Closed powerpaul17 closed 1 month ago
Hi @powerpaul17 I am not able to reproduce.
Did you change the VAULT_PWD
along the way ?
It seems more like the underlying values could be wrongly encrypted. Could you try to set again all the authentication info of the device in Inventory, your device , Configuration so the values are saved and encrypted again.
I already tried to change the password to a very simple one and updated the configuration of the device. I also removed the data directories and recreated the compose stack. Both times the same errors occurred.
Also I tried the same on a machine with x86_64 architecture and it also didn't work.. 😔
@powerpaul17 Could you tell me if you what kind of ssh authentication are you using? Key based or user/password? Also, what kind of sudo method? Do you have a sudo user AND a sudo password? Could you also tell me if any point you tried to unset one of those parameters?
BTW, checking Ansible Vault code, there is a comment
# In VaultAES, ValueError: invalid padding bytes can mean bad
# password was given
@powerpaul17 Could you tell me if you what kind of ssh authentication are you using? Key based or user/password? Also, what kind of sudo method? Do you have a sudo user AND a sudo password? Could you also tell me if any point you tried to unset one of those parameters?
I used user/password and 'sudo' sudo method. At first I did not set the sudo password but then I tried with it but it didn't work in both cases. No, I didn't explicitly unset these parameters but I reset them after changing the vault secret (like you told me before)
BTW, checking Ansible Vault code, there is a comment
# In VaultAES, ValueError: invalid padding bytes can mean bad # password was given
I think this refers to the vault password. As this is set through the environment variable it should not be wrong?
Do you have the ability to install Squirrel on another device? To test if there is no underlying cryptographic magic.
This error, at this step, means something is wrong with either the SSH password (or key) or the Sudo password, those are the only ones vaulted, hence, triggering vault decryption.
I tried already on another machine and got the same error. Or do you mean I should try adding another machine in Squirrel?
SSH & Sudo password are working on the client machine, I tested it explicitly again.
Well @powerpaul17, I can't understand the issue.
Will you be willing to send me a zip file of both the whole content of/.data.prod/
and your .env
file to squirrelserversmanager[...at...]gmail.com ?
I dont any other way so I can directly reproduce this bug
Ok, thanks for the effort. I tried again putting wrong passwords in SSH/Sudo input fields. When I put the wrong password for SSH, I get a message that the connection was not successful, so I suppose it has to do with the value of the passwords. I'll run some more checks.
FYI, it worked with a SSH key, I don't want to send you my current password but I suppose there are some problematic characters in it.
@powerpaul17 Good clue, I will test with that in mind
@powerpaul17 I am now reproducing the error!
Fix in latest version
Describe the bug It is not possible to run any playbook (including the built-in ones as ping, etc.) because there seems to be a problem with vault decryption. I tried with a very plain password and also with the previous version (0.1.14) and it also did not work.
Logs
To Reproduce Steps to reproduce the behavior:
Expected behavior The playbook should run through without an error.
(please complete the following information):