Using --pass-manager options and the provider hashicorp vault

Question

Hello Community,I use the pass-manager Hashicorp Vault, and i have an issue about the help of this options. (I have a workaround, but i want to know if it’s a bug or a bad usage of the command.)I use centreon-plugins from Git Hub (Downloaded yesterday)Specially about this parameters :=item B<--secret-path>Location of the secret in the Vault K/V engine (Mandatory - Can be multiple).Examples:for v1 engine: --secret-path='mysecrets/servicecredentials'for v2 engine: --secret-path='mysecrets/data/servicecredentials?version=12'More information here: https://www.vaultproject.io/api-docs/secret/kv=item B<--map-option>Overload Plugin option with K/V values.Use the following syntax:the_option_to_overload='%{key_$secret_path$}' orthe_option_to_overload='%{value_$secret_path$}'Example:--map-option='username=%{key_mysecrets/servicecredentials}'--map-option='password=%{value_mysecrets/servicecredentials}'We have a Vault 1.6.3, use v2 Engine and if i follow the instruction on the help, my command don’t work.If i specify a version on the --secret-path like this :--secret-path=/path/data/path?version=1It doesn’t workExemple :-bash-4.2$ /usr/lib/centreon/centreon-plugins-latest/centreon_plugins.pl --plugin=apps::automation::ansible::tower::plugin --custommode='api' --mode='job-templates' --hostname='my_tower_hostname' --port='443' --proto='https' --timeout='30' --http-backend='curl' --launch-job-template-id='716' --launch-extra-vars='tomcat_action: [restart]' --launch-limit='my_limit_hostname' --warning-job-status='' --critical-job-status='' --unknown-job-status='' --warning-failed='2' --critical-failed='5' --pass-manager='hashicorpvault' --vault-address='my_vault_host' --vault-port='8200' --vault-protocol='https' --auth-method='token' --vault-token='my_vault_token' --secret-path='//data/centreon-ansible-tower?version=1' --map-option="username=%{key_//data/centreon-ansible-tower}" --map-option="password=%{value_//data/centreon-ansible-tower}" --debugUNKNOWN: Need to specify --username option.======> request sendGET https://my_vault_host:8200/v1///data/centreon-ansible-tower?version=1Accept: application/jsonUser-Agent: centreon::plugins::backend::http::useragentX-Vault-Token: my_vault_token======> response doneHTTP/1.1 200 OKCache-Control: no-storeDate: Thu, 28 Apr 2022 11:26:53 GMTContent-Length: 330Content-Type: application/jsonClient-Date: Thu, 28 Apr 2022 11:26:53 GMTClient-Peer: 10.16.8.27:8200Client-Response-Num: 1Client-SSL-Cert-Issuer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxClient-SSL-Cert-Subject: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxClient-SSL-Cipher: ECDHE-RSA-AES256-GCM-SHA384Client-SSL-Socket-Class: IO::Socket::SSL{"request_id":"a24babd9-6c7d-8777-c015-c2a28b3f88be","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-21T09:53:42.739539507Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}{"request_id":"a24babd9-6c7d-8777-c015-c2a28b3f88be","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-21T09:53:42.739539507Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}$VAR1 = [ '{"request_id":"a24babd9-6c7d-8777-c015-c2a28b3f88be","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-21T09:53:42.739539507Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}' ];When i specify the version, script can’t map username and password.If a specify version on --path-secret and --map-options, it doesn’t work also :-bash-4.2$ /usr/lib/centreon/centreon-plugins-latest/centreon_plugins.pl --plugin=apps::automation::ansible::tower::plugin --custommode='api' --mode='job-templates' --hostname='my_tower_hostname' --port='443' --proto='https' --timeout='30' --http-backend='curl' --launch-job-template-id='716' --launch-extra-vars='tomcat_action: [restart]' --launch-limit='my_tower_limit_hostname' --warning-job-status='' --critical-job-status='' --unknown-job-status='' --warning-failed='2' --critical-failed='5' --pass-manager='hashicorpvault' --vault-address='my_vault_hostname' --vault-port='8200' --vault-protocol='https' --auth-method='token' --vault-token='my_vault_token' --secret-path='//data/centreon-ansible-tower?version=1' --map-option="username=%{key_//data/centreon-ansible-tower?version=1}" --map-option="password=%{value_//data/centreon-ansible-tower?version=1}" --debugUNKNOWN: 401 Unauthorized======> request sendGET https://my_vault_hostname:8200/v1///data/centreon-ansible-tower?version=1Accept: application/jsonUser-Agent: centreon::plugins::backend::http::useragentX-Vault-Token: my_vault_token======> response doneHTTP/1.1 200 OKCache-Control: no-storeDate: Thu, 28 Apr 2022 11:27:54 GMTContent-Length: 330Content-Type: application/jsonClient-Date: Thu, 28 Apr 2022 11:27:54 GMTClient-Peer: 10.16.8.27:8200Client-Response-Num: 1Client-SSL-Cert-Issuer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxClient-SSL-Cert-Subject: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxClient-SSL-Cipher: ECDHE-RSA-AES256-GCM-SHA384Client-SSL-Socket-Class: IO::Socket::SSL{"request_id":"2ed07cc4-beee-f629-7b62-985704853ac3","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-21T09:53:42.739539507Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}{"request_id":"2ed07cc4-beee-f629-7b62-985704853ac3","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-21T09:53:42.739539507Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}$VAR1 = [ '{"request_id":"2ed07cc4-beee-f629-7b62-985704853ac3","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-21T09:53:42.739539507Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}' ];== Info: About to connect() to my_tower_hostname port 443 (#0)== Info: Trying 10.16.8.8...== Info: Connected to my_tower_hostname (10.16.8.8) port 443 (#0)== Info: Initializing NSS with certpath: sql:/etc/pki/nssdb== Info: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none== Info: SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384== Info: Server certificate:== Info: subject: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== Info: start date: Apr 15 14:12:50 2021 GMT== Info: expire date: Apr 15 14:12:50 2023 GMT== Info: common name: it-deploy.z2.r02.local== Info: issuer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== Info: Server auth using Basic with user '%{key_//data/centreon-ansible-tower?version=1}'=> Send header: POST /api/v2/job_templates/716/launch/ HTTP/1.1Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHost: my_tower_hostnameAccept:application/jsonContent-Type:application/jsonContent-Length: 73=> Send data: {"extra_vars":"tomcat_action: [restart]","limit":"my_limit_hostname"}== Info: upload completely sent off: 73 out of 73 bytes=> Recv header: HTTP/1.1 401 Unauthorized=> Recv header: Server: nginx=> Recv header: Date: Thu, 28 Apr 2022 11:27:43 GMT=> Recv header: Content-Type: application/json=> Recv header: Content-Length: 107=> Recv header: Connection: keep-alive=> Recv header: WWW-Authenticate: Bearer realm=api authorization_url=/api/o/authorize/=> Recv header: Vary: Accept, Accept-Language, Origin, Cookie=> Recv header: Allow: GET, POST, HEAD, OPTIONS=> Recv header: X-API-Product-Version: 3.8.4=> Recv header: X-API-Product-Name: Red Hat Ansible Tower=> Recv header: X-API-Node: xxxxxxxxxxxxxx=> Recv header: X-API-Time: 0.191s=> Recv header: Content-Language: en=> Recv header: X-API-Total-Time: 0.248s=> Recv header:=> Recv data: {"detail":"Authentication credentials were not provided. To establish a login session, visit /api/login/."