ansible-vault "A vault password must be specified to decrypt data"

Having difficulties getting my playbook to run successfully using password encrypted by ansible-vault. Running on RHEL 7.9.

$ ansible-playbook --version

ansible-playbook 2.9.18

config file = /home/CGE/sa_cge_sm/projects/tavs-patching/ansible.cfg

configured module search path = [u’/home/CGE/sa_cge_sm/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]

ansible python module location = /usr/lib/python2.7/site-packages/ansible

executable location = /bin/ansible-playbook

python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

Created user.yml via ansible-vault:
$ ansible-vault create user.yml

New Vault password:

Confirm New Vault password:

sent into vi, and entered password. Saved file. It appears the encryption is performed properly

]$ cat user.yml

$ANSIBLE_VAULT;1.1;AES256

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Possibly user-error here (relatively new to ansible). When I run playbook:

$ ansible-playbook redhatpatching.yml -i dfwtesting.yml -l dfwtesting -f 5 -u sa_cge_sm --vault-password-file ./user.yml -k

SSH password:

[WARNING]: Error in vault password file loading (default): A vault password must be specified to decrypt data

ERROR! A vault password must be specified to decrypt data

Isn’t ansible-vault designed to not require a password to be entered?

Thanks!

I believe that when encrypting a password vault you need to run with –ask-vault-password

Rene

Hi Rene,

Thanks for the reply. Are you suggesting that teh user.yml file be created in this manner?

ansible-vault create user.yml --ask-vault-pass

??

i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I enter it, it still throws this error.

Thanks

Can you show us the contents of your playbook?

Rene

I neglected to mention - this runs at command-line if I do not use the password file created by ansible-vault. I need to do this to allow me to create a Jenkins job and not have to enter a password when that runs. Sorry for that omission. Here is the playbook:

$ cat redhatpatching.yml

I am no expert but in my playbooks I point to my files that holds variables and passwords

  • hosts: localhost

gather_facts: no

vars_files:

  • group_vars/vars

  • group_vars/vars_sec

tasks:

Rene

I am no expert but in my playbooks I point to my files that holds variables and passwords

- hosts: localhost

gather_facts: no

vars_files:

\- group\_vars/vars

\- group\_vars/vars\_sec

tasks:

Rene

Usually you put the vault password into the configuration/secret variables of your CI system (Jenkins).

Regards
        Racke

*From:*ansible-project@googlegroups.com <ansible-project@googlegroups.com> *On Behalf Of *Larry Forsyth
*Sent:* April 29, 2021 11:16 AM
*To:* ansible-project@googlegroups.com
*Subject:* Re: [ansible-project] ansible-vault "A vault password must be specified to decrypt data"

I neglected to mention - this runs at command-line if I do not use the password file created by ansible-vault. I need
to do this to allow me to create a Jenkins job and not have to enter a password when that runs. Sorry for that
omission. Here is the playbook:

$ cat redhatpatching.yml
---
## Ansible Playbook to apply O/S patches on RHEL servers
## 1. Check for running databases.
## 2. Shut down databases if found to be running.
## 3. Check for running databases.
## 4. Stop processing playbook for server(s) with databases running.
## 5. Check integrity of the RPM database.
## 6. Fix RPM database if check failed.
## 7. Update the server via yum update
## 8. Validate whether kernel patches were applied and whether system needs to be rebooted
## 9. Reboot server if required
## 10. Wait 90 seconds minutes for servers to boot up
## 11. Confirm current version of yum-utils
## 12. Remove old kernel from host
## 13. Run all-start on all DB servers
## 14. Run db_repl_ck on all DB servers
## 15. Run db_status on all DB servers

- hosts: dfwtesting
become: true

tasks:

\# Purpose: Check for running databases or if they are ALL 

down

\- name: Check for running databases
  shell: if ps \-eaf | egrep &quot;/sw/oe/11\.7/bin/\_mprshut|/sw/oe/11\.7/bin/\_mprosrv&quot; | grep \-v grep &gt; /dev/null; then

echo 'databases_running'; else echo 'databases_not_running'; fi
ignore_errors: false
register: db_running_check

