3

I want to extend my current Ansible project to also support Linux servers. For that I want to re-use the vault file I have created but I cannot seem to find a solution without duplicating the vault file.

Here's what my current Ansible structure looks like

├── ansible.cfg
├── ansible_pw.sh
├── group_vars
│   └── windows
│       ├── vault.yml
│       └── main.yml
├── inventory.yml
├── main.yml
└── roles
    ├── wait_for_host
    │   └── tasks
    │       └── main.yml
    └── install_software
        └── tasks
            └── main.yml

inventory.yml

---
all:
  children:
    windows:
      hosts:
        win-server.mycompany.com

main.yml

---
- hosts: windows
  tasks:
    - block:
      - include_role: { name: wait_for_host }
      - include_role: { name: install_software }

Playbook is run like this:

ansible-playbook main.yml -i inventory.yml --vault-password-file ./ansible_pw.sh

My idea is to create a new group_vars/linux directory which contains all specific settings which only apply for linux servers.

jansohn
  • 2,246
  • 2
  • 28
  • 40

1 Answers1

3

While writing this question I actually found neat solution. All general settings (including the vault file) can be stored in the default all group (see https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#default-groups) and all Windows/Linux specific settings (like ansible_connection) can be stored in separate directories:

group_vars
 ├── all
 │   ├── main.yml
 │   └── vault.yml
 ├── linux
 │   └── main.yml
 └── windows
     └── main.yml
jansohn
  • 2,246
  • 2
  • 28
  • 40
  • That is exactly the way to do it. If you have other hosts that should have their own vault, you can also create additional groups, as a host can be in several groups. I guess you can accept your answer ;) – toydarian Jun 03 '21 at 11:52