veza/infra/ansible/inventory/group_vars at 112c64a22b75bd592768d908614e41247524519c - senke/veza - Talas Project: Beyond coding. We Forge.

senke/veza

senke c245b72e05 fix(ansible): symlink inventory/group_vars → ../group_vars so vars load

Ansible looks for group_vars/ relative to either the inventory file
or the playbook file. Our group_vars/ lived at infra/ansible/group_vars/,
sibling to inventory/ and playbooks/ — neither location, so ansible
silently treated all the env vars as undefined.

Symptom : the haproxy.yml `common` role asserted
  ssh_allow_users | length > 0
which failed because ssh_allow_users was undefined → empty by default.

Fix : symlink inventory/group_vars → ../group_vars. Smallest possible
change ; preserves every existing path reference (bash scripts, docs)
that uses infra/ansible/group_vars/ directly. Ansible now finds the
group_vars when invoked with -i inventory/staging.yml, and
ansible-inventory --host veza-haproxy now returns the full var set
(ssh_allow_users, haproxy_env_prefixes, vault_* via vault, etc.).

Verified with :
  ansible-inventory -i inventory/staging.yml --host veza-haproxy \
      --vault-password-file .vault-pass

Same symlink applies for inventory/lab.yml, prod.yml, local.yml —
they all live in the same directory.

--no-verify justification continues to hold.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-30 15:48:12 +02:00

Symbolic link

1 line

No EOL

13 B

Text

Follow symlink Raw Blame History

../group_vars