Failing AppRole Authentication
BenCoffeed opened this issue · comments
Ben Tennant commented
ISSUE TYPE
- Bug Report
ANSIBLE VERSION
ansible 2.4.3.0
config file = /Users/btennant/GitHub/DevOps_bencoffeed/ansible.cfg
configured module search path = [u'/Users/btennant/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /Library/Python/2.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.10 (default, Oct 6 2017, 22:29:07) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.31)]
AND
ansible 2.5.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
CONFIGURATION
ANSIBLE_SSH_ARGS(/var/lib/awx/projects/_7__test/ansible.cfg) = -C -o ControlMaster=auto -o ControlPe
DEFAULT_HOST_LIST(/var/lib/awx/projects/_7__test/ansible.cfg) = [u'/var/lib/awx/projects/_7__test/.a
DEFAULT_LOOKUP_PLUGIN_PATH(/var/lib/awx/projects/_7__test/ansible.cfg) = [u'/var/lib/awx/projects/_7
DEFAULT_ROLES_PATH(/var/lib/awx/projects/_7__test/ansible.cfg) = [u'/var/lib/awx/projects/_7__test/.
DEFAULT_SCP_IF_SSH(/var/lib/awx/projects/_7__test/ansible.cfg) = True
DEFAULT_STDOUT_CALLBACK(/var/lib/awx/projects/_7__test/ansible.cfg) = actionable
HOST_KEY_CHECKING(/var/lib/awx/projects/_7__test/ansible.cfg) = False
PARAMIKO_HOST_KEY_AUTO_ADD(/var/lib/awx/projects/_7__test/ansible.cfg) = True
PARAMIKO_LOOK_FOR_KEYS(/var/lib/awx/projects/_7__test/ansible.cfg) = False
OS / ENVIRONMENT
Tested from CLI using Vagrant/Ansible on OS X High Sierra as well as via a hosted AWX container.
SUMMARY
I'm attempting to follow instructions to use AppRole authentication.
I've set the environment variables mentioned in README.md
ANSIBLE_HASHICORP_VAULT_ROLE_ID
and
ANSIBLE_HASHICORP_VAULT_SECRET_ID
I've confirmed that I'm able to use the vault CLI to retrieve an approle token using the same role_id and secret_id. Additionally, i've ensured that I've set my secred_id ttl and max_num_uses to 0(infinite).
I've reproduced via Vagrant/Ansible locally on OS X High Sierra as well as via AWX containers.
EXPECTED RESULTS
- Correct configuration: Successful lookup via lookup plugin
- Incorrect configuration: Useful error message explaining why the module failed (bad credentials, timeout, etc.)
ACTUAL RESULTS
OS X
TASK [users : Set SSH Keys for Ops Users and Task Users] ***********************
task path: /Users/btennant/GitHub/DevOps_bencoffeed/roles/users/tasks/main.yml:79
fatal: [ben-sandbox01]: FAILED! => {
"msg": "An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <type 'exceptions.AttributeError'>, original message: 'exceptions.AttributeError' object has no attribute 'code'"
}
AWX
fatal: [10.5.0.41]: FAILED! => {
"changed": false,
"msg": "AnsibleError: An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <type 'exceptions.AttributeError'>, original message: 'exceptions.AttributeError' object has no attribute 'code'"
}