I’m trying to use an inventory.inifile as a source in AWX (version 24.6.1), but I’m running into issues when the inventory references variables stored in an Ansible Vault.
My inventory.ini looks like this:
[my_servers]
prod01 ansible_host=X.X.X.X cluster_private_ip=10.10.20.1 private_ip_for_ceph=10.10.10.1
[hetzner_servers:vars]
ansible_user=admin
ansible_ssh_private_key_file=./ansible/ssh_keys/{{ ansible_host }}_key
ansible_port=2222
ceph_network=10.10.10.0/24
[all:vars]
ssh_user=admin
ansible_python_interpreter=/usr/bin/python3
db_user=postgres
My project structure is:
.
├── group_vars
│ └── all.yml (encrypted using Ansible vault)
├── inventory.ini
├── inventory_root.ini
The structure of my all.yml file is:
robot_user: "secret"
robot_pass: "secret!"
hetzner_api_token: "secret"
proxmox_api_token: "secret"
haproxy_password: "secret"
db_password: "secret"
root_passwords:
"X.X.X.X": "secret"
admin_passwords:
"X.X.X.X": "secret"
When I try to add this inventory in AWX as a “Project” source, I get the following error:
ERROR! Attempting to decrypt but no vault secrets found
I’ve tried pointing AWX to the vault password file, but it still fails to decrypt the variables.
Questions:
-
How can I configure AWX to properly use an inventory that references vault variables?
-
Should I add the vault credentials somewhere in AWX, and if so, where?
-
Is it possible to use
inventory.inidirectly with vaulted variables, or do I need to restructure it?