\# Purpose: Run all\-stop on all DB servers
\- name: Shut down databases
  become: sa\_cge\_sm
  shell: if /sw/bin/all\-stop; then /sw/bin/all\-stop;fi
  when: db\_running\_check\.stdout == &quot;databases\_running&quot;

\# Purpose: Check for running databases or if they are ALL 

down

\- name: Check for running databases
  shell: if ps \-eaf | egrep &quot;/sw/oe/11\.7/bin/\_mprshut|/sw/oe/11\.7/bin/\_mprosrv&quot; | grep \-v grep &gt; /dev/null; then

echo 'databases_running'; else echo 'databases_not_running'; fi
ignore_errors: false
register: db_shutdown_check

\# Purpose: Quit playbook on server if databases are running
\- name: Decision point to start applying patches
  fail: msg=&quot;\{\{ inventory\_hostname \}\} STILL has running databases\.  STOP the databases first and try patching again\.&quot;
  when: db\_shutdown\_check\.stdout == &quot;databases\_running&quot;

\# Purpose: Check RPM database integrity
\- name: Check RPM database integrity
  shell: if cd /var/lib/rpm; /usr/lib/rpm/rpmdb\_verify Packages | grep &quot;Verification of Packages succeeded&quot; &gt;

/dev/null; then echo 'rpm_db_ok'; else echo 'rpm_db_not_ok'; fi
ignore_errors: false
register: rpm_db_status

\# Purpose: Fix RPM database if check failed
\- name: Fix RPM database if check failed
  shell: cd /var/lib/rpm; rm \-f rm \-f \_\_db\.\[0\-9\]\[0\-9\]\[0\-9\]; rpm \-\-quiet \-qa; /usr/lib/rpm/rpmdb\_verify Packages
  when: rpm\_db\_status\.stdout == &quot;rpm\_db\_not\_ok&quot;

\# Update the server via yum
\- name: Upgrade all packages on the server
  yum:
    name: &#39;\*&#39;
    state: latest
  when: db\_shutdown\_check\.stdout == &quot;databases\_not\_running&quot; and ansible\_distribution == &#39;RedHat&#39;
  register: yum\_update

\# Validate whether kernel patches were applied and whether system needs to be rebooted
\- name: Determine whether reboot is required after update
  shell: KERNEL\_NEW=$\(rpm \-q \-\-last kernel | head \-1 | awk &#39;\{print $1\}&#39; | sed &#39;s/kernel\-//&#39;\); KERNEL\_NOW=$\(uname

-r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed"; else echo "reboot_not_needed"; fi
ignore_errors: true
register: reboot_required

\# Restart the server when required
\- name: Reboot server
  reboot:
  when: reboot\_required\.stdout == &quot;reboot\_needed&quot;

\# Wait 2 minutes for server to boot up
\- name: Sleep for 120 seconds after reboot
  pause:
    seconds: 120
  when: reboot\_required\.stdout == &quot;reboot\_needed&quot;

\# Confirm latest yum\-utils is available
\- name: Ensure latest yum\-utils package is installed
  yum:
    name: yum\-utils
    state: latest

\# Remove old kernel from host
\- name: Remove the old kernels from the system
  shell: package\-cleanup \-\-oldkernels \-\-count=2 \-y

\# Purpose: Run all\-start on all DB servers
\- name: Start up the databases
  become: sa\_cge\_sm
  shell: if /sw/bin/all\-start; then /sw/bin/all\-start; fi
  when: db\_running\_check\.stdout == &quot;databases\_running&quot;

\# Purpose: Run db\_repl\_ck on all DB servers
\- name: Run db\-repl\-ck on all DB servers
  become: sa\_cge\_sm
  shell: /sw/bin/db\-repl\-ck &gt; /tavs\_sm/logs/admin/patching/db\-repl\-ck\-$\(hostname \-s\)\-$\(date \+%F\)\.out
  when: db\_running\_check\.stdout == &quot;databases\_running&quot;

