Not really going to be a way to do this with ansible-pull. When we do the vault feature for 1.5 we can think about how ansible-pull might pass in a vault password, but it's got to come from somewhere.
On Sat, Jan 25, 2014 at 3:08 PM, Brent Langston <[email protected]> wrote: > So here's the story: > > My team is managing some of our secure settings using a set of variables > stored in a file, and encrypted using git-crypt. This has been working > great under the push model, because we all have the key, and have the > secret yaml files decrypted. > > I've rolled out ansible-pull, and obviously, the secret yaml files are > unreadable in the pull model. In my playbook, I have: > > vars_files: > - secured_settings/vars/mysql_accounts.yml.secret > > and when ansible-pull triggers, I get an error: > > ERROR: Could not parse YAML. Check over > /opt/ansible/secured_settings/vars/mysql_accounts.yml.secret again. > > Obviously this error is true, and valid; the file is encrypted. What I'd > like to figure out is how I can continue the playbook, ignoring this error. > Any tasks depending on these variables have conditionals checking to see > that the variable is defined, so it's not a big deal to do a run without > these variables in place. > > I could move these tasks and secured settings out into a totally separate > playbook, but I figured I'd ask here to see if there was an option to skip > an include if there is a problem. > > Thanks > Brent > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- Michael DeHaan <[email protected]> CTO, AnsibleWorks, Inc. http://www.ansibleworks.com/ -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
