Mark, just give a try with the /etc/ansible/group_vars/all and don't for to add the --ask-vault-pass to your playbook
On Thu, Mar 31, 2016 at 4:18 PM, Mark Matthews <[email protected]> wrote: > Hi guys > > Thank you so much for all your feedback. Getting a little confused as to > what to do now though. > > Do I create the following folder /etc/ansible/group_vars/all and just copy > all the files into that folder? Will that solve the problem? > > Jon - Im not exactly sure what you mean by, "into a separate file and > vault that, then use the child groups mechanism to include the var in > whatever groups you need." > > > Can you not just have one vault file with all variables that you want > secure, and then just refer to those variables in all your playbooks? > > Cheers > > > > On Wednesday, March 30, 2016 at 5:25:50 PM UTC+1, Mark Matthews wrote: >> >> Hi >> >> I am am trying to setup Ansible vault and running into errors. >> >> In my /etc/ansible/group_vars folder I have muliple vars files for >> specific server groups in the host files. These vars files (winservers.yml) >> have the servers login details...for example: >> ansible_ssh_user: Administrator >> ansible_ssh_pass: PASSWORD >> ansible_ssh_port: 5986 >> ansible_connection: winrm >> >> What I want to do is use vault to not have those passwords visable in >> these vars files. >> >> So what I did is create a vault.yml file (using ansible-vault) in the >> group_vars folder. I then added the variables in the file >> --- >> azure_password: PASSWORD1 >> winservers_password: PASSWORD >> >> >> I then changed the above 'winservers.yml' vars file to the following: >> ansible_ssh_user: Administrator >> ansible_ssh_pass: {{ winservers_password }} >> ansible_ssh_port: 5986 >> ansible_connection: winrm >> >> >> I then tried to run a simple playbook on the 'winservers' servers, and >> got the following error: >> >> The error appears to have been in >> '/etc/ansible/group_vars/winservers.yml': line 4, column 20, but may >> be elsewhere in the file depending on the exact syntax problem. >> >> The offending line appears to be: >> >> ansible_ssh_user: Administrator >> ansible_ssh_pass: {{ winservers_password }} >> ^ here >> We could be wrong, but this one looks like it might be an issue with >> missing quotes. Always quote template expression brackets when they >> start a value. For instance: >> >> with_items: >> - {{ foo }} >> >> Should be written as: >> >> with_items: >> - "{{ foo }}" >> >> >> Is there a way of using vault to keep all passwords, and use it in a way >> above? >> >> Cheers >> Mark >> >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/Jloh5KRFLKg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/95a14dd7-3db1-4fba-be56-222b49252e4d%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/95a14dd7-3db1-4fba-be56-222b49252e4d%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMfRAgkOVr9UYoK3iPpifP1LngRq4yTpt7YSUcW906eg4E4u5w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
