I’m currently building out a PoC with Ansible Tower to manage our primarily windows environment.
I’ve had everything working from the command line before starting with Tower, that that was using a static inventory.
The problem I’m having right now is finding a method for specifying the connection variables for windows servers (without also having them applied to non windows servers).
The variables I need to setup are:
ansible_user: ansible@MYDOMAIN.AD
ansible_password: >-
!vault | $ANSIBLE_VAULT;1.1;AES256
35663130633434366336353562303031613263663936653164383937353362643531343561373365
6165663533336561353137333166613062663631356630340a393764666466346165316337626336
39353764316532693166323931363264363137343466343563613663366434313261623265643066
3130313935343866350a346166363061616338623662343763613630343362653061376465303835
6535
ansible_port: 5985
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_winrm_transport: kerberos
I was able to manually add them to the ec2 tag based group that i’ve setup for the windows machines, and while they were picked up, it appears to not know that it needs to decrypt the password, and putting that vault value in with the standard syntax (no >- at the start) just throws a parsing error on save.
Though even if I do get this method working if we ever need to rebuild the inventory from scratch those values would be lost.
I have read through dozens of issue reports, blog posts, and google group posts on this topic and couldn’t find any solutions or even other ideas to try.