ansible-vault
ansible-vault copied to clipboard
vault installation fails on subsequent hosts if it is already installed on the first host
Actual behaviour
I am have 3 vault
servers and the OS got reset on the third (vault03.test.com
).
Then running the playbook over the full cluster, it fails to download and install the binary on it. These steps a skipped because they are not needed on the first host.
TASK [vault : Check Vault installation] ****************************************************************************************************************************************************************************************************
fatal: [vault03.test.com]: FAILED! => {"changed": false, "cmd": "command -v vault", "delta": "0:00:00.003925", "end": "2022-03-02 11:56:38.076209", "msg": "non-zero return code", "rc": 1, "start": "2022-03-02 11:56:38.072284", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
...ignoring
ok: [vault02.test.com]
ok: [vault01.test.com]
...
TASK [vault : Check Vault package checksum file (local)] ***********************************************************************************************************************************************************************************
skipping: [vault01.test.com]
TASK [vault : Get Vault package checksum file (local)] *************************************************************************************************************************************************************************************
skipping: [vault01.test.com]
TASK [vault : Get Vault package checksum (local)] ******************************************************************************************************************************************************************************************
skipping: [vault01.test.com]
TASK [vault : Check Vault package file (local)] ********************************************************************************************************************************************************************************************
skipping: [vault01.test.com]
TASK [vault : Download Vault (local) → https://releases.hashicorp.com/vault/1.9.3/vault_1.9.3_linux_amd64.zip] *****************************************************************************************************************************
skipping: [vault01.test.com]
TASK [vault : Unarchive Vault (local)] *****************************************************************************************************************************************************************************************************
skipping: [vault01.test.com]
TASK [vault : Install Vault] ***************************************************************************************************************************************************************************************************************
skipping: [vault01.test.com]
skipping: [vault02.test.com]
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
fatal: [vault03.test.com]: FAILED! => {"changed": false, "msg": "Could not find or access '/home/buchel_k/git/hashicorp-vault-cluster-setup/software_installation_playbook/roles/vault/files/vault' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}
Expected behaviour
The vault binary will be downloaded when it is missing on any of the selected hosts, not just the first one.
Workaround
Just run the playbook for given host.
Versions
- ansible-vault role: current master branch (dddc74c)
- ansible 2.10.8
- OS: Ubuntu 21.10
Howdy. Just encountered this ourselves. If we destroy a host, then run the role against the cluster, the unarchiving doesn't happen and the copy of 'vault' fails. Have others found a workaround?
Right now, commenting the 'run_once: true' lines in tasks/install.yml seems to be a workaround. I don't know if that makes problems elsewhere?