Because that *should* be only numbers, with a header something like this:
$ANSIBLE_VAULT;1.2;AES256
Dick
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7bd319bf-9d41-45a5-bfe9-a7bc1b4e2727%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
YvanM
Dec 21, 2018, 2:22:58 PM12/21/18
to Ansible Project
Thanks for your fast answer.
I am using Ansible 2.7.1+dfsg-2, but I am almost sure I had the same issue with 2.6.x.
My vault is the following:
$ANSIBLE_VAULT;1.1;AES256
38613831366531323432326436616438363765303566326439336563313534386533396236383035
3363363335383833303665326262666563646465363862330a336639646631336265613639666365
62396566663234303533653934366536313765376135303162306432373662376638326634343432
3933633832353761300a333964393134316265653161633736656233306463346535313761303732
61653363623836383964663365663734346636323735623863396435303938306162663939363135
3634663662386334383263653430653965383162376532633664YvanM
Dec 26, 2018, 4:28:09 AM12/26/18
to Ansible Project
For reference, it seems to be a bug: Ansible can not read a vault file when its path contains non ASCII characters.
It has been reported :
- to upstream: https://github.com/ansible/ansible/issues/50316
Reply all
Reply to author
Forward
0 new messages