Hello,
Using ansible 2.9.19 in a RHEL7.8 server
python version = 2.7.5
I am trying to set facts from a lookup into a csv file. The playbook works but as the facts set are passwords, I need to encrypt the content to the file.
I did : ansible-vault encrypt " hpe_sut_security_store .csv"
This is the task to set up the variables:
- name: read credentials from csv file
set_fact:
hpe_sut_cred_user: “{{ lookup(‘csvfile’, inventory_hostname +’ file=hpe_sut_security_store.csv delimiter=; col=1’) }}”
hpe_sut_cred_pwd: “{{ lookup(‘csvfile’, inventory_hostname +’ file=hpe_sut_security_store.csv delimiter=; col=2’) }}”
But set_fact or the lookup(‘csvfile’) is not trying to decrypt the file! so the output is always an empty variable. It doesn’t matter if I don’t add the --ask-vault tags
ansible-playbook -vv play_single_prod.yml --ask-vault
ansible-playbook -vv play_single_prod.yml
gives the same result. I would expect not having the --ask-vault tag to fail the playbook what leads me to think, that the file is not seen as encrypted?
is there something wrong I am doing or it is expected behaviour that set_fact or lookup(csvfile) wont see it as en encrypted file?
Just in case, file is properly encrypted:
head files/hpe_sut_credentials.csv
$ANSIBLE_VAULT;1.1;AES256
32346262623864346531656630663766623162383631653932643762353131656132393438366239
3962396438343938363439356330363964333431636433360a613630666666326139343763313163
39323063383565333231373237376263393239393864303137343734356364343133303539393533
3239636436363965620a653730383263663833653235666330636234353834663662326434666362
Thanks in advance
Pablo Garcia