\# Purpose: Run db\_status on all DB servers
\- name: Run db\-status on all DB servers
  become: sa\_cge\_sm
  shell: /sw/bin/db\-status &gt; /tavs\_sm/logs/admin/patching/db\-status\-$\(hostname \-s\)\-$\(date \+%F\)\.out
  when: db\_running\_check\.stdout == &quot;databases\_running&quot;

\# Purpose: Run db\-summary on all DB servers
\- name: Run db\-summary on all DB servers
  become: sa\_cge\_sm
  shell: /tavs\_sm/temp/db\-summary &gt; /tavs\_sm/logs/admin/patching/db\-summary\-$\(hostname \-s\)\-$\(date \+%F\)\.out
  when: db\_running\_check\.stdout == &quot;databases\_running&quot;

    Can you show us the contents of your playbook?

    

    Rene

    

    *From:*ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com> <ansible-project@googlegroups.com
    <mailto:ansible-project@googlegroups.com>> *On Behalf Of *Larry Forsyth
    *Sent:* April 29, 2021 10:32 AM
    *To:* ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    *Subject:* Re: [ansible-project] ansible-vault "A vault password must be specified to decrypt data"

    

    Hi Rene,

    

    Thanks for the reply. Are you suggesting that teh user.yml file be created in this manner?

    ansible-vault create user.yml --ask-vault-pass

    

    ??

    i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I enter
    it, it still throws this error.

    

    Thanks

    

        I believe that when encrypting a password vault you need to run

with –ask-vault-password

        

        Rene

        

        *From:*ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
        <ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>> *On Behalf Of *Larry Forsyth
        *Sent:* April 29, 2021 10:12 AM
        *To:* Ansible Project <ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>>
        *Subject:* [ansible-project] ansible-vault "A vault password must be specified to decrypt data"

        

        Having difficulties getting my playbook to run successfully using password encrypted by ansible-vault. Running
        on RHEL 7.9.

        

        $ ansible-playbook --version

        ansible-playbook 2.9.18

         config file = /home/CGE/sa_cge_sm/projects/tavs-patching/ansible.cfg

         configured module search path = [u'/home/CGE/sa_cge_sm/.ansible/plugins/modules',
        u'/usr/share/ansible/plugins/modules']

         ansible python module location = /usr/lib/python2.7/site-packages/ansible

         executable location = /bin/ansible-playbook

         python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

        Created user.yml via ansible-vault:
        $ ansible-vault create user.yml

        New Vault password: <password entered>

        Confirm New Vault password: <password entered>

        sent into vi, and entered password. Saved file. It appears the encryption is performed properly

        ]$ cat user.yml

        $ANSIBLE_VAULT;1.1;AES256

        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        Possibly user-error here (relatively new to ansible). When I run playbook:

        $ ansible-playbook redhatpatching.yml -i dfwtesting.yml -l dfwtesting -f 5 -u sa_cge_sm --vault-password-file
        ./user.yml -k

        SSH password:

        [WARNING]: Error in vault password file loading (default): A vault password must be specified to decrypt data

        ERROR! A vault password must be specified to decrypt data

        

        Isn't ansible-vault designed to not require a password to be entered?

        

        Thanks!

        

        --
        You received this message because you are subscribed to the Google Groups "Ansible Project" group.
        To unsubscribe from this group and stop receiving emails from it, send an email to
        ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project+unsubscribe@googlegroups.com>.
        To view this discussion on the web visit
        https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com
        <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F0522d4db-06c7-427e-8a1f-4bed98074a85n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018262715|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=spxvIW%2BJTW6XtWZCvABOOCKJ4oC%2F3c6eTazUgq5Txpw%3D&reserved=0&gt;\.

        --
        You received this message because you are subscribed to a topic

in the Google Groups "Ansible Project" group.

