This sounds like the key is cached by some agent. Investigate that. On Mon, 3 Oct 2022 at 10:41, [email protected] <[email protected]> wrote:
> Hmm, it seems it's not an ansible issue, when i decrypt the key and try it > works. Then encrypting the key, it still works. After few minutes, it stop > working... > From ansible on ubuntu 18.04 (python 3.6) to target 20.04 > > #: ansible --version > [DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the > controller starting with Ansible 2.12. Current version: 3.6.9 (default, Jun > 29 2022, 11:45:57) [GCC > 8.4.0]. This feature will be removed from ansible-core in version 2.12. > Deprecation warnings can be disabled by setting deprecation_warnings=False > in ansible.cfg. > /home/user/.local/lib/python3.6/site-packages/ansible/parsing/vault/__init__.py:44: > CryptographyDeprecationWarning: Python 3.6 is no longer supported by the > Python core team. Therefore, support for it is deprecated in cryptography > and will be removed in a future release. > from cryptography.exceptions import InvalidSignature > ansible [core 2.11.12] > config file = /home/user/projects/ansible/ansible.cfg > configured module search path = ['/home/user/.ansible/plugins/modules', > '/usr/share/ansible/plugins/modules'] > ansible python module location = > /home/user/.local/lib/python3.6/site-packages/ansible > ansible collection location = > /home/user/.ansible/collections:/usr/share/ansible/collections > executable location = /home/user/.local/bin/ansible > python version = 3.6.9 (default, Jun 29 2022, 11:45:57) [GCC 8.4.0] > jinja version = 3.0.3 > libyaml = True > > On Sunday, October 2, 2022 at 11:02:50 PM UTC+3 [email protected] wrote: > >> Can you provide a minimal Ansible playbook with a vaulted variable file >> to see if we can recreate it or see anything amiss? >> >> The error message you're showing states "root @ SOME_IP: Permission >> denied (publickey,password)" which doesn't seem to be ansible-vault related. >> >> On Sunday, October 2, 2022 at 6:15:34 AM UTC-5 [email protected] wrote: >> >>> I'm using in inventory/group_vars/all.yaml: >>> .... >>> *ansible_ssh_private_key_file: >>> '{{inventory_dir}}/group_vars/path/to/key'* >>> >>> This Key is working well when it's plain text >>> When I encrypt the file with ansible-vault, i get the error: >>> >>> >>> >>> * Load key >>> "/home/user/projects/ansible/inventory/group_vars/path/to/key": invalid >>> format root @ SOME_IP: Permission denied (publickey,password). >>> unreachable: true* >>> >>> I am using $*ANSIBLE_VAULT_PASSWORD_FILE *to decrypt everything without >>> asking for password. >>> I have other encrypted secrets in all.yaml that get decrypted. >>> >>> What am I missing ? >>> >>> Thanks! >>> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/533f9f4b-bde3-4347-9087-0f5cf4503c09n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/533f9f4b-bde3-4347-9087-0f5cf4503c09n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLYWErHGywtWV6NJWDYiN4jO%3DoOnS1g%3DDVPh_4bPjFXucA%40mail.gmail.com.