}== Info: Connection #0 to host my_tower_hostname left intactAs i specify the version on --map-options it’s logic it doesn’t work.When i don’t specify the version option on --secret-path or --map-options it work ! but it also like a v1 engine about the help message-bash-4.2$ /usr/lib/centreon/centreon-plugins-latest/centreon_plugins.pl --plugin=apps::automation::ansible::tower::plugin --custommode='api' --mode='job-templates' --hostname='my_tower_hostname' --port='443' --proto='https' --timeout='30' --http-backend='curl' --launch-job-template-id='716' --launch-extra-vars='tomcat_action: [restart]' --launch-limit='my_tower_limit_hostname' --warning-job-status='' --critical-job-status='' --unknown-job-status='' --warning-failed='2' --critical-failed='5' --pass-manager='hashicorpvault' --vault-address='my_vault_hostname' --vault-port='8200' --vault-protocol='https' --auth-method='token' --vault-token='my_vault_token' --secret-path='//data/centreon-ansible-tower' --map-option="username=%{key_//data/centreon-ansible-tower}" --map-option="password=%{value_//data/centreon-ansible-tower}" --debugOK: Job templates total: 1, successful: 0, failed: 1, running: 0 - Job template '[ics-t] manage tomcat service@08:08:16' last job status is 'failed' | 'jobtemplates.total.count'=1;;;0; 'jobtemplates.successful.count'=0;;;0;1 'jobtemplates.failed.count'=1;0:2;0:5;0;1 'jobtemplates.running.count'=0;;;0;1 'jobtemplates.canceled.count'=0;;;0;1 'jobtemplates.pending.count'=0;;;0;1 'jobtemplates.default.count'=0;;;0;1 'jobtemplates.never.count'=0;;;0;1======> request sendGET https://my_vault_hostname:8200/v1///data/centreon-ansible-towerAccept: application/jsonUser-Agent: centreon::plugins::backend::http::useragentX-Vault-Token: my_vault_token======> response doneHTTP/1.1 200 OKCache-Control: no-storeDate: Thu, 28 Apr 2022 11:28:36 GMTContent-Length: 330Content-Type: application/jsonClient-Date: Thu, 28 Apr 2022 11:28:36 GMTClient-Peer: 10.16.8.27:8200Client-Response-Num: 1Client-SSL-Cert-Issuer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxClient-SSL-Cert-Subject: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxClient-SSL-Cipher: ECDHE-RSA-AES256-GCM-SHA384Client-SSL-Socket-Class: IO::Socket::SSL{"request_id":"97e84c28-97d2-418d-f190-8f82f5e2cefc","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-28T09:50:30.310248452Z","deletion_time":"","destroyed":false,"version":2}},"wrap_info":null,"warnings":null,"auth":null}{"request_id":"97e84c28-97d2-418d-f190-8f82f5e2cefc","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-28T09:50:30.310248452Z","deletion_time":"","destroyed":false,"version":2}},"wrap_info":null,"warnings":null,"auth":null}$VAR1 = [ '{"request_id":"97e84c28-97d2-418d-f190-8f82f5e2cefc","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"my_vault_key":"my_vault_value"},"metadata":{"created_time":"2022-04-28T09:50:30.310248452Z","deletion_time":"","destroyed":false,"version":2}},"wrap_info":null,"warnings":null,"auth":null}' ];== Info: About to connect() to my_tower_hostname port 443 (#0)== Info: Trying 10.16.8.8...== Info: Connected my_tower_hostname (10.16.8.8) port 443 (#0)== Info: Initializing NSS with certpath: sql:/etc/pki/nssdb== Info: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none== Info: SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384== Info: Server certificate:== Info: subject: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== Info: start date: Apr 15 14:12:50 2021 GMT== Info: expire date: Apr 15 14:12:50 2023 GMT== Info: common name: it-deploy.z2.r02.local== Info: issuer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== Info: Server auth using Basic with user 'my_vault_key'=> Send header: POST /api/v2/job_templates/716/launch/ HTTP/1.1Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHost: my_tower_hostnameAccept:application/jsonContent-Type:application/jsonContent-Length: 73=> Send data: {"extra_vars":"tomcat_action: [restart]","limit":"my_tower_limit_hostname"}== Info: upload completely sent off: 73 out of 73 bytes=> Recv header: HTTP/1.1 201 Created=> Recv header: Server: nginx=> Recv header: Date: Thu, 28 Apr 2022 11:28:32 GMT=> Recv header: Content-Type: application/json=> Recv header: Content-Length: 3142=> Recv header: Connection: keep-alive=> Recv header: Location: /api/v2/jobs/193954/=> Recv header: Vary: Accept, Accept-Language, Origin, Cookie=> Recv header: Allow: GET, POST, HEAD, OPTIONS=> Recv header: X-API-Product-Version: 3.8.4=> Recv header: X-API-Product-Name: Red Hat Ansible Tower=> Recv header: X-API-Node: xxxxxxxxxxxxxxxxx=> Recv header: X-API-Time: 0.726s=> Recv header: Content-Language: en=> Recv header: X-API-Total-Time: 6.216s=> Recv header: Content-Security-Policy: default-src 'self'; connect-src 'self' *.pendo.io ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/=> Recv header: X-Content-Security-Policy: default-src 'self'; connect-src 'self' *.pendo.io ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/=> Recv header: X-Frame-Options: DENY=> Recv header: Cache-Control: no-cache, no-store, must-revalidate=> Recv header: Expires: 0=> Recv header: Pragma: no-cache=> Recv header:=> Recv data: {"job":193954,"ignored_fields":{},"id":193954,"type":"job","url":"/api/v2/jobs/193954/","related":{"created_by":"/api/v2/users/144/","modified_by":"/api/v2/users/144/","labels":"/api/v2/jobs/193954/labels/","inventory":"/api/v2/inventories/410/","project":"/api/v2/projects/715/","organization":"/api/v2/organizations/3/","credentials":"/api/v2/jobs/193954/credentials/","unified_job_template":"/api/v2/job_templates/716/","stdout":"/api/v2/jobs/193954/stdout/","job_events":"/api/v2/jobs/193954/job_events/","job_host_summaries":"/api/v2/jobs/193954/job_host_summaries/","activity_stream":"/api/v2/jobs/193954/activity_stream/","notifications":"/api/v2/jobs/193954/notifications/","create_schedule":"/api/v2/jobs/193954/create_schedule/","job_template":"/api/v2/job_templates/716/","cancel":"/api/v2/jobs/193954/cancel/","relaunch":"/api/v2/jobs/193954/relaunch/"},"summary_fields":{"organization":{"id":3,"name":"Intelligence","description":""},"inventory":{"id":410,"name":"gcn inventory","description":"","has_active_failures":true,"total_hosts":6,"hosts_with_active_failures":1,"total_groups":0,"has_inventory_sources":false,"total_inventory_sources":0,"inventory_sources_with_failures":0,"organization_id":3,"kind":""},"project":{"id":715,"name":"[q-ics-01]manage tomcat service@08:06:55","description":"","status":"successful","scm_type":"git"},"job_template":{"id":716,"name":"[ics-t]manage tomcat service@08:08:16","description":""},"unified_job_template":{"id":716,"name":"[ics-t]manage tomcat service@08:08:16","description":"","unified_job_type":"job"},"created_by":{"id":144,"username":"my_vault_key","first_name":"Compte centreon","last_name":""},"modified_by":{"id":144,"username":"my_vault_key","first_name":"Compte centreon","last_name":""},"user_capabilities":{"delete":false,"start":true},"labels":{"count":0,"results":[]},"credentials":[{"id":265,"name":"[p-gcn-c-01]infrait cis","description":"","kind":"ssh","cloud":false},{"id":13,"name":"Vault Default ","description":"Vault default password","kind":"vault","cloud":false}]},"created":"2022-04-28T11:28:32.124610Z","modified":"2022-04-28T11:28:32.189390Z","name":"[ics-t]manage tomcat