0

Question is similar to Inline encrypted variable not JSON serializable

I have an Ansible configuration file that contains many plain text and a single encrypted value.

    config_value: "something in plain text"
    another_value: "another plain text value"
    my_secret: !vault |
                          $ANSIBLE_VAULT;1.1;AES256
                          36343434346535636131316538313039386539363337326432336330393734306562336563386335
                          3663323065343330303039655530313833623439616630320a323730613534613338326263386136
                          33313033363737626230343432363764356336346363306466356330633561353831346433333366
                          3964386161306338300a333164333932333539333565303038643462643137663438326664336431
                          66613433396133633039385664366564626231313230383464356537636434646534

I encrypted the variable the following way, described here:

ansible-vault encrypt_string --vault-password-file path/to/password testvalue

When running include_vars I get the following error message:

TASK [include_vars] ************************************************************
task path: /var/jenkins_home/workspace/path/to/deploy-playbook.yml:21
 [WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.default.CallbackModule object at 0x7f37a284fa90>):
u'testvalue' is not JSON serializable
Callback Exception: 
  File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/executor/task_queue_manager.py", line 375, in send_callback
    method(*new_args, **kwargs)
   File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/plugins/callback/default.py", line 100, in v2_runner_on_ok
    msg += " => %s" % (self._dump_results(result._result),)
   File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/plugins/callback/__init__.py", line 107, in _dump_results
    return json.dumps(abridged_result, indent=indent, ensure_ascii=False, sort_keys=sort_keys)
   File "/usr/lib/python2.7/json/__init__.py", line 251, in dumps
    sort_keys=sort_keys, **kw).encode(obj)
   File "/usr/lib/python2.7/json/encoder.py", line 209, in encode
    chunks = list(chunks)
   File "/usr/lib/python2.7/json/encoder.py", line 434, in _iterencode
    for chunk in _iterencode_dict(o, _current_indent_level):
   File "/usr/lib/python2.7/json/encoder.py", line 408, in _iterencode_dict
    for chunk in chunks:
   File "/usr/lib/python2.7/json/encoder.py", line 408, in _iterencode_dict
    for chunk in chunks:
   File "/usr/lib/python2.7/json/encoder.py", line 442, in _iterencode
    o = _default(o)
   File "/usr/lib/python2.7/json/encoder.py", line 184, in default
    raise TypeError(repr(o) + " is not JSON serializable")

I've also tried the following commands to encrypt the secret but no luck:

ansible-vault encrypt_string --vault-password-file path/to/password 'testvalue'
ansible-vault encrypt_string --vault-password-file path/to/password "testvalue'
ansible-vault encrypt_string --vault-password-file path/to/password "'testvalue'"
Tobias
  • 4,999
  • 7
  • 34
  • 40
  • See if there's a solution that works for you in this thread: [AWX Issue #223: Support vault encrypted secrets in the inventory source #223](https://github.com/ansible/awx/issues/223). Please post back what you learn. – paulsm4 Oct 20 '18 at 00:15
  • 1
    Works with ansible `2.6.4` on CentOS 6 – JGK Oct 22 '18 at 06:47

1 Answers1

0

The "error message" is actually not preventing the secret (my_secret) or any other configuration values in the same file from being usable.

I was on ansible 2.4.2 before, upgrading to 2.7.0 fixed the issue.

Tobias
  • 4,999
  • 7
  • 34
  • 40