Issue reprovisioning remote after ansible update to 2.3.0.0

pixeline · April 15, 2017, 4:18pm

After updating ansible to 2.3.0.0, I get this error when trying to re-provision the staging server:

TASK [users : Fail if root login will be disabled but admin_user will not be a sudoer] ****************************************************************************************
ok: [staging.domain.tld] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [users : Setup users] ****************************************************************************************************************************************************
ok: [staging.domain.tld] => (item={u'keys': [u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6rz5wD/ygV2u9vqv9fmFm41ShnZYpi8Kh/KTB/FmS+nJe54ALWAWb/NfR+Y93L9Pncm332SojeGz6SRyDGYB+/WPxIytxdLUb9OzPkENpAeF0UCnXUUzHKUh0S6AlEnYBM47SB5n41vbCbamaQpS+oP57snuZm5gWiuygE69geRhQeRtq9J5c0mR/cQThB7XsdZm3KLctjyTal0nCYlp+xBkIbSr+MX6mcn4viuMGjIbx/ddddddd/rPq7hJpgxP4ZY9/AMWLRhvztb+gGXcfOgGHbXjXJxXF3Gzh8DdbCpEFqnmOxa0ATfrVrYEiKXq87we2+EiB389TCsZ9 me@computer'], u'name': u'web', u'groups': [u'www-data']})
---------------------------------------------------
the field 'args' has an invalid value ([u'users']), and could not be
converted to an dict. Error was: salt too large (sha512_crypt requires <= 16
chars)

The error appears to have been in '/Volumes/AlexSD/github-
projects/domain.tld/trellis/roles/users/tasks/main.yml': line 31,
column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Setup users
  ^ here

I’m not sure what the problem is, does it requires me to change my ssh keys?

Update
if you are too facing the issue, a temporary solution is to fallback to ansible 2.2.1.0 )
sudo pip install ansible==2.2.1.0

fullyint · April 15, 2017, 8:40pm

Thanks for reporting this @pixeline. This error message was identified in roots/trellis#628 and fixed in roots/trellis#629. I was unable to reproduce this error using a password salt of 64 random characters.

Do you have these changes from #629 (Aug 2016)? If you do have them, then perhaps Ansible 2.3 is handling something differently and we need additions to the Ansible 2.3 compatibility fixes in roots/trellis#813.

pixeline · April 15, 2017, 8:50pm

hello @fullyint. Nope, I did not. The error came up on a fresh install of Trellis, so I was using the Master branch’s version (this exact file).

I then saw there was a ansible-2.3 branch, so I tried with that version of the users role, but got the exact same error message.

fullyint · April 15, 2017, 10:48pm

@pixeline It was my error asking if you had changes from #629, given that the related code had subsequently been modified in roots/trellis#729. Thanks for pointing out that you were using the latest Trellis.

I’m guessing your password salt is between 17–21 characters and Ansible 2.3 wasn’t truncating down to 16 chars. I can reproduce the error under such conditions.

New in Ansible 2.3 is that it uses Jinja2 v2.9.6 which brings this change to truncate leeway:

The default leeway on newer Jinja2 versions is 5 and was 0 before
[new in Jinja2 v2.9.4]

I added a commit to the ansible-2.3 branch that should resolve the issue. Would you be willing to test the updated ansible-2.3 branch to see if it resolves the issue for you? Thank you for all your help so far!

pixeline · April 15, 2017, 11:14pm

@fullyint my pleasure. I reinstalled ansible 2.3.0.0, replaced my users/tasks/main.yml using the new one. Provisioning worked perfectly. Well done!

fullyint · April 15, 2017, 11:26pm

Thanks again for your help, @pixeline.

Ansible 2.3 compatibility fix for Trellis has now been merged (roots/trellis#813).