Confused about variable precedence

[Greg Hurrell]

Hi,

I had a playbook that I think used to work, but I'm finding now that variables other than the ones I intended are being applied to a particular host. Does the following minimal test case look sane?

I have vars file at roles/mariadb/vars/credentials.yml with some default settings:

---

mysql_root_passphrase: foo

I have a more specific vars file at roles/mariadb/vars/credentials-rails-sandbox.yml ("rails-sandbox" is the hostname in my inventory) with some overrides:

---

mysql_root_passphrase: bar

My inventory, defined in a file called staging, looks like this:

[general]

general-sandbox

[rails]

rails-sandbox

And my playbook, rails.yml, looks like this:

- hosts: rails

  roles:

    - { role: mariadb }

  vars_files:

    - [ "roles/mariadb/vars/credentials-{{ inventory_hostname }}.yml", roles/mariadb/vars/credentials.yml" ]

I apply it with this:

ansible-playbook -i staging rails.yml

But when I come to run the tasks in roles/mariadb/tasks/main.yml, this one ends up using the variables from credentials.yml instead of credentials-rails-sandbox.yml:

- name: mariadb | set up root user credentials

  template:

    src=dot-my.cnf.j2

    dest={{ item.directory }}/.my.cnf

    owner={{ item.username }}

    group={{ item.username }}

    mode=600

  with_items:

    - username: root

      passphrase: '{{ mysql_root_passphrase }}'

      directory: /root

  sudo: yes

I used the debug module to print the inventory_hostname, and it is rails-sandbox like I expect:

- name: mariadb | debug inventory_hostname

  debug: msg="inventory_hostname is {{ inventory_hostname }}"

During the run I also see that the credentials-rails-sandbox.yml file is being read:

GATHERING FACTS ***************************************************************

ok: [rails-sandbox]

rails-sandbox: importing /Users/glh/code/ansible-configs/roles/mariadb/vars/credentials-rails-sandbox.yml

But when the task runs the wrong password is used:

TASK: [mariadb | mariadb | set up root user credentials] **********************

ok: [rails-sandbox] => (item={'username': 'root', 'directory': '/root', 'passphrase': u'foo'})

The docs make me think that the values from my more specific vars file should be taking precedence, but they're not.

Am I misunderstanding the way variable precedence works in Ansible? Any obvious mistakes in here?

Thanks for your help.

-Greg

[James Cammarata]

You should not be using vars files from inside roles as vars_files entries. If you want easily overridden variables put them in defaults/main.yml and then override them either via role parameters or inventory variables (like host_vars and group_vars). 

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f283289f-61e7-4638-85ed-4f88140f49a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Greg Hurrell]

Thanks James. I've re-jigged it as you describe and things are working nicely.

-Greg