You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TLDR: Why does Molecule (or Ansible) prioritize using a playbook's group_vars contents over Molecule's when the files have the same name? How can we enforce that Molecule use the group_vars files in Molecule's configuration instead of the playbook's group_vars?
I have a playbook. The playbook has group_vars files of the same name in both the molecule's group_vars dir as well as the playbook's group_vars dir.
In each scenario, the test instance is placed in the test group. The test group under the top-level group_vars uses the community.hashi_vault.hashi_vault plugin to look up secrets:
This works when the playbook is running on AWX/Ansible Automation Platform because AAP will feel the plugin the necessary credentials and endpoint information. When I run my playbook in Molecule, this of course is not the case, so the test group under molecule/common/group_vars/test.yml has the same variable name, but with a filler value:
hashicorp_vault_value: Not using hashicorp vault
The scenarios link to the group_vars under molecule properly:
I have a task in my playbook that uses the hashicorp_vault_value to write to a Jinja2 template file.
So when I run Molecule, it fails because it tries to use the community.hashi_vault.hashi_vault plugin to do the thing. So this tells me that either Molecule or Ansible (7.1.0) is prioritizing the playbook's top level group_vars over what I'm linking in Molecule.
If I change the group_var filename under molecule's common dir to something else and change the group name in the scenario to that new value, everything works fine.
So... does anyone know how Molecule or Ansible does this under the hood and if it's possible to predictably get Molecule to use the group_vars provided FOR molecule instead of the playbook's group_vars if both have the same filename?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
TLDR: Why does Molecule (or Ansible) prioritize using a playbook's group_vars contents over Molecule's when the files have the same name? How can we enforce that Molecule use the group_vars files in Molecule's configuration instead of the playbook's group_vars?
I have a playbook. The playbook has group_vars files of the same name in both the molecule's group_vars dir as well as the playbook's group_vars dir.
In each scenario, the test instance is placed in the
testgroup. Thetestgroup under the top-level group_vars uses thecommunity.hashi_vault.hashi_vaultplugin to look up secrets:hashicorp_vault_value: '{{ lookup("community.hashi_vault.hashi_vault", "secret/data/some/location/in/vault") }}'This works when the playbook is running on AWX/Ansible Automation Platform because AAP will feel the plugin the necessary credentials and endpoint information. When I run my playbook in Molecule, this of course is not the case, so the
testgroup undermolecule/common/group_vars/test.ymlhas the same variable name, but with a filler value:hashicorp_vault_value: Not using hashicorp vaultThe scenarios link to the
group_varsunder molecule properly:I have a task in my playbook that uses the
hashicorp_vault_valueto write to a Jinja2 template file.So when I run Molecule, it fails because it tries to use the
community.hashi_vault.hashi_vaultplugin to do the thing. So this tells me that either Molecule or Ansible (7.1.0) is prioritizing the playbook's top level group_vars over what I'm linking in Molecule.If I change the group_var filename under molecule's common dir to something else and change the group name in the scenario to that new value, everything works fine.
So... does anyone know how Molecule or Ansible does this under the hood and if it's possible to predictably get Molecule to use the group_vars provided FOR molecule instead of the playbook's group_vars if both have the same filename?
Beta Was this translation helpful? Give feedback.
All reactions