First I would like to say, PLEASE DO NOT LECUTRE ME ON SSH BEST PRACTICE. I know the best practice. This is a niche environment where keys aren't feasible and asking for password isn't feasible. There are legitimate and necessary reasons to use it this way.
Example Inventory:
[all:vars]
ansible_user=root
ansible_ssh_user=root
ansible_password="{{ vault_ansible_password }}"
ansible_ssh_password="{{ vault_ansible_ssh_password }}"
ansible_connection=ssh
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[hosts]
myhost1 stuff
myhost2 stuff
My playbook is calling ansible.builtin.shell with delegate_to
If I put the actual password into the inventory it works fine If I use vault to populate these values then it works most of the time and then it eventually stops and will never work again. If I hard code the password again then it works If I switch it back to vault, it starts working again until it doesn't Rinse and repeat
If I use ansible-inventory to view a host's variables, the values are identical when I use a vault vs hardcoding the password.
Any idea why it would work intermittently? Why having a successful run with a hard coded password would fix things so using vault works again?
I would expect it to always work or never work. This behavior is problematic in an automated environment.