service@08:08:16","description":"","job_type":"check","inventory":410,"project":715,"playbook":"tomcat_service.yml","scm_branch":"","forks":0,"limit":"my_limit_tower_hostname","verbosity":2,"extra_vars":"{\"tomcat_action\": [\"restart\"]}","job_tags":"","force_handlers":false,"skip_tags":"","start_at_task":"","timeout":0,"use_fact_cache":false,"organization":3,"unified_job_template":716,"launch_type":"manual","status":"pending","failed":false,"started":null,"finished":null,"canceled_on":null,"elapsed":0.0,"job_args":"","job_cwd":"","job_env":{},"job_explanation":"","execution_node":"","controller_node":"","result_traceback":"","event_processing_finished":false,"job_template":716,"passwords_needed_to_start":[],"allow_simultaneous":false,"artifacts":{},"scm_revision":"","instance_group":null,"diff_mode":false,"job_slice_number":0,"job_slice_count":1,"webhook_service":"","webhook_credential":null,"webhook_guid":""}== Info: Connection #0 to host my_tower_hostname left intact== Info: Found bundle for host my_tower_hostname: 0x20e0670== Info: Re-using existing connection! (#0) with host it-deploy.z2.r02.local== Info: Connected to my_tower_hostname (10.16.8.8) port 443 (#0)== Info: Server auth using Basic with user 'my_vault_key'=> Send header: GET /api/v2/jobs/193954/ HTTP/1.1Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHost: my_tower_hostnameAccept:application/jsonContent-Type:application/json=> Recv header: HTTP/1.1 200 OK=> Recv header: Server: nginx=> Recv header: Date: Thu, 28 Apr 2022 11:28:34 GMT=> Recv header: Content-Type: application/json=> Recv header: Content-Length: 3205=> Recv header: Connection: keep-alive=> Recv header: Vary: Accept, Accept-Language, Origin, Cookie=> Recv header: Allow: GET, DELETE, HEAD, OPTIONS=> Recv header: X-API-Product-Version: 3.8.4=> Recv header: X-API-Product-Name: Red Hat Ansible Tower=> Recv header: X-API-Node: xxxxxxxxxxxxxxxx=> Recv header: X-API-Time: 0.490s=> Recv header: Content-Language: en=> Recv header: X-API-Total-Time: 0.554s=> Recv header: Content-Security-Policy: default-src 'self'; connect-src 'self' *.pendo.io ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/=> Recv header: X-Content-Security-Policy: default-src 'self'; connect-src 'self' *.pendo.io ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/=> Recv header: X-Frame-Options: DENY=> Recv header: Cache-Control: no-cache, no-store, must-revalidate=> Recv header: Expires: 0=> Recv header: Pragma: no-cache=> Recv header:=> Recv data: {"id":193954,"type":"job","url":"/api/v2/jobs/193954/","related":{"created_by":"/api/v2/users/144/","modified_by":"/api/v2/users/144/","labels":"/api/v2/jobs/193954/labels/","inventory":"/api/v2/inventories/410/","project":"/api/v2/projects/715/","organization":"/api/v2/organizations/3/","credentials":"/api/v2/jobs/193954/credentials/","unified_job_template":"/api/v2/job_templates/716/","stdout":"/api/v2/jobs/193954/stdout/","job_events":"/api/v2/jobs/193954/job_events/","job_host_summaries":"/api/v2/jobs/193954/job_host_summaries/","activity_stream":"/api/v2/jobs/193954/activity_stream/","notifications":"/api/v2/jobs/193954/notifications/","create_schedule":"/api/v2/jobs/193954/create_schedule/","job_template":"/api/v2/job_templates/716/","cancel":"/api/v2/jobs/193954/cancel/","relaunch":"/api/v2/jobs/193954/relaunch/"},"summary_fields":{"organization":{"id":3,"name":"","description":""},"inventory":{"id":410,"name":"inventory","description":"","has_active_failures":true,"total_hosts":6,"hosts_with_active_failures":1,"total_groups":0,"has_inventory_sources":false,"total_inventory_sources":0,"inventory_sources_with_failures":0,"organization_id":3,"kind":""},"project":{"id":715,"name":"[ics-01]manage tomcat service@08:06:55","description":"","status":"running","scm_type":"git"},"job_template":{"id":716,"name":"[gcn-t]geoconector manage tomcat service@08:08:16","description":""},"unified_job_template":{"id":716,"name":"[ics-t]manage