"vault.yml" is not a magical filename, you still need to use a "use_vars:"
task to pull in the contents of that file. If you have provided the vault
password (either via --ask-vault or via a vault password file), then that
file will be decrypted and the variables within it will be evaluated.
On Wednesday, 30 March 2016 17:51:21 UTC+1, Mark Matthews wrote:
>
> Hi
>
> Its definitely a step further!
>
> But I get the following error now:
> fatal: [10.10.3.168]: FAILED! => {"failed": true, "msg":
> "'winservers_password' is undefined"}
>
> Its as if it doesn't know where to look for the variable? Should it just
> know to ready the variable from the 'vault.yml' file?
>
>
>
> On Wednesday, March 30, 2016 at 5:25:50 PM UTC+1, Mark Matthews wrote:
>>
>> Hi
>>
>> I am am trying to setup Ansible vault and running into errors.
>>
>> In my /etc/ansible/group_vars folder I have muliple vars files for
>> specific server groups in the host files. These vars files (winservers.yml)
>> have the servers login details...for example:
>> ansible_ssh_user: Administrator
>> ansible_ssh_pass: PASSWORD
>> ansible_ssh_port: 5986
>> ansible_connection: winrm
>>
>> What I want to do is use vault to not have those passwords visable in
>> these vars files.
>>
>> So what I did is create a vault.yml file (using ansible-vault) in the
>> group_vars folder. I then added the variables in the file
>> ---
>> azure_password: PASSWORD1
>> winservers_password: PASSWORD
>>
>>
>> I then changed the above 'winservers.yml' vars file to the following:
>> ansible_ssh_user: Administrator
>> ansible_ssh_pass: {{ winservers_password }}
>> ansible_ssh_port: 5986
>> ansible_connection: winrm
>>
>>
>> I then tried to run a simple playbook on the 'winservers' servers, and
>> got the following error:
>>
>> The error appears to have been in
>> '/etc/ansible/group_vars/winservers.yml': line 4, column 20, but may
>> be elsewhere in the file depending on the exact syntax problem.
>>
>> The offending line appears to be:
>>
>> ansible_ssh_user: Administrator
>> ansible_ssh_pass: {{ winservers_password }}
>> ^ here
>> We could be wrong, but this one looks like it might be an issue with
>> missing quotes. Always quote template expression brackets when they
>> start a value. For instance:
>>
>> with_items:
>> - {{ foo }}
>>
>> Should be written as:
>>
>> with_items:
>> - "{{ foo }}"
>>
>>
>> Is there a way of using vault to keep all passwords, and use it in a way
>> above?
>>
>> Cheers
>> Mark
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/aa01b587-a730-467f-99ae-8598c140a08f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
