Bash Script Deployment Step Issue with Linux/Ansible Env Variable

Advice
1

Hello,

I’ve constructed some Ansible playbooks on a Linux control machine, a machine to which Octopus Deploy connects as an SSH target (fully healthy). For sensitive ansible variables, i’ve encrypted them via Ansible Vault (same password) and have stored this password as a persistent environment variable on the Linux target machine for the user that Octopus leverages when it uses SSH to login. With that user, this is proven to work with $echo as it prints to screen in cleartext. Next, i’ve created a basic Python script with the os library to print the environment variable’s value in cleartext so it can be used to decrypt Ansible sensitive variables at the time of ansible command line execution, example below:

Command:
ansible-playbook -i <inventory.yml> playbooks/example_playbook.yml --vault-password-file vault-pass.py

When the above command is executed manually, it works fine. When I create a release to execute this same command, Ansible complains with the following (as seen on the Octopus Release ‘Raw Log’):

FAILED! => {“msg”: “Decryption failed (no vault secrets were found that could decrypt)”}

Setup
Octopus Deploy: v.2018.5.1
Linux control server: Ubuntu 20.04.3 LTS
Python version (linux server): 3.9.5
Octopus Release Step type: 'Run a script → Script Content → Bash

Script content:

source ~/.bashrc
cd ~/network (this is a symlink that works fine)
ansible-playbook -i environment/inv.yml -l lab playbooks/backup_configuration.yml --vault-password-file vault-pass.py (*note the vault-pass.py file is executable)

The environment variable ‘ansible_vault_pass’ is exported in the user’s .bashrc file as follows:

export ansible_vault_pass=“password”

When Octopus logs in during the release and it executes its ‘Script.sh’ in what appears to be a temporary working folder: /home/user/.octopus/OctopusServer/Work//Script.sh, it’s like it cannot see the environment variable if it is, in fact, truly executing the commands i give it on the Release step.

Any ideas and/or help will be greatly appreciated.

Thank you.

2

Hi @csegalas!

Thanks for reaching out, and sorry to hear that you’re having issues with your deployment.

Typically in scenarios like this, it stems from Octopus logging in via a non-interactive session, so (almost all of) the .bashrc isn’t evaluated.

If you look at the top of the file, you’ll see a code block similar to:

# If not running interactively, don't do anything
case $- in
    *i*) ;;
      *) return;;
esac

When it hits this with a non-interactive session, it stops evaluating. If you move your export above this line, you should find that it evaluates the same for interactive and non-interactive sessions identically.

I hope this helps, and please let us know if you have any further questions!

4

Wow, Justin! That solved it. The export line was far down the file in what appeared to be a good spot. Once i followed your advice, it worked like a charm.

I spent hours troubleshooting this and tried multiple scenarios and even crafted some shell scripts to execute instead.

Thank you very much! Case closed.

2 Likes