2
votes

I need to have a file with passwords stored and encrypted using ansible vault, I have created an encrypted file named 'passes' stored in group_vars with this content after decrypting:

---
testvar: password

I have created playbook file:

---
- hosts: [machines]

  vars:
    include_vars: 
      file: group_vars/passes


  roles: 

  - role: someroletodeployafilewiththispass

The role just deploys a file with the pass from template which is:

using vaulted var {{ testvar }}

Each time I launch this using tower I get error message

"msg": "AnsibleUndefinedVariable: 'testvar' is undefined"

Any ideas what am I doing wrong? There is no sign that my encrypted file is being decrypted by ansible. And the encrypted file I just pasted:

$ANSIBLE_VAULT;1.1;AES256
303965366239313330646366313238...

Maybe encrypted file should look different so Ansible will decrypt it?

1

1 Answers

4
votes

Explanation

In your code, you have created a variable named include_vars, a dictionary with a key file and a string value group_vars/passes.


Solution

The correct syntax to define vars_files in a play is vars_files declaration:

---
- hosts: [machines]
  vars_files:
    - group_vars/passes
  roles: 
    - someroletodeployafilewiththispass

You can use include_vars, but it is an action module, which should be declared under the tasks, or in your case (because you want it to be executed before roles) in pre_tasks:

---
- hosts: [machines]
  pre_tasks:
    - include_vars: 
        file: group_vars/passes
  roles: 
    - someroletodeployafilewiththispass