"How would you suggest we lay out the project/playbooks to support multiple vault passwords (and on a related note, what do you think of vxd's suggestion in the reddit thread)?"
Possibly could do something like the following on the ansible command line ansible-playbook site.yml -e @production.yml With different vault passwords for: production.yml stage.yml But right now, different files in the same run must have the same vault password. This may imply keeping those variables out of inventory, though I'm not sure it's possible in your case. On Mon, Nov 3, 2014 at 10:09 AM, Colin Nichols <[email protected]> wrote: > Hi Michael, > > My coworker posted on reddit, his synopsis is a bit shorter and sweeter: > http://www.reddit.com/r/ansible/comments/2kxg9s/ansiblevault_and_multiple_vault_passwords_in_17/ > > How would you suggest we lay out the project/playbooks to support multiple > vault passwords (and on a related note, what do you think of vxd's > suggestion in the reddit thread)? > > Also, this seems like a recent development (1.7), and based on the reddit > thread it seems like I'm not the only one who's run across this -- do you > know what the motivation for the change was? > > Thanks, > Colin > > On Saturday, November 1, 2014 10:46:44 AM UTC-4, Michael DeHaan wrote: >> >> Ansible will try to load any group variables things referenced by >> inventory, because it doesn't know what variables you may or may not use. >> >> If it's not a path brought in by inventory or vars_files, etc, it would >> not be loaded. >> >> >> >> On Thu, Oct 30, 2014 at 6:01 PM, Colin Nichols <[email protected]> wrote: >> >>> Hi all, >>> >>> I've been using ansible 1.6.x and I love it -- soo much easier than how >>> I've had to do things in the past :) >>> >>> I'm running into an issue upgrading to 1.7.x. Suddenly all my playbooks >>> refuse to run; ansible errors out saying it needs my vault credentials. >>> The output looks like this: >>> >>> xkillac4@MHK-01:~/project/ansible$ ansible-playbook unittest.yml >>> ERROR: A vault password must be specified to decrypt >>> /home/xkillac4/project/ansible/group_vars/vagrant/vault.yml >>> xkillac4@MHK-01:~/project/ansible$ >>> >>> >>> I feel like I may be missing something obvious, and would really >>> appreciate it if someone took a look at my example below. >>> >>> I boiled the issue down into a toy project, and put it into tarball >>> here: https://www.dropbox.com/s/gu2t7mymyeio838/ansible- >>> testcase.tar.gz?dl=0 >>> (or for the cautious, in a gist here: https://gist.github.com/ >>> c-nichols/aca08301235ddd5b4014 >>> >>> Why does my example error out? Is it expected behavior, given that I >>> don't need anything from the vault and am not referencing any hosts from >>> the group with the vault? Why does this example work with ansible prior to >>> 1.7? >>> >>> What do you guys think? Am I missing something obvious? >>> >>> Thanks, >>> Colin >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/ansible-project/dca55946-e774-4e4c-9bc8- >>> a3fce732ef0e%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/dca55946-e774-4e4c-9bc8-a3fce732ef0e%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/957ad3da-09f3-474d-82d2-41bffd82fcd6%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/957ad3da-09f3-474d-82d2-41bffd82fcd6%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzZVpRRhny%3DK0G26Vg_DVFwMv7pGE2bBi75g5DtwJpeMA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
