Understanding var file placements and autoloads

Archives Ansible Project
1

I have two questions regarding variable behavior, given my file structure

My file structure is like so:

/roles /common /provision_ec2 /vars /main.yml /developer_list.yml /tasks /main.yml /group_vars /all /settings.yml /production

First: Why does a task in /roles/provision_ec2/main.yml not automatically load a dictionary (or any list I presume) from /roles/provision_ec2/vars/developer_list.yml? Obviously vars/main.yml is going to get extremely crowded over time, do I have to load any var file not named ‘main.yml’ manually?

Second: If I have added /group_vars/all/settings.yml to the ansible-vault, and run a playbook which doesn’t call any variables from that file, I have realized I need to put in the vault password every time. It of course makes sense to me why this happens (because /all is loaded every time), but is still annoying. Is there a better way to structure my directories to avoid putting the password in every time? Or do I need to just keep it in another directory and manually load it when necessary?

Thanks a lot for the help.

2

First: Why does a task in /roles/provision_ec2/main.yml not automatically
load a dictionary (or any list I presume) from
/roles/provision_ec2/vars/developer_list.yml? Obviously vars/main.yml is
going to get extremely crowded over time, do I have to load any var file not
named 'main.yml' manually?

it does, as long as oyoou import the role, if you are using an include
directly to tasks/main.yml you bypass role semantics and it won't get
loaded.

Second: If I have added /group_vars/all/settings.yml to the ansible-vault,
and run a playbook which doesn't call any variables from that file, I have
realized I need to put in the vault password every time. It of course makes
sense to me why this happens (because /all is loaded every time), but is
still annoying. Is there a better way to structure my directories to avoid
putting the password in every time? Or do I need to just keep it in another
directory and manually load it when necessary?

how would Ansible know that a variable inside that file is not used if
it does not decrypt the file to see which variables it has?

If you don't want a vault used in every play, don't put it in
inventory, reference it in vars_files: in the plays that need it or
set it in a group_vars dir adjacent to the plays that need it.