I’m moving a bunch of playbooks to a collection, so I can share them across multiple projects.
And I’m running into something I did not expect:
I use vaults in host_vars and group_vars directories in the project directory, specifically to let Ansible Automation Platform (awx) handle them (for some reason, Red Hat thinks it should not be allowed to use encrypted vault files in your inventory, although you can use encryptString). Anyway, this works fine for me so far.
├── playbook.yml
├── collections
├── inventory
│ ├── inventory1
│ │ ├── group_vars
│ │ │ └── DEV
│ │ └── host_vars
│ │ └── server1
│ └── inventory2
── group_vars
│ ├── all
│ └── DEV
├── host_vars
│ └── server1
├── templates
├── roles
└── files
Unfortunately, this does not work for playbooks I run from the collections (I use FQDN to run the playbook).
So in this example, the playbook.yml would contain an import_playbook
line.
- name: import playbook
import_playbook: my.namespace.playbook1
The reason for the playbook importing a playbook from the collection , is also in AAP, where it’s not (yet) possible to start playbooks from a collection.
The reason is kinda obvious, the playbook_dir in the playbook in the collection, is not the playbook_dir for my project, but a directory in the collection. So it cannot locate my host_vars/group_vars directories with the encrypted vault files.
I would like to see an option where I can select what the playbook directory (as used by the host_group_vars plugin) needs to be when using playbooks from a collection (eg. something like PLAYBOOK_DIR_FROM_COLLECTION = false)