search

jhaals / ansible-vault

ansible lookup plugin for secrets stored in Vault(by HashiCorp)
BSD 3-Clause "New" or "Revised" License
347 stars 65 forks source link

Errors with lookup #56

Closed BenCoffeed closed 7 years ago

BenCoffeed commented 7 years ago

Problem Description:

I'm trying to use the lookup plugin in Ansible 2.3 in order to look up secrets in my playbooks. However, when I try to run the playbooks, Ansible hangs in the 'gathering facts' phase.

Output:

ansible-playbook app.yml --extra-vars "target_hosts=app01"

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
objc[38943]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
objc[38943]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.

Playbook:

---
- name: Configure App server
  hosts: "{{ target_hosts| default('app-servers') }}"

  vars:
    runtime_env: production
    api_key: "{{ lookup('vault','secret=secret/production/api_key','value') }}"
    aws: "{{ lookup('vault', 'aws/creds/common_get_s3_build') }}"

  environment:
    AWS_ACCESS_KEY: "{{ aws.access_key }}"
    AWS_SECRET_KEY: "{{ aws.secret_key }}"

  pre_tasks:
    - name: install dependencies for ansible
      apt: name={{ item }} state=latest
      with_items:
        - python-psycopg2
        - python-boto

  roles:
    - common
    - { role: users, include_dev: false }
    - postgres
    - { role: production, server_role: app }

Environment information:

ansible.cfg

. . .
lookup_plugins     = ./lookup_plugins
. . .

ls -al lookup_plugins/

total 0
drwxr-xr-x   3 btennant  staff    96 Aug 10 16:34 .
drwxr-xr-x  48 btennant  staff  1536 Aug 10 20:18 ..
drwxr-xr-x   9 btennant  staff   288 Aug 10 16:17 jhaals.ansible-vault
jhaals commented 7 years ago

Hi @BenCoffeed, First of all, Thanks for a detailed report!

I'm running the same versions of OS/Python/Ansible as you are and I have no problems running the ci tests so I think there's something up with your installation/glibc. The issue might be ansible in case it hangs on gathering facts. Going to close the issue since I don't think this has to do with this module.

BenCoffeed commented 7 years ago

Thanks @jhaals I ended up just using the uri module to hit the vault API. I'm going to build out a maintenance server to house all of my Ansible tasks soon and I'll get it set up with a clean build and see if I can reproduce. Thanks for replying.

jhaals commented 7 years ago

Sorry for not being able to provide a better answer but that libc error is probably something else, I hope you'll be able to figure it out.