5

For automated testing purposes, I'd like to disable the vault when executing ansible-playbook so that the encrypted variables are overridden in the tests.

I've seen the --ask-vault-pass but not the contrary i.e. --no-vault-pass or the like.

The ansible settings don't specify an environment variable to do so.

Bruno Thomas
  • 1,179
  • 17
  • 31
  • 1
    I dont think so there is such option but you can pass a fixed vars for tests using `--vault-id` option – error404 May 06 '19 at 11:25
  • yes and then ansible is searching a password file ; if it cannot decrypt vault files, it fails. – Bruno Thomas May 06 '19 at 11:37
  • 2
    You could use a special configuration file for testing purposes with the vault information deliberatly excluded. – dgw May 06 '19 at 11:50

2 Answers2

3

Maybe you are looking for structure separation by enviroments, something like this:

├── ansible.cfg               # check below.
├── inventories               # directory to group all hosts and variables.
│   ├── production            # "environment" directory as we discussed before.
│   │   ├── group_vars
│   │   │   ├── appserver
│   │   │   │   ├── vars.yml
│   │   │   │   └── vault.yml # encrypted sensitive data.
│   │   │   └── proxyserver
│   │   │       ├── vars.yml
│   │   │       └── vault.yml
│   │   └── inventory
│   ├── staging
│   │   ├── group_vars
│   │   │   ├── appserver
│   │   │   │   ├── vars.yml
│   │   │   │   └── vault.yml # encrypted sensitive data.
│   │   │   └── proxyserver
│   │   │       ├── vars.yml
│   │   │       └── vault.yml
│   │   └── inventory
│   └── development
│       ├── group_vars
│       │   ├── appserver
│       │   │   └── vars.yml  # no need to encrypt for local development.
│       │   └── proxyserver
│       │       └── vars.yml
│       └── inventory
├── site.yml
├── books                     # group all the playbooks under same directory.
│   ├── appserver.yml
│   └── proxyserver.yml
├── roles
│   └── app
└── roles.galaxy              # separate contributed roles
    └── author.proxy

Continue here: https://steyeu.co/posts/ansible-project-layout-for-multistage-environments-based-on-best-practice/#the-suggested-way

johnymachine
  • 781
  • 2
  • 7
  • 28
1

You can create a special configuration file for your tests where the vault information is deliberatly excluded and tell ansible to use this configuration file when running your test playbooks:

ANSIBLE_CONFIG=/my/special.cfg ansible-playbook testplaybook.yml
dgw
  • 13,418
  • 11
  • 56
  • 54
  • Thanks for your suggestion. What we did is having a `test` dir (with all the test stuffs) and we're running tests from here (the ansible.cfg is at the root dir) with shunit2. – Bruno Thomas May 07 '19 at 07:09