I need to have a file with passwords stored and encrypted using ansible vault, I have created an encrypted file named 'passes' stored in group_vars with this content after decrypting:
---
testvar: password
I have created playbook file:
---
- hosts: [machines]
vars:
include_vars:
file: group_vars/passes
roles:
- role: someroletodeployafilewiththispass
The role just deploys a file with the pass from template which is:
using vaulted var {{ testvar }}
Each time I launch this using tower I get error message
"msg": "AnsibleUndefinedVariable: 'testvar' is undefined"
Any ideas what am I doing wrong? There is no sign that my encrypted file is being decrypted by ansible. And the encrypted file I just pasted:
$ANSIBLE_VAULT;1.1;AES256
303965366239313330646366313238...
Maybe encrypted file should look different so Ansible will decrypt it?
Explanation
In your code, you have created a variable named include_vars, a dictionary with a key file and a string value group_vars/passes.
Solution
The correct syntax to define vars_files in a play is vars_files declaration:
---
- hosts: [machines]
vars_files:
- group_vars/passes
roles:
- someroletodeployafilewiththispass
You can use include_vars, but it is an action module, which should be declared under the tasks, or in your case (because you want it to be executed before roles) in pre_tasks:
---
- hosts: [machines]
pre_tasks:
- include_vars:
file: group_vars/passes
roles:
- someroletodeployafilewiththispass