Ansible: Silly error message "Decryption failed"

Created on 5 Feb 2016  路  9Comments  路  Source: ansible/ansible

$ vagrant provision                                                                                                                                                                                                                        
==> default: Running provisioner: ansible...
    default: Running ansible-playbook...
PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --limit='default' --inventory-file=/Users/bob/src/ansible-devops/.vagrant/provisioners/ansible/inventory -v playbook.yml
No config file found; using defaults
ERROR! Decryption failed
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

I am pretty new to Ansible, but I don't recall ever encrypting something, so seeing the message "Decryption failed" seems more like a case of "We failed to provide a useful error message or the program is broken".

Regardless saying "Decryption failed" without saying _what_ the program was trying to decrypt is rather .... silly.

I am using ansible 2.0.0.

Please fix Ansible such that is actually usable.

bug

Most helpful comment

@0xABAB this is the second rude comment I've seen you leave. We're happy to help, but if you continue being abusive to those trying to help (especially community members who aren't even Ansible employees), we will have no choice but to ban you from posting on issues.

All 9 comments

So, can you provides the vagrant file and the ansible file, so someone can reproduce and look at the problem ?

I think you shouldn't talk to me if you ask such newbie questions, sorry. Any serious developer could fix this issue within 5 minutes; I know I can. I just don't particularly feel motivated to do so and I don't have commit access to this project. If I had, I might already have fixed it. Having said that, I prefer to not even use software written by people with such low quality standards.

@0xABAB this is the second rude comment I've seen you leave. We're happy to help, but if you continue being abusive to those trying to help (especially community members who aren't even Ansible employees), we will have no choice but to ban you from posting on issues.

@jimi-c You mean that you are happy to acknowledge every single bug I have reported for free and that you are happy if newbies fix bugs in your inferior product for free and that if I explain to a newbie that he/she is a newbie that this doesn't go well with your corporate strategy of free labor?

I think people like you jimi-c are the worst of the worst... or you are just lacking the intelligence to understand your own behaviour, in which case I would kindly suggest that you just quit your job; you would be doing everyone a favor.

@0xABAB You're being an ass. Please go away.

P.S. The "newbie" who was trying to help you has contributed more than a hundred commits to Ansible over several years.

I'm not using Vagrant and am not very new to ansible but I'm running into the same error - add -vvv doesn't seem to produce any additional info. Unfortunately it feels like the comments so far have turned folks off from helping with this - but I'm happy to provide info (or open a new issue). Ansible is quite usable without this issue being fixed.

My vsphere instance is using a self signed cert but is running SSL and I don't really see any option to turn off cert validation - so my first question is whether that's possibly the issue. I might also be completely using the module incorrectly - here's what I have:

playbook (vm_provision.yml):

- hosts: all
  gather_facts: false
  connection: local

  vars_prompt:
    - name: "vcenter_username"
      prompt: "VCenter Username: "
      private: no
    - name: "vcenter_password"
      prompt: "VCenter Password: "
      private: yes

  tasks:

    - vsphere_guest:
      vcenter_hostname: REDACTED
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        guest: "{{ vm_name }}"
        from_template: yes
        template_src: "{{ vm_template }}"
        cluster: "{{ vm_cluster }}"
        vm_extra_config:
          notes: "{{ vm_note }}"
          folder: "{{ vm_folder }}"

Inventory (redacted items are all strings):

[vmtest]
REDACTED vm_name='testvm'

[vmtest:vars]
vm_datastore='REDACTED'
vm_network='REDACTED'
vm_memory='4096' cpucount='2'
vm_template='REDACTED'
vm_note='Testing'
vm_folder='REDACTED'

ansible run:

ansible-playbook playbooks/vm_provision.yml -i inventory -l vmtest -vvv
SSH password:
SUDO password[defaults to SSH password]:
ERROR! Decryption failed

ansible version info

ansible --version
ansible 2.1.0
  config file = /Users/aaron.nichols/projects/cba-deploy/ansible.cfg
  configured module search path = Default w/o overrides

@adnichols the message is a result of ansible-vault failing to decrypt a vars file, make sure you either pass in a vault password or do not include a vaulted file.

The error has been made clearer in current devel via 0f73fb0d6fce6c01e79a68267d184290408b429d, so closing this ticket as that should make obvious which file caused the issue.

It would be nice to give a reminder to use --vault-password-file, --ask-vault-pass or something to that effect if decryption failed because no password was specified.

"Decryption failed" is a little cryptic.

I know this issue is resolved and I am using ansible 2.1.1.0, but this error message still appears and required google to have a hope of fixing it. It doesn't even mention the vault file in the error message.
Though this post did get me to resolve the issue in my case the cause was because the password used in .vault.passwd was not the one that had created vault.yml. A much better error would be:
"Unable to decrypt {path to vault.yml}"

Was this page helpful?
0 / 5 - 0 ratings