        To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
        <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018272707|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=iSxsqKxPDwSGAFIDZNTcl9eNjMUAFJOr6C%2FlI6XN3lk%3D&reserved=0&gt;\.
        To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com
        <mailto:ansible-project+unsubscribe@googlegroups.com>.
        To view this discussion on the web visit
        https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295A059F8D70CC954351435D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
        <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295A059F8D70CC954351435D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018272707|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=X8EhmwYWluYVywnP821h1LLpoXx%2FTWNzY90U3LD%2Fdk0%3D&reserved=0&gt;\.

    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to
    ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project+unsubscribe@googlegroups.com>.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/ansible-project/CAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%2BqNVcqZ6%3DmHZHGVu6_HQ%40mail.gmail.com
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%252BqNVcqZ6%253DmHZHGVu6_HQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018282705|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=1A0iCYRWHNQeBLqQsbsY5XAM55e4SS5rfscabPB2%2F6M%3D&reserved=0&gt;\.

    --
    You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
    To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018282705|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=Ts2VL3TUFvx6MAIBpsAHpTIVQAESmCwWOO%2FUVg89Gbs%3D&reserved=0&gt;\.
    To unsubscribe from this group and all its topics, send an email to

ansible-project+unsubscribe@googlegroups.com

I have this in my inventory file:

$ more dfwtesting.yml

Racke,

I would agree, but I am prohibited from putting passwords into Jenkins in plain-text due to contractual restrictions. Hence, trying to use what ansible-vault (I thought) was supposed to provide.

Thanks,
Larry

Here is my command-line run without using the encrypted password provided by ansible-vault (in this case nothing is done because the server in the inventory has already been patched):

$ ansible-playbook redhatpatching.yml -i testing.yml -l testing -f 5 -u sa_cge_sm -k -K
SSH password:
BECOME password[defaults to SSH password]:

PLAY [dfwtesting] ***************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Check for running databases] **********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Shut down databases] ******************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Check for running databases] **********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Decision point to start applying patches] *********************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Check RPM database integrity] *********************************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Fix RPM database if check failed] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Upgrade all packages on the server] ***************************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Determine whether reboot is required after update] ************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Reboot server] ************************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Sleep for 120 seconds after reboot] ***************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Ensure latest yum-utils package is installed] *****************************************************************************************************************************************
ok: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Remove the old kernels from the system] ***********************************************************************************************************************************************
changed: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Start up the databases] ***************************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Run db-repl-ck on all DB servers] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Run db-status on all DB servers] ******************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

TASK [Run db-summary on all DB servers] *****************************************************************************************************************************************************
skipping: [xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx]

PLAY RECAP **********************************************************************************************************************************************************************************
xxxxxxxxxxx.xxx.xxxxxx.xxxx.xxxx : ok=8 changed=5 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0

Racke,

I would agree, but I am prohibited from putting passwords into Jenkins in plain-text due to contractual restrictions.
Hence, trying to use what ansible-vault (I thought) was supposed to provide.

Thanks,
Larry

Hello Larry,

you could put the password as a secret (https://www.jenkins.io/doc/developer/security/secrets/) into Jenkins.

Regards
         Racke

    > I am no expert but in my playbooks I point to my files that holds

variables and passwords

    >
    >
    >
    > - hosts: localhost
    >
    > gather_facts: no
    >
    > vars_files:
    >
    > - group_vars/vars
    >
    > - group_vars/vars_sec
    >
    >
    >
    > tasks:
    >
    >
    >
    > Rene
    >

    Usually you put the vault password into the configuration/secret variables of your CI system (Jenkins).

    Regards
     Racke

    >
    >
    >
    >
    >
    >
    > *From:*ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    <ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>> *On Behalf Of *Larry Forsyth
    > *Sent:* April 29, 2021 11:16 AM
    > *To:* ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    > *Subject:* Re: [ansible-project] ansible-vault "A vault password must be specified to decrypt data"
    >
    >
    >
    > I neglected to mention - this runs at command-line if I do not use the password file created by ansible-vault. I need
    > to do this to allow me to create a Jenkins job and not have to enter a password when that runs. Sorry for that
    > omission. Here is the playbook:
    >
    >
    >
    > $ cat redhatpatching.yml
    > ---
    > ## Ansible Playbook to apply O/S patches on RHEL servers
    > ## 1. Check for running databases.
    > ## 2. Shut down databases if found to be running.
    > ## 3. Check for running databases.
    > ## 4. Stop processing playbook for server(s) with databases

running.

