Ansible变量优先级和保管库

Question

I am reworking my ansible inventory to use ansible-vault. Everything is working fine however I have an issue with, I think precendence of variables. When I try to make a local connection to ansiblemaster ( localhost 127.0.0.1 ) it seems to be using the sudo passwords of the global configuration instead of that one in the host_vars

this is my setup:

• hosts.ini
• group_vars/all/config.yml
• group_vars/all/secrets.yml
• host_vars/ansiblemaster

So I have this defined in group_vars/all/config.yml:

### GLOBAL ###
ansible_become_password: "{{ secret_ansible_become_password }}"
ansible_password: "{{ secret_ansible_password }}"
ansible_user: "{{ secret_ansible_user }}"

And I have this defined in host_vars/ansiblemaster:

ansible_ssh_host: 127.0.0.1
ansible_user: "{{secret_master_ansible_user}}"
ansible_password: "{{secret_master_ansible_password}}"
ansible_become_password: "{{secret_master_ansible_become_password}}"
ansible_become_user: "{{secret_master_ansible_become_user}}"
ansible_connection: local

I keep getting:

password: \\nsudo: 1 incorrect password attempt\\n" When I run a playbook that makes a local connection and performs sudo.

Does my definition in host_vars/ansiblemaster not overwrite group_vars/all/config ?

Answer 1

I've solved it. Comes down to this: I had a local_action: Task that wasn't picking up the variables for "ansiblemaster" ( which is localhost ) ... I changed it to use delegate_to: ansiblemaster and now it does pick up the variables in my host_vars/

...

not sure if this is best practise.