Executable vault password file doesnt work

Hi All,

I hope you all are doing good in these trying times !!

I am working on a POC for using a executable file as my ansible vault password.

So my ansible command to run playbook looks something like this

ansible-playbook srev_user.yml --vault-id /etc/ansible/my-client.py -vvv

and my-client.py script looks like this

import subprocess
cmd = subprocess.Popen([“echo”, “abc123”])
cmd.wait()

so this script output to “abc123” which is my ansible password.

But this doesnt work and shows bellow error

[WARNING]: Error in vault password file loading (None): Problem running vault password client script /etc/ansible/my-client.py ([Errno 8] Exec
format error). If this is not a script, remove the executable bit from the file.
ERROR! Problem running vault password client script /etc/ansible/my-client.py ([Errno 8] Exec format error). If this is not a script, remove the executable bit from the file.

Please suggest on the same.

Regards,
Ankur Porwal

What are the ownership and permissions on that file?

Antony.

Hi,

> ERROR! Problem running vault password client script
> /etc/ansible/my-client.py ([Errno 8] Exec format error). If this is
> not a script, remove the executable bit from the file.*

What are the ownership and permissions on that file?

from the error message, it looks like it is executable.

Maybe the shebang (https://en.wikipedia.org/wiki/Shebang_(Unix)) is
missing inside the script?

Cheers,
Felix

I have provided full permission ‘777’ on the file my-client.py

Ugh!

Please change that to 700 and ensure that it is owned by the ansible user.

Also check the shebang line (which wasn't quoted in your original posting) as
suggested by Felix.

Antony.

Thank you Felix and Antony.

After changing permission and adding shebang it worked.

Regards,
Ankur Porwal