    > ## 5. Check integrity of the RPM database.
    > ## 6. Fix RPM database if check failed.
    > ## 7. Update the server via yum update
    > ## 8. Validate whether kernel patches were applied and whether system needs to be rebooted
    > ## 9. Reboot server if required
    > ## 10. Wait 90 seconds minutes for servers to boot up
    > ## 11. Confirm current version of yum-utils
    > ## 12. Remove old kernel from host
    > ## 13. Run all-start on all DB servers
    > ## 14. Run db_repl_ck on all DB servers
    > ## 15. Run db_status on all DB servers
    >
    > - hosts: dfwtesting
    > become: true
    >
    > tasks:
    >
    > # Purpose: Check for running databases or if they are ALL
    down
    > - name: Check for running databases
    > shell: if ps -eaf | egrep "/sw/oe/11.7/bin/_mprshut|/sw/oe/11.7/bin/_mprosrv" | grep -v grep > /dev/null; then
    > echo 'databases_running'; else echo 'databases_not_running'; fi
    > ignore_errors: false
    > register: db_running_check
    >
    > # Purpose: Run all-stop on all DB servers
    > - name: Shut down databases
    > become: sa_cge_sm
    > shell: if /sw/bin/all-stop; then /sw/bin/all-stop;fi
    > when: db_running_check.stdout == "databases_running"
    >
    > # Purpose: Check for running databases or if they are ALL
    down
    > - name: Check for running databases
    > shell: if ps -eaf | egrep "/sw/oe/11.7/bin/_mprshut|/sw/oe/11.7/bin/_mprosrv" | grep -v grep > /dev/null; then
    > echo 'databases_running'; else echo 'databases_not_running'; fi
    > ignore_errors: false
    > register: db_shutdown_check
    >
    > # Purpose: Quit playbook on server if databases are

running

    > - name: Decision point to start applying patches
    > fail: msg="{{ inventory_hostname }} STILL has running databases. STOP the databases first and try patching
    again."
    > when: db_shutdown_check.stdout == "databases_running"
    >
    > # Purpose: Check RPM database integrity
    > - name: Check RPM database integrity
    > shell: if cd /var/lib/rpm; /usr/lib/rpm/rpmdb_verify Packages | grep "Verification of Packages succeeded" >
    > /dev/null; then echo 'rpm_db_ok'; else echo 'rpm_db_not_ok'; fi
    > ignore_errors: false
    > register: rpm_db_status
    >
    > # Purpose: Fix RPM database if check failed
    > - name: Fix RPM database if check failed
    > shell: cd /var/lib/rpm; rm -f rm -f __db.[0-9][0-9][0-9]; rpm --quiet -qa; /usr/lib/rpm/rpmdb_verify Packages
    > when: rpm_db_status.stdout == "rpm_db_not_ok"
    >
    > # Update the server via yum
    > - name: Upgrade all packages on the server
    > yum:
    > name: '*'
    > state: latest
    > when: db_shutdown_check.stdout == "databases_not_running" and ansible_distribution == 'RedHat'
    > register: yum_update
    >
    > # Validate whether kernel patches were applied and whether system needs to be rebooted
    > - name: Determine whether reboot is required after update
    > shell: KERNEL_NEW=$(rpm -q --last kernel |

