Ansible: vars_files cannot see facts or other variables that a role in same play can

Created on 10 Aug 2017 · 3Comments · Source: ansible/ansible

ISSUE TYPE

Bug Report

COMPONENT NAME

playbooks

ANSIBLE VERSION

ansible 2.4.0
  config file = None
  configured module search path = [u'/Users/szabop/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Library/Python/2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.10 (default, Jul 14 2015, 19:46:27) [GCC 4.2.1 Compatible Apple LLVM 6.0

CONFIGURATION

I'm importing roles and plays from another directory so I have in ansible.cfg

[defaults]
roles_path = ../../../deployment/playbooks/roles

OS / ENVIRONMENT

OSX 10.10.5

SUMMARY

When I try to dynamically decide which vault file I want to import by using a variable in vars_files (unit tests shouldn't be using production passwords!) for imported plays, I'm unable to do so using either group_vars, host_vars, or facts set in an setup play. I can only use an ansible command line argument.

STEPS TO REPRODUCE

ansible-playbook -t app_test -i inventories/localhost/local.hosts unit.yml

---
#
# network.yml
#
- name: Setup the networks
  hosts: dockerhosts
  vars_files:
     - demoVars.yml
     - "{{ vault_file }}"   # this will only be valid if declared on the ansible command line.
  roles:
    - role: debug     # note this will print out a valid {{ vault_file }} in all cases (but comment out the vars_files line or it will error first)
    - role: network_setup
      options:
        internal: "{{ networks.internal }}"
        external: "{{ networks.external }}"
        nginx: "{{ networks.nginx }}"
  tags:
    - setup
    - standalone
    - app_test

# unit.yml
---
- name: create facts used to compose variables later in this playbook
  hosts: dockerhosts
  vars:
    esTmpDir: "/tmp/es"
  roles:
    - role: unitenv_setup
  tags:
    - app_test
- import_playbook: ../../../deployment/playbooks/network.yml

EXPECTED RESULTS

If the variable vault_file is specified on the ansible command line using --extra-vars the script runs just fine. It should run just fine when vault_file is set from an inventory file or set as a fact in unitenv_setup, but it does not

ACTUAL RESULTS

Using any method besides the command line to set vault_file, I get the following error:

PLAY [Setup the networks] *********************************************************************
ERROR! vars file {{ vault_file }} was not found

extremely verbose mode:

ETA: ran handlers
META: ran handlers
Read vars_file 'demoVars.yml'
skipping vars_file '{{ vault_file }}' due to an undefined variable
Read vars_file 'demoVars.yml'
skipping vars_file '{{ vault_file }}' due to an undefined variable

PLAY [Setup the networks] *********************************************************************
Read vars_file 'demoVars.yml'
ERROR! vars file {{ vault_file }} was not found

affects_2.4 bug core

Source

pszabop

Most helpful comment

perhaps you should fix the documentation? Not exactly obvious...

pszabop on 11 Aug 2017

👍5

All 3 comments

I note there's something complex about my production environment that I can't seem to get into a simple sharable reproduction. At any rate, here's the attempt to reproduce.

pszabop on 11 Aug 2017

Possible Misunderstanding

Hi!

Thanks very much for your submission to Ansible. It sincerely means a lot to us.

We believe the ticket you have filed is being somewhat misunderstood, as one thing works a little differently than stated.

facts, host and group vars .. basically any 'host associated vars' are not available for vars_files, only play scoped vars or extra vars are available at that point. Use an include_vars task instead.

In the future, this might be a topic more well suited for the user list, which you can also post here if you'd like some more help with the above.