I’m having an odd issue with vaulted variable files when running playbooks from my local machine. The vaulted vars are not defined, even though I am supplying the correct password at the prompt. I’ve also tried using --vault-password-file and the outcome doesn’t change.
I’m not sure how to troubleshoot this. The vaulted vars are working fine when I run the playbook from a remote Jenkins box, they only fail locally. Could there be something in my local ansible.cfg, or a setting in another area that ansible is looking at that would override the supplied vault password?
Here is an example playbook:
- hosts: all
gather_facts: False
become: False
tasks:
- name: Test unvaulted var
debug:
var: msr_office_ip
- name: Test vaulted var
debug:
var: vaulted_var
And some output showing the problem:
$ ansible-playbook --vault-id @prompt -i environments/test run_ping_test.yml
Vault password (default):PLAY [all] ***************************************************************************************
TASK [Test unvaulted var] ************************************************************************
ok: [127.0.0.1] => {
“unvaulted_var”: “this text is not vaulted”
}TASK [Test vaulted var] **************************************************************************
ok: [127.0.0.1] => {
“vaulted_var”: “VARIABLE IS NOT DEFINED!”
}PLAY RECAP ***************************************************************************************
127.0.0.1 : ok=2 changed=0 unreachable=0 failed=0
And the contents of test.vault:
$ ansible-vault view environments/test/group_vars/all/test.vault
Vault password:
vaulted_var: this text is vaulted
Anyone have any idea what I am doing wrong? TIA