head -1 | awk '{print $1}' | sed 's/kernel-//'); KERNEL_NOW=$(uname

    > -r); if [[ $KERNEL_NEW != $KERNEL_NOW ]]; then echo "reboot_needed"; else echo "reboot_not_needed"; fi
    > ignore_errors: true
    > register: reboot_required
    >
    > # Restart the server when required
    > - name: Reboot server
    > reboot:
    > when: reboot_required.stdout == "reboot_needed"
    >
    > # Wait 2 minutes for server to boot up
    > - name: Sleep for 120 seconds after reboot
    > pause:
    > seconds: 120
    > when: reboot_required.stdout == "reboot_needed"
    >
    > # Confirm latest yum-utils is available
    > - name: Ensure latest yum-utils package is installed
    > yum:
    > name: yum-utils
    > state: latest
    >
    > # Remove old kernel from host
    > - name: Remove the old kernels from the system
    > shell: package-cleanup --oldkernels --count=2 -y
    >
    > # Purpose: Run all-start on all DB servers
    > - name: Start up the databases
    > become: sa_cge_sm
    > shell: if /sw/bin/all-start; then /sw/bin/all-start; fi
    > when: db_running_check.stdout == "databases_running"
    >
    > # Purpose: Run db_repl_ck on all DB servers
    > - name: Run db-repl-ck on all DB servers
    > become: sa_cge_sm
    > shell: /sw/bin/db-repl-ck > /tavs_sm/logs/admin/patching/db-repl-ck-$(hostname -s)-$(date +%F).out
    > when: db_running_check.stdout == "databases_running"
    >
    > # Purpose: Run db_status on all DB servers
    > - name: Run db-status on all DB servers
    > become: sa_cge_sm
    > shell: /sw/bin/db-status > /tavs_sm/logs/admin/patching/db-status-$(hostname -s)-$(date +%F).out
    > when: db_running_check.stdout == "databases_running"
    >
    > # Purpose: Run db-summary on all DB servers
    > - name: Run db-summary on all DB servers
    > become: sa_cge_sm
    > shell: /tavs_sm/temp/db-summary > /tavs_sm/logs/admin/patching/db-summary-$(hostname -s)-$(date +%F).out
    > when: db_running_check.stdout == "databases_running"
    >
    >
    >
    >
    > Can you show us the contents of your playbook?
    >
    >
    >
    > Rene
    >
    >
    >
    > *From:*ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    <mailto:ansible-project@googlegroups.com>
    <ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    > <mailto:ansible-project@googlegroups.com>> *On Behalf Of *Larry Forsyth
    > *Sent:* April 29, 2021 10:32 AM
    > *To:* ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    <mailto:ansible-project@googlegroups.com>
    > *Subject:* Re: [ansible-project] ansible-vault

"A vault password must be specified to decrypt data"

    >
    >
    >
    > Hi Rene,
    >
    >
    >
    > Thanks for the reply. Are you suggesting

that teh user.yml file be created in this manner?

    >
    > ansible-vault create user.yml --ask-vault-pass
    >
    >
    >
    > ??
    >
    > i just tried that, and the file did get created, but playbook execution still asks for SSH password and when I
    enter
    > it, it still throws this error.
    >
    >
    >
    > Thanks
    >
    >
    >
    >
    > I believe that when encrypting a

password vault you need to run

    with –ask-vault-password
    >
    >
    >
    > Rene
    >
    >
    >
    > *From:*ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    <mailto:ansible-project@googlegroups.com>
    > <ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    <mailto:ansible-project@googlegroups.com>> *On Behalf Of *Larry Forsyth
    > *Sent:* April 29, 2021 10:12 AM
    > *To:* Ansible Project <ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>
    <mailto:ansible-project@googlegroups.com>>
    > *Subject:* [ansible-project] ansible-vault "A vault password must be specified to decrypt data"
    >
    >
    >
    > Having difficulties getting my playbook to run successfully using password encrypted by ansible-vault.
    Running
    > on RHEL 7.9.
    >
    >
    >
    > $ ansible-playbook --version
    >
    > ansible-playbook 2.9.18
    >
    > config file = /home/CGE/sa_cge_sm/projects/tavs-patching/ansible.cfg
    >
    > configured module search path = [u'/home/CGE/sa_cge_sm/.ansible/plugins/modules',
    > u'/usr/share/ansible/plugins/modules']
    >
    > ansible python module location = /usr/lib/python2.7/site-packages/ansible
    >
    > executable location = /bin/ansible-playbook
    >
    > python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
    >
    > Created user.yml via ansible-vault:
    > $ ansible-vault create user.yml
    >
    > New Vault password: <password entered>
    >
    > Confirm New Vault password:

