[BUG] Unable to use vault encrypted value for tailscale_authkey
joeypiccola opened this issue · comments
Describe the bug
Ansible role artis3n.tailscale
not accepting Ansible vault encrypted tailscale_authkey
variable.
When using the following to install and configure tailscale I receive the error The conditional check 'not tailscale_authkey' failed. The error was: An unhandled exception occurred while templating '{{ tailscale_authkey }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while templating '{{ tailscale_authkey }}'.
When using the plain text tskey-auth
string it works fine. I am using other vault-encrypted variables without issue, identically scoped in my playbook's var
directory (e.g. vars/main.yaml
).
# tailscale.yaml
- name: Configure Tailscale
include_role:
name: galaxy_roles/artis3n.tailscale
vars:
tailscale_args: "--advertise-exit-node --hostname=colo --accept-routes"
tailscale_authkey: "{{ tailscale_authkey }}"
- name: Set MSP user password
tags: account
user:
name: "{{ msp_user_name }}"
password: "{{ msp_user_password }}"
To Reproduce
Steps to reproduce the behavior:
Encrypt tailscale_authkey
with Ansible vault and place the value in a role's /var/main.yaml
. Use provided yaml
and Ansible vault variable syntax (e.g. "{{ tailscale_authkey }}"
) when leveraging the role artis3n.tailscale
.
Expected behavior
The ansible role should run and not error attempting to validate tailscale_authkey
.
Target (please complete the following information):
- OS: osx
- Ansible version: 2.10.11
- ansible-playbook: 2.10.11
artis3n.tailscale
version: installed_version: v4.2.2- Tailscale version (set
verbose
to true): 1.46.0
During submitting the PR I was using Ansible Vault for tailscale_authkey
. And I was not able to reproduce this.
So, I assume, there is a typo somewhere in the var name or encrypted string.
During submitting the PR I was using Ansible Vault for
tailscale_authkey
. And I was not able to reproduce this. So, I assume, there is a typo somewhere in the var name or encrypted string.
Agreed, I'm using the tailscale_authkey
as an encrypted vault value and it's working well. Could also be that the vars in /var/main.yaml
as OP describes is not being referenced correctly in the playbook?
See: https://github.com/dbrennand/home-ops/blob/dev/ansible/group_vars/tailscale.yml
I encountered this. In my inventory vars file had to save the encrypted string as vault_tailscale_authkey
and then reference it as the required variable tailscale_authkey: "{{ vault_tailscale_authkey }}"
. 🤷🏻♀️