Okay thanks for the clarification. So there's no way to only give access to vaulted files in host_vars or group_vars to certain users (but let other users run playbooks that don't require a vault file)?
On 17 May 2016 at 16:13, Matt Martz <[email protected]> wrote: > There is no current way. The way ansible inventory works is that all > inventory files, including host vars and group vars are read and parsed > before ansible really starts doing much of anything. > > There also isn't any way to know whether you may try to access an vaulted > var for another host or group, that isn't targeted by the play, which is > often done. > > On Tue, May 17, 2016 at 4:11 PM, Andrew Martin <[email protected]> > wrote: > >> Hello, >> >> I am running ansible 2.0.2 on Ubuntu 14.04. I have several vaulted >> host-specific or group-specific files in host_vars or group_vars, so >> whenever I run "ansible-playbook", I pass the "--ask-vault" option. I >> noticed some odd behavior - if I run with "--ask-vault" and strace the >> "ansible-playbook" process, I see that it needs to read (and thus decrypt >> if vaulted) ALL of the files in host_vars and group_vars, not just the >> host_vars/myhost or host_vars/mygroup specific files that apply to the >> hosts I'm running on (as defined in the inventory file). How can I >> configure ansible to only read the specific host_vars and group_vars files >> that it needs, rather than this entire directory every time? Because it is >> reading every file, it takes a lot longer (since it has to decrypt all of >> the vault files, even ones that aren't used). >> >> Thanks! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/185eb7ef-991c-48c6-8253-ad2a0dfc4d9a%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/185eb7ef-991c-48c6-8253-ad2a0dfc4d9a%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Matt Martz > @sivel > sivel.net > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/v6o6hXxoyVs/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAD8N0v956B230ZLTxecqHYM3KRXV6UpVisLJBepZfhKSvuxczg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAD8N0v956B230ZLTxecqHYM3KRXV6UpVisLJBepZfhKSvuxczg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAE%2B0DR7HU%2Bt0McWvyQjFaXhyEp5nruPx%2BySDxLohZbEfPQTJpQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
