How to point `vars` to matching `vault_`?

[jason.b...@cameloverde.com]

I'm using vault for the first time (previously used dotenv) and am following the instructions here.

Specifically, the line:

You should adjust the variables in the vars file to point to the matchingvault_ variables

Any guidance please on how to achieve this?

Many thanks!

[Kai Stian Olstad]

On 23.09.2016 00:24, jason.b...@cameloverde.com wrote:
> I'm using vault for the first time (previously used dotenv) and am
> following the instructions here

> <http://docs.ansible.com/ansible/playbooks_best_practices.html#best-practices-for-variables-and-vaults>
> .

>
> Specifically, the line:
>
> You should adjust the variables in the vars file to point to the
> matching

>> vault_ variables

>>
>
> Any guidance please on how to achieve this?

Lets say you have a group webservers, the doc recommends this approach.


group_vars/webservers/vars
---
password: "{{ vault_password }}"


The vault file can be created with command
ansible-vault create group_vars/webservers/vault
---
vault_password: my_secret_password


In the playbook you use the variable password.

You can add file extension .yml, .yaml or .json on the vars and the
vault file if you prefer.


--
Kai Stian Olstad

[jason.b...@cameloverde.com]

Hi, Kai;

Thanks for your reply.  I followed your instructions (which is what I had already tried) but it doesn't work for me.

Here is my tree:

10:35 $ tree

.

├── group_vars

│   ├── standalone.yml

│   ├── vault.yml

And here is the command I am running:

ansible-playbook -v -i inventory/standalone/standalone services/standalone.yml --vault-password-file ~/.vault_pass.txt -u vagrant --tags "filebeat"

This gives me the following error:

fatal: [192.168.1.99]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: {{ vault_forwarder_crt }}: 'vault_forwarder_crt' is undefined"}

In my standalone.yml I have `forwarder_crt: "{{ vault_forwarder_crt }}"` and then I have the variable `vault_forwarder_crt` in vault.yml (which is encrypted).

Did I miss something from your instructions, or misunderstand?

Thanks in advance!

[Andrew Feller]

Within group_vars there needs to be a directory named after the group which contains vars(.yml) and vault(.yml)

Kai's example uses the group named webservers and works

[jason.b...@cameloverde.com]

Confirmed, works!

Thank you to both!

[Andrew Feller]

Awesome!

Even though you could stick vaults within roles, I wholeheartedly recommend managing them within inventories preferably within groups as it'll let your environments vary and avoid cherry picking hosts.

Sent from my iPhone

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/pkNMCBteDAk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b4c5b6dc-cc3f-4f59-85ab-2aa163518116%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.