tomcat service@08:08:16","description":"","unified_job_type":"job"},"created_by":{"id":144,"username":"my_vault_key","first_name":"Compte centreon","last_name":""},"modified_by":{"id":144,"username":"my_vault_key","first_name":"Compte centreon","last_name":""},"user_capabilities":{"delete":false,"start":true},"labels":{"count":0,"results":[]},"credentials":[{"id":265,"name":"[p-gcn-c-01]infrait cis","description":"","kind":"ssh","cloud":false},{"id":13,"name":"Vault Default ","description":"Vault default password","kind":"vault","cloud":false}]},"created":"2022-04-28T11:28:32.124610Z","modified":"2022-04-28T11:28:32.124644Z","name":"[ics-t]manage tomcat service@08:08:16","description":"","job_type":"check","inventory":410,"project":715,"playbook":"gcn_tomcat_service.yml","scm_branch":"","forks":0,"limit":"my_tower_limit_hostname","verbosity":2,"extra_vars":"{\"tomcat_action\": [\"restart\"]}","job_tags":"","force_handlers":false,"skip_tags":"","start_at_task":"","timeout":0,"use_fact_cache":false,"organization":3,"unified_job_template":716,"launch_type":"manual","status":"pending","failed":false,"started":null,"finished":null,"canceled_on":null,"elapsed":0.0,"job_args":"","job_cwd":"","job_env":{},"job_explanation":"","execution_node":"","controller_node":"","result_traceback":"","event_processing_finished":false,"job_template":716,"passwords_needed_to_start":[],"allow_simultaneous":false,"artifacts":{},"scm_revision":"","instance_group":null,"diff_mode":false,"job_slice_number":0,"job_slice_count":1,"webhook_service":"","webhook_credential":null,"webhook_guid":"","host_status_counts":{},"playbook_counts":{"play_count":0,"task_count":0},"custom_virtualenv":null}== Info: Connection #0 to host my_tower_hostname left intact== Info: Found bundle for host my_tower_hostname: 0x20e0670== Info: Re-using existing connection! (#0) with host my_tower_hostname== Info: Connected to my_tower_hostname (10.16.8.8) port 443 (#0)== Info: Server auth using Basic with user 'my_vault_key'=> Send header: GET /api/v2/jobs/193954/ HTTP/1.1Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHost: my_tower_hostnameAccept:application/jsonContent-Type:application/json=> Recv header: HTTP/1.1 200 OK=> Recv header: Server: nginx=> Recv header: Date: Thu, 28 Apr 2022 11:28:47 GMT=> Recv header: Content-Type: application/json=> Recv header: Content-Length: 6983=> Recv header: Connection: keep-alive=> Recv header: Vary: Accept, Accept-Language, Origin, Cookie=> Recv header: Allow: GET, DELETE, HEAD, OPTIONS=> Recv header: X-API-Product-Version: 3.8.4=> Recv header: X-API-Product-Name: Red Hat Ansible Tower=> Recv header: X-API-Node: xxxxxxxxxxxxxx=> Recv header: X-API-Time: 0.310s=> Recv header: Content-Language: en=> Recv header: X-API-Total-Time: 0.394s=> Recv header: Content-Security-Policy: default-src 'self'; connect-src 'self' *.pendo.io ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/=> Recv header: X-Content-Security-Policy: default-src 'self'; connect-src 'self' *.pendo.io ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/=> Recv header: X-Frame-Options: DENY=> Recv header: Cache-Control: no-cache, no-store, must-revalidate=> Recv header: Expires: 0=> Recv header: Pragma: no-cache=> Recv header:=> Recv data: {"id":193954,"type":"job","url":"/api/v2/jobs/193954/","related":{"created_by":"/api/v2/users/144/","labels":"/api/v2/jobs/193954/labels/","inventory":"/api/v2/inventories/410/","project":"/api/v2/projects/715/","organization":"/api/v2/organizations/3/","credentials":"/api/v2/jobs/193954/credentials/","unified_job_template":"/api/v2/job_templates/716/","stdout":"/api/v2/jobs/193954/stdout/","job_events":"/api/v2/jobs/193954/job_events/","job_host_summaries":"/api/v2/jobs/193954/job_host_summaries/","activity_stream":"/api/v2/jobs/193954/activity_stream/","notifications":"/api/v2/jobs/193954/notifications/","create_schedule":"/api/v2/jobs/193954/create_schedule/","job_template":"/api/v2/job_templates/716/","cancel":"/api/v2/jobs/193954/cancel/","relaunch":"/api/v2/jobs/193954/relaunch/"},"summary_fields":{"organization":{"id":3,"name":"","description":""},"inventory":{"id":410,"name":"ics