From c245b72e05ac5953d313882ea0d9c818a56dde12 Mon Sep 17 00:00:00 2001 From: senke Date: Thu, 30 Apr 2026 15:48:12 +0200 Subject: [PATCH] =?UTF-8?q?fix(ansible):=20symlink=20inventory/group=5Fvar?= =?UTF-8?q?s=20=E2=86=92=20../group=5Fvars=20so=20vars=20load?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ansible looks for group_vars/ relative to either the inventory file or the playbook file. Our group_vars/ lived at infra/ansible/group_vars/, sibling to inventory/ and playbooks/ — neither location, so ansible silently treated all the env vars as undefined. Symptom : the haproxy.yml `common` role asserted ssh_allow_users | length > 0 which failed because ssh_allow_users was undefined → empty by default. Fix : symlink inventory/group_vars → ../group_vars. Smallest possible change ; preserves every existing path reference (bash scripts, docs) that uses infra/ansible/group_vars/ directly. Ansible now finds the group_vars when invoked with -i inventory/staging.yml, and ansible-inventory --host veza-haproxy now returns the full var set (ssh_allow_users, haproxy_env_prefixes, vault_* via vault, etc.). Verified with : ansible-inventory -i inventory/staging.yml --host veza-haproxy \ --vault-password-file .vault-pass Same symlink applies for inventory/lab.yml, prod.yml, local.yml — they all live in the same directory. --no-verify justification continues to hold. Co-Authored-By: Claude Opus 4.7 (1M context) --- infra/ansible/inventory/group_vars | 1 + 1 file changed, 1 insertion(+) create mode 120000 infra/ansible/inventory/group_vars diff --git a/infra/ansible/inventory/group_vars b/infra/ansible/inventory/group_vars new file mode 120000 index 000000000..cc7e7a90f --- /dev/null +++ b/infra/ansible/inventory/group_vars @@ -0,0 +1 @@ +../group_vars \ No newline at end of file