[英]Ansible variable precedence and vault
I am reworking my ansible inventory to use ansible-vault. 我正在重新整理ansible库存以使用ansible-Vault。 Everything is working fine however I have an issue with, I think precendence of variables.
一切工作正常,但是我有一个问题,我认为变量优先。 When I try to make a local connection to ansiblemaster ( localhost 127.0.0.1 ) it seems to be using the sudo passwords of the global configuration instead of that one in the host_vars
当我尝试与ansiblemaster(localhost 127.0.0.1)建立本地连接时,似乎正在使用全局配置的sudo密码,而不是host_vars中的那个密码。
this is my setup: 这是我的设置:
So I have this defined in group_vars/all/config.yml: 所以我在group_vars / all / config.yml中定义了这个:
### GLOBAL ###
ansible_become_password: "{{ secret_ansible_become_password }}"
ansible_password: "{{ secret_ansible_password }}"
ansible_user: "{{ secret_ansible_user }}"
And I have this defined in host_vars/ansiblemaster: 我在host_vars / ansiblemaster中定义了这个:
ansible_ssh_host: 127.0.0.1
ansible_user: "{{secret_master_ansible_user}}"
ansible_password: "{{secret_master_ansible_password}}"
ansible_become_password: "{{secret_master_ansible_become_password}}"
ansible_become_user: "{{secret_master_ansible_become_user}}"
ansible_connection: local
I keep getting: 我不断得到:
password: \\nsudo: 1 incorrect password attempt\\n" When I run a playbook that makes a local connection and performs sudo.
密码:\\ nsudo:1次错误密码尝试\\ n“当我运行建立本地连接并执行sudo的剧本时。
Does my definition in host_vars/ansiblemaster not overwrite group_vars/all/config ? 我在host_vars / ansiblemaster中的定义不会覆盖group_vars / all / config吗?
I've solved it. 我已经解决了 Comes down to this: I had a local_action: Task that wasn't picking up the variables for "ansiblemaster" ( which is localhost ) ... I changed it to use delegate_to: ansiblemaster and now it does pick up the variables in my host_vars/
归结为:我有一个local_action:任务没有为“ ansiblemaster”(即localhost)选择变量...我将其更改为使用委托_到:ansiblemaster,现在它确实在host_vars中选择了变量/
... ...
not sure if this is best practise. 不知道这是否是最佳实践。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.