Ansible: How do I link Variables, stored in a Vault to a specific host?

Question

I want to encrypt my host credentials in a central secrets.yml file.

How can I tell Ansible, to use the variables?

I tried with this setup:

host_vars/test.yml

ansible_user: {{ test_user }}
ansible_become_pass: {{ test_pass }}

secrets.yml

# Credentials Test Server #

test_user: user
test_pass: password

inventory.yml

all:
  children: 
    test:
      hosts:
        10.10.10.10

playbook.yml

---
- name: Update Server
  hosts: test
  become: yes
  vars_files:
    - secrets.yml

  tasks:
    - name: Update
      ansible.builtin.apt:
        update_cache: yes

For execution I user this command:

ansible-playbook -i inventory.yml secure_linux.yml --ask-vault-pass

During execution I get this Error Message:

fatal: [10.10.10.10]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: root@10.10.10.10: Permission denied (publickey,password).", "unreachable": true}

score 0 · Answer 1 · answered Jan 30 '23 at 14:40

For those credentials to be used by all hosts, use the group_vars/all directory. So you will have the file group_vars/all/secrets.yml, which you will encrypt with ansible-vault.

ansible_user: user
ansible_password: password

You do not need a host_vars file.

score 0 · Answer 2 · answered Jan 30 '23 at 16:49

0

The solution was:

give the host_vars file the right name (10.10.10.10.yml)
add ansible_password as variable
use quotation marks "{{ test_user }}"

answered Jan 30 '23 at 16:49

liegendeacht

1

Ansible: How do I link Variables, stored in a Vault to a specific host?

2 Answers2