Ansible with “Alternative Directory Layout” and using vaults

1
votes

I am trying to use the Alternative Directory Layout and ansible-vaults within. But when i run my playbook, variables which are vault encrypted could not resolve with that directory structure. So what iam doing wrong?

I execute via:

ansible-playbook -i inventories/inv/hosts playbooks/inv/invTest.yml --check --ask-vault

Here is my structure: 

.
├── inventories
│   ├── inv
│   │   ├── group_vars
│   │   │   ├── var.yml
│   │   │   └── vault.yml
│   │   └── hosts
│   └── staging
│       ├── group_vars
│       │   ├── var.yml
│       │   └── vault.yml
│       └── hosts
├── playbooks
│   ├── staging
│   │   └── stagingTest.yml
│   └── inv
│       ├── invTest.retry
│       └── invTest.yml
└── roles
    ├── basic-linux
    │   ├── defaults
    │   │   └── main.yml
    │   └── tasks
    │       └── main.yml
    ├── test
    │   ├── defaults
    │   │   └── main.yml
    │   └── tasks
    │       └── main.yml
    └── webserver
        ├── defaults
        │   └── main.yml
        ├── files
        ├── handler
        │   └── main.yml
        ├── tasks
        │   └── main.yml
        └── templates

this is my hosts file (inventories/inv/hosts):

[inv]
testvm-01    ansible_ssh_port=22    ansible_ssh_host=172.16.0.101    ansible_ssh_user=root
testvm-02    ansible_ssh_port=22    ansible_ssh_host=172.16.0.102    ansible_ssh_user=root

playbook (playbooks/inv/invTest.yml):

---
  - name: this is test
    hosts: inv
    roles:
      - { role: ../../roles/test }
...

role which uses the vault encrypted var (roles/test/tasks/main.yml):

---
  - name: create test folder
    file:
        path: "/opt/test/{{ app_user }}/"
        state: directory
        owner: "{{ default_user }}"
        group: "{{ default_group }}"
        mode: 2755
        recurse: yes
...

var which points to vault (inventories/inv/group_vars/var.yml):

---
app_user: '{{ vault_app_user }}'
app_pass: '{{ vault_app_pass }}'
...

vault file (ansible-vault edit inventories/inv/group_vars/vault.yml):

vault_app_user: itest
vault_app_pass: itest123

The error message iam getting is something like this:

FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: {{ app_user }}: 'app_user' is undefined\n\nThe error appears to have been in 'roles/test/tasks/main.yml': but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: create test folder\n ^ here\n"}

1
ansibleansible-vault

1 Answers

1
votes

You define variable app_user in a file called var.yml stored in group_vars folder.

In your execution line you point to the inventories/inv/hosts as your inventory directory.

It doesn't matter what strings you used in this path -- from Ansible's point of view it sees only:

hosts
group_vars
├── var.yml
└── vault.yml

It will read var.yml for a host group called var and vault.yml for a host group called vault.

In your case -- never.

You likely wanted to organise your files this way:

inventories
└── production
    ├── group_vars
    │   └── inv
    │       ├── var.yml
    │       └── vault.yml
    └── hosts

This way, files in group_vars/inv will be read for hosts in group inv.