ansible_vault_password_file

Archives Ansible Project
1

Hello,

I try to run a playbook to connect to a windows server with host external parameters set this way:

In my inventory file, I only want to set these parameter: ansible_host and ansible_user
[windows]
ansible_host=server.fr.test ansible_user=ansible

all parameters about connection are in the playbook/group_vars/windows.yml file this way:

ansible_vault_password_file: ~/host_vars/ansible.yml
ansible_connection: winrm
ansible_port: 5986
ansible_winrm_server_cert_validation: ignore

I had the ansible_vault_password_file , so I hope when running the playbook, the password file will be found in the playbook/host_vars/ansible.yml encrypted file.

But I receive the following error:

fatal: [test1]: UNREACHABLE! => {“changed”: false, “msg”: “ssl: auth method ssl requires a password”, “unreachable”: true}

if I set the password in the inventory file, the connection is ok.
Where am I wrong ?

Regards

2

with the -vvvvv option, it shows the group_vars/windows.yml is correctly read, but the ansible_vaut_password_file parameter seems to be useless:

TASK [setup] *******************************************************************
<server.fr.test> ESTABLISH WINRM CONNECTION FOR USER: ansible on PORT 5986 TO server.fr.test
<server.fr.test> WINRM CONNECT: transport=ssl endpoint=https://server.fr.test:5986/wsman
<server.fr.test> WINRM CONNECTION ERROR: auth method ssl requires a password

Here is the command to run the playbook:
ansible-playbook -i ./win.ini -vvvvv connection.yml --ask-vault-pass

3

The error does occur when running the parameter on the command line:
ansible-playbook -i ./win.ini -vvvvv connection.yml --vault-password-file ~/windows_vault/host_vars/ansible.yml

I am running Ansible version 2.1.

4

I misunderstood the utility of the ansible_vaut_password_file parameter which is to point at the file containing the vault password and not the password to connect.
I will rewrite the host_vars and group_vars files