11

I'm running Ansible 1.8.2. I have a vaulted file created on another system. On that system it works without any problems. However, when I run it on my local system I get the following error:

$» ansible-vault --debug view vars/vaulted_vars.yml
Vault password:
Traceback (most recent call last):
  File "/usr/bin/ansible-vault", line 225, in main
    fn(args, options, parser)
  File "/usr/bin/ansible-vault", line 172, in execute_view
    this_editor.view_file()
  File "/usr/lib/python2.7/site-packages/ansible/utils/vault.py", line 280, in view_file
    dec_data = this_vault.decrypt(tmpdata)
  File "/usr/lib/python2.7/site-packages/ansible/utils/vault.py", line 136, in decrypt
    data = this_cipher.decrypt(data, self.password)
  File "/usr/lib/python2.7/site-packages/ansible/utils/vault.py", line 545, in decrypt
    data = unhexlify(data)
TypeError: Odd-length string

ERROR: Odd-length string

I tried to manually type in the password or copy-pasting it, but the error still happens.

What is going on here and how to fix this error?

Mxx
  • 8,979
  • 4
  • 27
  • 37

4 Answers4

18

Turns out this error is because as of Ansible 1.8.2 it requires a very specific line-end encoding for the vaulted files.

When I had this type of file it would fail:

$» file vaulted_vars.yml
vaulted_vars.yml: ASCII text, with CRLF line terminators

However, once I changed it to this, it started working:

$» file vaulted_vars.yml
vaulted_vars.yml: ASCII text

This whole problem happened because my git client was changing linefeed characters. See this article for specifics: https://help.github.com/articles/dealing-with-line-endings/

Mxx
  • 8,979
  • 4
  • 27
  • 37
  • 1
    Is there a way to isolate the problematic file? or did you find yours from trial&error and/or guessing? I've got the same problem, but i'm hoping to avoid going through all 5 files in each of the 3 roles that i'm configuring. – swv Feb 22 '16 at 19:48
  • Run `file` command on each file and it'll tell you. And/or make sure your git client is configured as I linked above. – Mxx Feb 22 '16 at 19:54
  • 1
    still valid for `ansible 2.2.0.0` as well – 030 Jan 02 '17 at 10:39
  • Please copy the relevant code from the link to avoid that it will be gone if the link is deprecated – 030 Mar 27 '17 at 17:42
2

Even with all these solutions, editing ansible vault files didn't work for me until I set the EDITOR environment variable (for whatever reason it was not set on my Linux distribution):

export EDITOR="/usr/bin/vi"

One way to figure out if this applies to you is to try to view vault files (with ansible-vault view command) and if view works fine but edit doesn't, then you need to set the EDITOR env variable to your favorite editor.

Peyman Mohamadpour
  • 17,954
  • 24
  • 89
  • 100
Vladan Panovic
  • 21
  • 3
  • If `ansible-vault view` works fine then this question doesn't apply to you. – Mxx Mar 02 '18 at 01:08
  • Technically, you're correct, since after fixing the "Odd-length string" error with the above answers, I ended up with the EDITOR env var issue which was throwing a different error ("Permission denied"). I can delete my answer if it doesn't belong here or doesn't provide anynadditional value. – Vladan Panovic Mar 03 '18 at 01:59
1

In my case I had copied the vault variable from the mobaxterm output of ansible-vault encrypt. This also included whitespace at the end. Removing the whitespace solved the problem for me.

kozone
  • 79
  • 1
  • 7
0

As already linked above by @Mxx (Thx!) I have diluted the needed changes for having on LF line endings on a Windows machine:

(Assuming you don't have any uncommited changes and no .gitattributes file yet)

# create the .gitattributes file to set the line endings only for this repo
C:\projects\lfonly>copy con .gitattributes
* text eol=lf
^Z   (thats F6 + Enter)
1 file(s) copied.

# delete all cached local file! Warning any uncommited changes will be lost
git rm --cached -r .
git reset --hard

That did the job for me. I was able to access the vault without having to run sed each time.

Markus
  • 1,887
  • 18
  • 23