Hi!
I get it. Interesting.
Let me share my config/steps to discard any environment issue (with some questions).
1- In my Ansible project space I created a directory called vars and a YAML vault file called main.yml with the following content.
USER_NAME: 'vagrant'2- I encrypted the file with:
ansble-vault encrypt main.yml3- Now, to test this conf, I ran a basic playbook called ping_vault.yml (did you test your Ansible config directly?):
- hosts: all vars_files: - /home/user/Deployments/Ansible/config/vars/main.yml tasks: - name: Ping ping: ansible-playbook ping_vault.yml --ask-vault-passAll good so far:
PLAY [all] ********************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************** ok: [192.168.56.21] ok: [192.168.56.22] ok: [192.168.56.20] TASK [Ping] ********************************************************************************************************* ok: [192.168.56.20] ok: [192.168.56.21] ok: [192.168.56.22] PLAY RECAP ********************************************************************************************************** 192.168.56.20 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.56.21 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.56.22 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0Now this is my ansible.cfg file content:
[defaults] ; this is a .ini standard static inventory inventory=/home/user/Deployments/Ansible/config/hosts ; no cows, please nocows=1My inventory file: (the host file):
[the_farm] 192.168.56.20 192.168.56.21 192.168.56.22 [the_farm:vars] use_extra_vars=true ansible_user= {{ USER_NAME }}4- Now, in Rundeck I created a new Ansible project following this.
This is my model source config (I added the vault file path/password).
5- I created a Job as follows (contains the same playbook as an inline playbook step). Is your job created with the Ansible vault file path/password?
- defaultTab: nodes description: '' executionEnabled: true id: c2c64069-2ac8-4857-b872-87e3191539ce loglevel: INFO name: VaultTest nodeFilterEditable: false nodefilters: dispatch: excludePrecedence: true keepgoing: false rankOrder: ascending successOnEmptyNodeFilter: false threadcount: '1' filter: 192.* nodesSelectedByDefault: true plugins: ExecutionLifecycle: {} scheduleEnabled: true sequence: commands: - configuration: ansible-base-dir-path: /home/user/Deployments/Ansible/config/ ansible-become: 'false' ansible-binaries-dir-path: /home/user/.local/bin/ ansible-encrypt-extra-vars: 'false' ansible-playbook-inline: |- - hosts: all vars_files: - /home/user/Deployments/Ansible/config/vars/main.yml tasks: - name: Ping ping: ansible-ssh-passphrase-option: option.password ansible-ssh-use-agent: 'false' ansible-vault-storage-path: keys/vaultpasswd nodeStep: true type: com.batix.rundeck.plugins.AnsiblePlaybookInlineWorkflowNodeStep keepgoing: false strategy: node-first uuid: c2c64069-2ac8-4857-b872-87e3191539ceThat job works well.
Rundeck 5.4.0 / Ansible [ core 2.13.5] (Could you test with this specific version?).
Regards!