I have a MySQL Ansible role with 2 tags:
configure_mysql_users and configure_mysql_databases. Those tags are used for subsequent deployments of databases and users.
Here is a sample playbook for my test server:
--- - hosts: somehost gather_facts: yes become: yes environment: OP_VAULT: "<snip>" OP_CONNECT_HOST: "<snip>" OP_CONNECT_TOKEN: "<snip>" collections: - onepassword.connect pre_tasks: - onepassword.connect.generic_item: vault_id: "snip" title: somehost state: present fields: - label: root_username value: "root" section: "MYSQL (root)" - label: root_password generate_value: on_create section: "MYSQL (root)" field_type: concealed generator_recipe: length: 16 include_symbols: no - label: testuser_username value: "testuser" section: "MYSQL (testdb)" - label: testuser_password generate_value: on_create section: "MYSQL (testdb)" field_type: concealed generator_recipe: length: 16 include_symbols: no - name: Get root password tags: [ 'always' ] item_info: item: somehost vault: Ansible field: root_password no_log: true register: root_password - name: Get testuser password tags: [ 'always' ] item_info: item: somehost vault: Ansible field: testuser_password no_log: true register: testuser_password vars_files: - host_vars/somehost/mysql.yml roles: - roles/role-deploy-mysql
Initially, I've deployed a server with root user only, and it all went well.
However, I wanted to add a new user called
testuser, so I've added a new item inside
pre_tasks block that should first create a new entry in 1Password, and then fetch that value and assign it to a variable. The playbook above is after those changes.
However, if I run this playbook using the following command:
ansible-playbook -i inv_production somehost.yml -t "configure_mysql_users,configure_mysql_databases" --vault-password-file=.vault --ask-become-pass
It won't create a new entry in 1Password vault for the
testuser, but it will try to fetch the value which does not exist, and then my playbook execution is going to fail.
If I'm to run this playbook without tags, everything will be fine, a new entry will be made inside 1Password vault and the deployment of a new user will succeed.
So, it looks like
onepassword.connect.generic_item is not being executed when playbook is running using tags. I've tried to add an
always tag to it, but it didn't matter too much.
Any ideas how to overcome this issue?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided