I am using Gitlab On Thu, Aug 13, 2020, 12:17 Dick Visser <dick.vis...@geant.org> wrote:
> This seems to be a problem specific to your CI tool, so a logical > place would be to consult the support channels of that CI tool > (whichever it was - you didn't tell). > Either way, how ansible-vault works is explained here: > https://docs.ansible.com/ansible/latest/user_guide/vault.html. > Fix your CI so that it uses ansible-vault using those instructions. > > On Thu, 13 Aug 2020 at 12:07, Papanito <papan...@wyssmann.com> wrote: > > > > Even so I explicitly set python3 as default, I still get the same error > as mentioned. This is what I do on my ci-server > > > > - apt-get install python3.7 python3-apt -qy > > - update-alternatives --install /usr/bin/python python > /usr/bin/python3.7 1 > > - update-alternatives --set python /usr/bin/python3.7 > > > > I can confirm that on my ci-server python 3.7 is installed as default > > > > python --version > > Python 3.7.3 > > On Thursday, August 13, 2020 at 10:13:07 AM UTC+2 Papanito wrote: > >> > >> Ok got it, the ci-machine runs on python 2 whereas on my dev-machine I > have python 3. > >> > >> On Thursday, August 13, 2020 at 9:35:59 AM UTC+2 Papanito wrote: > >>> > >>> I am using ansible 2.9.11 on my dev machine (arch linux) where I > encrypted ./resources/cloudflare/cert.pem. using ansible-vault with a > password file. I have commited the file to source control. > >>> > >>> I can run the playbook without issues on my dev-machine i.e. > decryption works > >>> > >>> Now on my ci machine - which is running ubuntu and ansible 2.7.7 - the > run of the playbook fails with > >>> > >>> > >>> Tried to use the vault secret (default) to decrypt > (/builds/papanito/infrastructure/resources/cloudflare/cert.pem) but it > failed. Error: HMAC verification failed: Signature did not match digest. > >>> fatal: [node003]: FAILED! => { > >>> "msg": "Decryption failed (no vault secrets were found that could > decrypt) on /builds/papanito/infrastructure/resources/cloudflare/cert.pem" > >>> > >>> I can confirm that I have the password-file on the ci-machine and the > password in it is correct. So what's going on here? Why decryption does not > work? > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ansible-project+unsubscr...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/1f3fc51e-4e93-4b16-9233-099274f6e1c5n%40googlegroups.com > . > > > > -- > Dick Visser > Trust & Identity Service Operations Manager > GÉANT > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/Sbl0rexDhRs/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAL8fbwO8pjU%2Beo_5yK1F8Jp4oA4EwpH01z1W15x5j%3DFCo-NGng%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPHZdn%2B5dp%3D5H-08EWY5PFVqU%2BuT3w8%2BiDJk%2Bb0ZeD43E0dXKQ%40mail.gmail.com.
