ansibleansible-vault

Passing password from vault to unix script

I'm new to ansible.

I'm trying to pick the passwords out of a vault file and pass them to a unix script.

Created oem_vault.yml under group_vars/all

ansible-vault edit groups_vars/all/oem.yml

oem_vault:
user: sysman
password: XXXXXXXXXX

2. create playbook

cat tgt-blackout-oem-on.yml

#!/usr/bin/env ansible-playbook
---

 - name: Turn blackout on for target clone
   hosts: hostapp01
   any_errors_fatal: true
   remote_user: ansible
   become: yes
   become_user: oracle
   roles:
      - oraoem-blackout-on
   vars_files:
      - groups_vars/all/oem.yml

3.create roles and tasks

cd roles/oraoem-blackout-on/

cat main.yml

---
- name: Setting static variables
  set_fact:
    dest: /home/oracle/ansible

- name: Copy the blackout script for the target node
  copy:
    src: "{{ item }}"
    dest: /home/oracle/ansible
    owner: oracle
    group: oinstall
    mode: 0700
  with_items:
    - oem_blackout_on.sh

- name: Performing blackout on
  shell: "cd {{ dest }}; {{ dest }}/oem_blackout_on.sh {{ oem_vault.user }} {{ oem_vault.password }}"
  register: oem_on
  ignore_errors: no
- debug: var=oem_on.stderr_lines
  tags:
    - oem_on

Running execution output:

TASK [oraoem-blackout-on : Performing blackout on]
 *********************************************************************    
fatal: [hostapp01]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'None' has no attribute 'sysman'\n\nThe error appears to be in 'roles/oraoem-blackout-on/tasks/main.yml': line 20, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Performing blackout on\n  ^ here\n"}

I was expecting it to pick up the username and password and pass it to the unix script which then gets executed on the remote server

Solution

  • The name of the directory groups_vars is wrong. The correct name is group_vars

    Given the file

    shell> cat group_vars/all/oem.yml 
oem_vault:
user: sysman
password: XXXXXXXXXX

    the playbook

    shell> cat pb.yml
- hosts: localhost
  tasks:
    - debug:
        var: password

    works as expected

    shell> ansible-playbook pb.yml 

PLAY [localhost] *****************************************************************************

TASK [debug] *********************************************************************************
ok: [localhost] => 
  password: XXXXXXXXXX

PLAY RECAP ***********************************************************************************
localhost: ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

    You'll get the same result when you encrypt the file

    shell> ansible-vault encrypt group_vars/all/oem.yml