Hi guys
Thank you so much for all your feedback. Getting a little confused as to
what to do now though.
Do I create the following folder /etc/ansible/group_vars/all and just copy
all the files into that folder? Will that solve the problem?
Jon - Im not exactly sure what you mean by, "into a separate file and vault
that, then use the child groups mechanism to include the var in whatever
groups you need."
Can you not just have one vault file with all variables that you want
secure, and then just refer to those variables in all your playbooks?
Cheers
On Wednesday, March 30, 2016 at 5:25:50 PM UTC+1, Mark Matthews wrote:
>
> Hi
>
> I am am trying to setup Ansible vault and running into errors.
>
> In my /etc/ansible/group_vars folder I have muliple vars files for
> specific server groups in the host files. These vars files (winservers.yml)
> have the servers login details...for example:
> ansible_ssh_user: Administrator
> ansible_ssh_pass: PASSWORD
> ansible_ssh_port: 5986
> ansible_connection: winrm
>
> What I want to do is use vault to not have those passwords visable in
> these vars files.
>
> So what I did is create a vault.yml file (using ansible-vault) in the
> group_vars folder. I then added the variables in the file
> ---
> azure_password: PASSWORD1
> winservers_password: PASSWORD
>
>
> I then changed the above 'winservers.yml' vars file to the following:
> ansible_ssh_user: Administrator
> ansible_ssh_pass: {{ winservers_password }}
> ansible_ssh_port: 5986
> ansible_connection: winrm
>
>
> I then tried to run a simple playbook on the 'winservers' servers, and got
> the following error:
>
> The error appears to have been in
> '/etc/ansible/group_vars/winservers.yml': line 4, column 20, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ansible_ssh_user: Administrator
> ansible_ssh_pass: {{ winservers_password }}
> ^ here
> We could be wrong, but this one looks like it might be an issue with
> missing quotes. Always quote template expression brackets when they
> start a value. For instance:
>
> with_items:
> - {{ foo }}
>
> Should be written as:
>
> with_items:
> - "{{ foo }}"
>
>
> Is there a way of using vault to keep all passwords, and use it in a way
> above?
>
> Cheers
> Mark
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/95a14dd7-3db1-4fba-be56-222b49252e4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