<password entered>

    >
    > sent into vi, and entered password. Saved file. It appears the encryption is performed properly
    >
    > ]$ cat user.yml
    >
    > $ANSIBLE_VAULT;1.1;AES256
    >
    >
     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    >
    > Possibly user-error here (relatively new to ansible). When I run playbook:
    >
    > $ ansible-playbook redhatpatching.yml -i dfwtesting.yml -l dfwtesting -f 5 -u sa_cge_sm --vault-password-file
    > ./user.yml -k
    >
    > SSH password:
    >
    > [WARNING]: Error in vault password file loading (default): A vault password must be specified to decrypt data
    >
    > ERROR! A vault password must be specified to decrypt data
    >
    >
    >
    > Isn't ansible-vault designed to not require a password to be entered?
    >
    >
    >
    > Thanks!
    >
    >
    >
    > --
    > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    > To unsubscribe from this group and stop receiving emails from it, send an email to
    > ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>
    <mailto:ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>>.
    > To view this discussion on the web visit
    > https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com
    <https://groups.google.com/d/msgid/ansible-project/0522d4db-06c7-427e-8a1f-4bed98074a85n%40googlegroups.com&gt;
    >
     <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F0522d4db-06c7-427e-8a1f-4bed98074a85n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018262715|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=spxvIW%2BJTW6XtWZCvABOOCKJ4oC%2F3c6eTazUgq5Txpw%3D&reserved=0
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F0522d4db-06c7-427e-8a1f-4bed98074a85n%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018262715|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=spxvIW%2BJTW6XtWZCvABOOCKJ4oC%2F3c6eTazUgq5Txpw%3D&reserved=0&gt;&gt;\.
    >
    > --
    > You received this message because you are subscribed to a topic
    in the Google Groups "Ansible Project" group.
    > To unsubscribe from this topic, visit
    https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
    <https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe&gt;
    >
     <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018272707|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=iSxsqKxPDwSGAFIDZNTcl9eNjMUAFJOr6C%2FlI6XN3lk%3D&reserved=0
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018272707|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=iSxsqKxPDwSGAFIDZNTcl9eNjMUAFJOr6C%2FlI6XN3lk%3D&reserved=0&gt;&gt;\.
    > To unsubscribe from this group and all its topics, send an email to
    ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>
    > <mailto:ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>>.
    > To view this discussion on the web visit
    >
     https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295A059F8D70CC954351435D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
    <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295A059F8D70CC954351435D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM&gt;
    >
     <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295A059F8D70CC954351435D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018272707|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=X8EhmwYWluYVywnP821h1LLpoXx%2FTWNzY90U3LD%2Fdk0%3D&reserved=0
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295A059F8D70CC954351435D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018272707|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=X8EhmwYWluYVywnP821h1LLpoXx%2FTWNzY90U3LD%2Fdk0%3D&reserved=0&gt;&gt;\.
    >
    > --
    > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    > To unsubscribe from this group and stop receiving emails from it, send an email to
    > ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>
    <mailto:ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>>.
    > To view this discussion on the web visit
    >
     https://groups.google.com/d/msgid/ansible-project/CAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%2BqNVcqZ6%3DmHZHGVu6_HQ%40mail.gmail.com
    <https://groups.google.com/d/msgid/ansible-project/CAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%2BqNVcqZ6%3DmHZHGVu6_HQ%40mail.gmail.com&gt;
    >
     <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%252BqNVcqZ6%253DmHZHGVu6_HQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018282705|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=1A0iCYRWHNQeBLqQsbsY5XAM55e4SS5rfscabPB2%2F6M%3D&reserved=0
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPhxEyZEi83G_E0NPzT2DyVQs%252BqNVcqZ6%253DmHZHGVu6_HQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018282705|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=1A0iCYRWHNQeBLqQsbsY5XAM55e4SS5rfscabPB2%2F6M%3D&reserved=0&gt;&gt;\.
    >
    > --
    > You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
    > To unsubscribe from this topic, visit
    https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
    <https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe&gt;
    >
     <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018282705|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=Ts2VL3TUFvx6MAIBpsAHpTIVQAESmCwWOO%2FUVg89Gbs%3D&reserved=0
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Ftopic%2Fansible-project%2FnhpP1jWvjZE%2Funsubscribe&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018282705|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=Ts2VL3TUFvx6MAIBpsAHpTIVQAESmCwWOO%2FUVg89Gbs%3D&reserved=0&gt;&gt;\.
    > To unsubscribe from this group and all its topics, send an email to
    ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>
    > <mailto:ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>>.
    > To view this discussion on the web visit
    >
     https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
    <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM&gt;
    >
     <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018292698|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=7OK8oWrlW2OeMd%2FvtjGaUanMiTxO%2Fl42E3Dj9eCJMbs%3D&reserved=0
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FYTXPR0101MB1295E2C6E7E6BF44038A4079D85F9%2540YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018292698|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=7OK8oWrlW2OeMd%2FvtjGaUanMiTxO%2Fl42E3Dj9eCJMbs%3D&reserved=0&gt;&gt;\.
    >
    > --
    > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    > To unsubscribe from this group and stop receiving emails from it,

