Hi Mark,
Bit late to this one but as well as using group_vars folders I'd suggest
organizing things so that you aren't trying to do this:
ansible_ssh_pass: {{ winservers_password }}
so you can avoid a vault lookup of a var. Instead I'd put the
ansible_ssh_pass: ACTUAL_SECRET_PASSWORD
into a separate file and vault that, then use the child groups mechanism to
include the var in whatever groups you need.
Oh yeah, while you are orgainising things, might be worth switching to the
new names e.g. ansible_user instead of ansible_ssh_user as I imagine the
old names will get deprecated at some point.
HTH
Jon
On Wednesday, 30 March 2016 17:25:50 UTC+1, Mark Matthews wrote:
>
> Hi
>
> I am am trying to setup Ansible vault and running into errors.
>
> In my /etc/ansible/group_vars folder I have muliple vars files for
> specific server groups in the host files. These vars files (winservers.yml)
> have the servers login details...for example:
> ansible_ssh_user: Administrator
> ansible_ssh_pass: PASSWORD
> ansible_ssh_port: 5986
> ansible_connection: winrm
>
> What I want to do is use vault to not have those passwords visable in
> these vars files.
>
> So what I did is create a vault.yml file (using ansible-vault) in the
> group_vars folder. I then added the variables in the file
> ---
> azure_password: PASSWORD1
> winservers_password: PASSWORD
>
>
> I then changed the above 'winservers.yml' vars file to the following:
> ansible_ssh_user: Administrator
> ansible_ssh_pass: {{ winservers_password }}
> ansible_ssh_port: 5986
> ansible_connection: winrm
>
>
> I then tried to run a simple playbook on the 'winservers' servers, and got
> the following error:
>
> The error appears to have been in
> '/etc/ansible/group_vars/winservers.yml': line 4, column 20, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ansible_ssh_user: Administrator
> ansible_ssh_pass: {{ winservers_password }}
> ^ here
> We could be wrong, but this one looks like it might be an issue with
> missing quotes. Always quote template expression brackets when they
> start a value. For instance:
>
> with_items:
> - {{ foo }}
>
> Should be written as:
>
> with_items:
> - "{{ foo }}"
>
>
> Is there a way of using vault to keep all passwords, and use it in a way
> above?
>
> Cheers
> Mark
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7b15a1fe-0be6-456f-b8c3-ae63cb0de53d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