inventory","description":"","has_active_failures":true,"total_hosts":6,"hosts_with_active_failures":1,"total_groups":0,"has_inventory_sources":false,"total_inventory_sources":0,"inventory_sources_with_failures":0,"organization_id":3,"kind":""},"project":{"id":715,"name":"[q-ics-01] manage tomcat service@08:06:55","description":"","status":"successful","scm_type":"git"},"job_template":{"id":716,"name":"[ics-t] manage tomcat service@08:08:16","description":""},"unified_job_template":{"id":716,"name":"[ics-t] manage tomcat service@08:08:16","description":"","unified_job_type":"job"},"instance_group":{"id":1,"name":"tower","is_containerized":false},"created_by":{"id":144,"username":"my_vault_key","first_name":"Compte centreon","last_name":""},"user_capabilities":{"delete":false,"start":true},"labels":{"count":0,"results":[]},"credentials":[{"id":265,"name":"[p-ics-01] cis","description":"","kind":"ssh","cloud":false},{"id":13,"name":"Vault Default ","description":"Vault default password","kind":"vault","cloud":false}]},"created":"2022-04-28T11:28:32.124610Z","modified":"2022-04-28T11:28:39.320700Z","name":"[ics-t]manage tomcat service@08:08:16","description":"","job_type":"check","inventory":410,"project":715,"playbook":"tomcat_service.yml","scm_branch":"","forks":0,"limit":"my_tower_limit_hostname","verbosity":2,"extra_vars":"{\"tomcat_action\": [\"restart\"]}","job_tags":"","force_handlers":false,"skip_tags":"","start_at_task":"","timeout":0,"use_fact_cache":false,"organization":3,"unified_job_template":716,"launch_type":"manual","status":"failed","failed":true,"started":"2022-04-28T11:28:39.479656Z","finished":"2022-04-28T11:28:41.367443Z","canceled_on":null,"elapsed":1.888,"job_args":"[\"bwrap\", \"--die-with-parent\", \"--unshare-pid\", \"--dev-bind\", \"/\", \"/\", \"--proc\", \"/proc\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmpd15eyl7g\", \"/etc/ssh\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmp2guvyalx\", \"/etc/tower\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmptnon7yfh\", \"/home\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmproqblht0\", \"/tmp\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmp5zfhpv3o\", \"/var/lib/awx\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmpcn3mz8pv\", \"/var/lib/awx/job_status\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmpux65yun9\", \"/var/lib/awx/projects\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmpudpo5cle\", \"/var/log\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/ansible_runner_pi_skz9fv5k/tmpa_ruzdgj\", \"/var/tmp\", \"--ro-bind\", \"/var/lib/awx/venv/ansible\", \"/var/lib/awx/venv/ansible\", \"--ro-bind\", \"/var/lib/awx/venv/awx\", \"/var/lib/awx/venv/awx\", \"--bind\", \"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2\", \"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2\", \"--chdir\", \"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2/project\", \"ansible-playbook\", \"--check\", \"-u\", \"infrait\", \"--ask-pass\", \"--become-method\", \"su\", \"--become-user\", \"root\", \"--ask-become-pass\", \"--ask-vault-pass\", \"-l\", \"qgcp-ap2.z2.r02.local\", \"-vv\", \"-i\", \"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2/tmpy_tes2kr\", \"-e\", \"@/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2/env/extravars\", \"gcn_tomcat_service.yml\"