An actual photo of me staring at this stupid build. Apparently I was swearing more than usual, and a colleague captured it.

The curious case of sudden Ansible build failures

Andrew Howden
2 min readJul 6, 2018


So, I arrived a little earlier to work today to get some work done. First step: Set up a machine for QA. Luckily, we’ve done lots of work to make this a trivial exercise, it’s a push button operation! Except:

PLAY [apply common configuration to all nodes] *********************************ERROR! Attempting to decrypt but no vault secrets found

Boom. Failure. Now, the change I’d made to deploy this testing machine was beyond innocuous, and should definitely not result in the failure that I saw.

Several annoyed and confused minutes later, I discover this cherry:

[WARNING] Ansible is in a world writable directory (/opt/atlassian/pipelines/agent/build), ignoring it as an ansible.cfg source.

What. Suddenly configuration was being ignored?

Balls. Backing up a step, we keep our build container suuuuper up to date. It looks like Ansible released a new version this morning. Buried in that was this lovely PR:

No more configuration for world writable directories. Now, this makes quite some sense; what doesn’t make sense is why the directory would be world writable for BitBucket Pipelines?! But whatever. A quick and dirty:

    # Correct the permissions on the build environment directory.
# See
chmod 700 /opt/atlassian/pipelines/agent/build

in the build script, and we’re in our way.

Back to the rest of Friday morning, then.