I'm going to say I am not an ansible expert, so I'm not sure what is causing your problem.
I can only tell you the way I'm setting things up which works for me -- and I'm sure there are other ways of doing things
I tend to use an inventory file for my playbooks using the xml, rather than ini format. I chose to use the xml format since it's consistent with the same format needed within the playbook file.
On the command line I call my playbook with the inventory file and vault-password-file like this with vars.yml=playbook file and hostname.yml=inventory file
ansible-playbook vars.yml -i <hostname.yml> --vault-password-file <vault-password-file>
Within my inventory file I have a structure that looks like the following:
Code:
all:
hosts:
vars:
root_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
alakfjalkfjal;kfja--A_BUNCH_OF_LETTERS_AND_NUMBERS_OF_THE_ENCRYPTED_ROOT_PASSWORD--afadafjdfjd
kaakakladkasdkdadfkasdljafjkadfjkfdjkfadjkfdjkdaffjkdasadfl;knvndapon
adnapofnvpnoapnoeponeweqwpid098ad9daqwen20qwe0ads90cvnadvsnopfdaopdfn
a0adsoidafopn
ansible_become: yes
ansible_become_password: "{{ root_password }}"
root_user: root
# IP address or hostname of web accessible server where the fullchain.pem file is located
remote_ip_address: "10.0.1.158"
# If modifying remote_path please be sure not to add / before or after path since call to remote server
# will be transformed to https://<remote_ip_address>/<remote_path>/
remote_path: "certs"
# Call to remote server will be https://<remote_ip_address>/<remote_path>/<fullchain_pem_file>
fullchain_pem_file: "fullchain.pem"
# Call to remote server will be https://<remote_ip_address>/<remote_path>/<fullchain_pem_hash_file>
fullchain_pem_hash_file: "{{ fullchain_pem_file }}.sha256"
# The following is directory on the server that is read/writeable by the ansible script user
# This can be modified to any temporary directory as all files placed into this directory will be
# removed at the end of the script
local_temp_directory: "/var/tmp"
# local_certificate_directoy refers to directory where the certs will be placed and utilized
# some examples may be /etc/letsencrypt/<domain name>/live
# /usr/local/etc/letsencrypt/<domain name>/live
children:
linux:
hosts:
10.0.1.100:
vars:
local_certificate_directory: /etc/letsencrypt/<domain name>/live
root_group: root
bsd:
hosts:
192.168.1.6:
vars:
local_certificate_directory: /usr/local/etc/letsencrypt<domain name>/live
root_group: wheel
I'm not sure if this helps you or not. I'm certain you could probably not use the inventory file and include the variable at the top of your playbook if needed.
Here's a link to my github which may or may not be of help to you:
https://github.com/kevdogg/ansible_p...me-example.yml
Bookmarks