]","job_cwd":"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2/project","job_env":{"LANG":"en_US.UTF-8","INVOCATION_ID":"e86e2f5fc8db4496acc07f0292624c33","VIRTUAL_ENV":"/var/lib/awx/venv/ansible","USER":"awx","PWD":"/var/lib/awx","HOME":"/var/lib/awx","JOURNAL_STREAM":"9:27674","SUPERVISOR_PROCESS_NAME":"awx-dispatcher","SUPERVISOR_ENABLED":"1","SHLVL":"0","SUPERVISOR_GROUP_NAME":"tower-processes","PATH":"/var/lib/awx/venv/ansible/bin:/var/lib/awx/venv/awx/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin","PS1":"(awx) ","SUPERVISOR_SERVER_URL":"unix:///var/run/supervisor/supervisor.sock","DJANGO_SETTINGS_MODULE":"awx.settings.production","DJANGO_LIVE_TEST_SERVER_ADDRESS":"localhost:9013-9199","TZ":"UTC","ANSIBLE_FACT_CACHE_TIMEOUT":"0","ANSIBLE_FORCE_COLOR":"True","ANSIBLE_HOST_KEY_CHECKING":"False","ANSIBLE_INVENTORY_UNPARSED_FAILED":"True","ANSIBLE_PARAMIKO_RECORD_HOST_KEYS":"False","ANSIBLE_VENV_PATH":"/var/lib/awx/venv/ansible","PROOT_TMP_DIR":"/tmp","AWX_PRIVATE_DATA_DIR":"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2","PYTHONPATH":"/var/lib/awx/venv/ansible/lib/python3.6/site-packages:","JOB_ID":"193954","INVENTORY_ID":"410","PROJECT_REVISION":"c1297cbc8f3422eedc65035de06fb4b26a3417a6","ANSIBLE_RETRY_FILES_ENABLED":"False","MAX_EVENT_RES":"700000","AWX_HOST":"https://my_tower_hostname","ANSIBLE_SSH_CONTROL_PATH_DIR":"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2/cp","ANSIBLE_COLLECTIONS_PATHS":"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2/requirements_collections:~/.ansible/collections:/usr/share/ansible/collections","ANSIBLE_ROLES_PATH":"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2/requirements_roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles","ANSIBLE_CALLBACK_PLUGINS":"/var/lib/awx/venv/awx/lib64/python3.6/site-packages/ansible_runner/callbacks","ANSIBLE_STDOUT_CALLBACK":"awx_display","AWX_ISOLATED_DATA_DIR":"/tmp/bwrap_193954_9zwa5etf/awx_193954_ymmdn9o2/artifacts/193954","RUNNER_OMIT_EVENTS":"False","RUNNER_ONLY_FAILED_EVENTS":"False"},"job_explanation":"","execution_node":"xxxxxxxxxxxxx","controller_node":"","result_traceback":"","event_processing_finished":true,"job_template":716,"passwords_needed_to_start":[],"allow_simultaneous":false,"artifacts":{},"scm_revision":"c1297cbc8f3422eedc65035de06fb4b26a3417a6","instance_group":1,"diff_mode":false,"job_slice_number":0,"job_slice_count":1,"webhook_service":"","webhook_credential":null,"webhook_guid":"","host_status_counts":{},"playbook_counts":{"play_count":0,"task_count":0},"custom_virtualenv":"/var/lib/awx/venv/ansible"}== Info: Connection #0 to host my_tower_hostname left intactJob template '[ics-t] manage tomcat service@08:08:16' last job status is 'failed'Connection is OK with this syntax without ?version=1Regards,

Thibault · Accepted Answer

Hello,this seems to be a bug indeed. I think there’s an issue because of the “?” and “=” in the v2 secret path that prevent the correctregex parsing of the map options .Wecan see it here:== Info: Server auth using Basic with user '%{key_//data/centreon-ansible-tower?version=1}'This syntax is the right one and should work:-secret-path='//data/centreon-ansible-tower?version=1' --map-option="username=%{key_//data/centreon-ansible-tower?version=1}" --map-option="password=%{value_//data/centreon-ansible-tower?version=1}"We need to investigate this further and will try to improve this for the next releases. In the meantime please use v1 syntax as you already do.Thanks for the feedback & sorry for the inconvenience.

gespada · Answer

Hello @ThibaultNo problemThanks for your responseRegards,Greg

Using --pass-manager options and the provider hashicorp vault

3 replies

Reply

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded