0

I need to debug a problem related to community.hashi_vault.hashi_vault lookup in ansible. I've installed everything needed - i.e hashivault galaxy collection & hvac python package - and yet, when I run the lookup - the playbook complains that I don't have the package and i should installed it.

Ansible runs on venv:

/usr/bin/python3.8  -m venv playbook/env

different debug outputs:

python3 --version
Python 3.8.16

pip show hvac
Name: hvac
Version: 1.1.0
Summary: HashiCorp Vault API client
Home-page: https://github.com/hvac/hvac
Author: Ian Unruh
Author-email: ianunruh@gmail.com
License: Apache-2.0
Location: /root/playbook/env/lib/python3.8/site-packages
Requires: pyhcl, requests
Required-by:

ansible --version
ansible [core 2.13.10]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /root/playbook/env/lib64/python3.8/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /root/playbook/env/bin/ansible
  python version = 3.8.16 (default, Mar 10 2023, 03:07:59) [GCC 7.3.1 20180712 (Red Hat 7.3.1-15)]
  jinja version = 3.1.2
  libyaml = True

ansible -m debug -a 'var=ansible_python_interpreter' localhost
localhost | SUCCESS => {
    "ansible_python_interpreter": "/root/playbook/env/bin/python3.8"
}

ansible -m debug -a 'var=ansible_playbook_python' localhost
localhost | SUCCESS => {
    "ansible_playbook_python": "/root/playbook/env/bin/python3.8"
}

ansible-galaxy collection list | grep hashi
# /root/.ansible/collections/ansible_collections
[...]
community.hashi_vault 5.0.0

lookup that fails:

consul_gossip_key: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=secret_path url=vault_url').data.gossip_key }}"

Error:

TASK [consul : consul | Configure Consul] **************************************
fatal: [hostname]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'template'. Error was a <class 'ansible.errors.AnsibleError'>, original message:An unhandled exception occurred while templating '{{ lookup('community.hashi_vault.hashi_vault', 'secret/data/some_path url=https://vault.url').data.gossip_key }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'community.hashi_vault.hashi_vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Please pip install hvac to use the hashi_vault lookup module.. Please pip install hvac to use the hashi_vault lookup module.. An unhandled exception occurred while templating '{{ lookup('community.hashi_vault.hashi_vault', 'secret/data/some_path url=https://vault.url').data.gossip_key }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'community.hashi_vault.hashi_vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Please pip install hvac to use the hashi_vault lookup module.. Please pip install hvac to use the hashi_vault lookup module."}

Edit: Also worth mentioning that it's failing only in arm64 AmazonLinux2 AMIs, while on an x86 CentOS AMI - the playbook runs smoothly, including the lookup

Eitan Segel-Lion
  • 9
  • 4

0 Answers0