send an email to

    > ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>
    <mailto:ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>>.
    > To view this discussion on the web visit
    >
    https://groups.google.com/d/msgid/ansible-project/CAFQW1uPM0TefJhRSo%2BTL38EcUyj%2BD-bzv-hyoWHdD%2BP9POj0vQ%40mail.gmail.com
    <https://groups.google.com/d/msgid/ansible-project/CAFQW1uPM0TefJhRSo%2BTL38EcUyj%2BD-bzv-hyoWHdD%2BP9POj0vQ%40mail.gmail.com&gt;
    >
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPM0TefJhRSo%252BTL38EcUyj%252BD-bzv-hyoWHdD%252BP9POj0vQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018292698|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=LuzzpLd4cYJ2OV3%2F2GolKG3ggYllM%2BmTuaeiYVGa9kI%3D&reserved=0
    <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAFQW1uPM0TefJhRSo%252BTL38EcUyj%252BD-bzv-hyoWHdD%252BP9POj0vQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04|01|rpaquin%40wlu.ca|701fe295329548337f9408d90b21bf43|b45a5125b29846bc8b89ea5a7343fde8|1|0|637553062018292698|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=LuzzpLd4cYJ2OV3%2F2GolKG3ggYllM%2BmTuaeiYVGa9kI%3D&reserved=0&gt;&gt;\.
    >
    > --
    > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    > To unsubscribe from this group and stop receiving emails from it,

send an email to

    > ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>
    <mailto:ansible-project+unsubscribe@googlegroups.com <mailto:ansible-project%2Bunsubscribe@googlegroups.com>>.
    > To view this discussion on the web visit
    >
    https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM
    <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM&gt;
    >
    <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer
    <https://groups.google.com/d/msgid/ansible-project/YTXPR0101MB12959C92CE73A85A0B777A77D85F9%40YTXPR0101MB1295.CANPRD01.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer&gt;&gt;\.

    --
    Ecommerce and Linux consulting + Perl and web application programming.
    Debian and Sympa administration. Provisioning with Ansible.

    --
    You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
    To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe
    <https://groups.google.com/d/topic/ansible-project/nhpP1jWvjZE/unsubscribe&gt;\.
    To unsubscribe from this group and all its topics, send an email to

ansible-project+unsubscribe@googlegroups.com

I will take a look at this. thanks!

this has been solved. I found an expert here and he suggested this:

The solution was under Configureà “Invoke Ansible Playbook”à”Vault Credentials”. Click “Add” which brings up Jenkins Credentials Provider: Jenkins. Click “Kind” and select “Secret text” from the pull-down. Enter the password at Secret, leave ID (it will be auto-generated) and a description, then Add.

worked like a champ!

Thanks all!