0

Hello I am trying to run the following playbook using the vault, but i can't seem to get it to work.

Created an ansible vault file using:

ansible-valut create group_vars/routers

in there i had the following entries:

ansible_ssh_user: admin
ansible_ssh_pw: admin
auth_pass: admin

Then i had the following playbook:

---
- hosts:routers
  gather_facts: true
  connection: local

  tasks:
    - name: show run
      ios_command:
        authorize: yes
        auth_pass: "{{ auth_pass }}"
        commands:
          - show run
      register: config

When i try to run it using this cli command

ansible-playbook -u admin script.yaml --ask-vault-pass

I get the following error everytime

Unable to elevate privelage to enable mode, at prompt [None] with error: timeout value 10 seconds reached while trying to send command: enable

UPDATE

If i change the connection to network_cli, now i get the following error:

fatal: [ROUTER-A]: Failed! => {"changed": false, "msg": "show run\r\n       ^\r\n% Invalid input detected at '^' marker.\r\n\rROUTER-A>"}
Mr39
  • 51
  • 1
  • 10
  • [I downvoted because lacking an MCVE makes it hard to answer](http://idownvotedbecau.se/nomcve/) .You're missing the concept. Files can be encrypted with [Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html#ansible-vault), but if you want to encrypt variables you will be better off with [Encrypted variables](https://docs.ansible.com/ansible/latest/user_guide/vault.html#use-encrypt-string-to-create-encrypted-variables-to-embed-in-yaml). It is not clear how do you use the encrypted data. – Vladimir Botka Mar 07 '19 at 17:16
  • Not sure why you say that, because i am using the auth_pass: "{{ auth_pass }}" which is inside the vault that i created. – Mr39 Mar 07 '19 at 17:24
  • Which i might not be calling it right, that is why i am asking the question. – Mr39 Mar 07 '19 at 17:27

1 Answers1

0

See minimal example below. Text to be encrypted in the file is

    shell> cat group_vars/routers
    test: "TEST VARIABLE"

    shell> set | grep VAULT
    ANSIBLE_VAULT_PASSWORD_FILE=/home/admin/.vault_pass.txt

    shell> ls -1
    ansible.cfg
    group_vars
    hosts
    test.yml

    shell> cat ansible.cfg 
    [defaults]
    inventory = $PWD/hosts

    shell> cat hosts
    localhost
    [routers]
    localhost

    shell> ansible-vault create group_vars/routers
    shell> cat group_vars/routers 
    $ANSIBLE_VAULT;1.1;AES256
    3733 ...

    shell> cat test.yml 
    - hosts: routers
      tasks:
      - debug: var=test

    shell> ansible-playbook test.yml 
    PLAY [routers] 
    TASK [Gathering Facts] 
    ok: [localhost]
    TASK [debug] 
    ok: [localhost] => {
    "test": "TEST VARIABLE"
    }
    PLAY RECAP 
    localhost: ok=2    changed=0    unreachable=0    failed=0
Vladimir Botka
  • 58,131
  • 4
  • 32
  • 63
  • i just tried running the same thing on my box, and i am getting the error no authentication methods available... how are you able to run that without adding the --ask-vault-pass i tried it with that and without, when i do it without i get, "attempting to decrypt but no vault secrets found" – Mr39 Mar 07 '19 at 18:27
  • Environment variable is used. ANSIBLE_VAULT_PASSWORD_FILE=/home/admin/.vault_pass.txt – Vladimir Botka Mar 07 '19 at 18:36
  • I just tried that, and i'm still getting the no authentication methods available – Mr39 Mar 07 '19 at 18:43
  • Ok i got it to display correctly now, but i'm still having the enable issue, where i can't get into privelage mode for some reason, is that bug or is there a fix for that? – Mr39 Mar 07 '19 at 21:57