Hello,
I'm not certain this is a proper "issue" or just a matter of taste, but the way that "include_vars" is used in some playbooks leads to unexpected results.
In particular, I've noticed that the file roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
has a handful of tasks such as
- name: Retrieving authd Credentials
include_vars: authd_pass.yml
tags:
- config
that obliterate the variable if it is declared elsewhere; for instance, as a group variable, within inventory, or as a task variable.
My proposal would be to move the contents of authd_pass.yml
to a vars/main.yml
within the role, and letting standard variable precedence do the work; this proposal would hold for other vars files that are intended to be user-configurable.
Hello dragospe,
I agree that include_vars
is probably not what we want with these variables. I believe these should be on role's default, so users of the role have plenty more options regarding where to store such credentials, because include_vars
has really high precedence.
I'll take the issue, thanks for reporting !
Thanks @neonmei , I just added this to the current milestone.
Thanks!
Most helpful comment
Hello dragospe,
I agree that
include_vars
is probably not what we want with these variables. I believe these should be on role's default, so users of the role have plenty more options regarding where to store such credentials, becauseinclude_vars
has really high precedence.I'll take the issue, thanks for reporting !