Help setting up new Ansible role



I’m trying to write an Ansible role and I’m failing at the first hurdle.

I’ve created roles/b2-backups/tasks/main.yml.

I’ve successfully tested this and created a flag for the task in server.yml, which just installs a pip package at the moment. However, I’d like to be able to set up a couple of values within vault.yml and use those in a command. For example, in vault.yml:

        db_password: "XXXXXXX"
        # Generate your keys here:
        auth_key: "L}./?)/^hC_Kja>%]qV$vJ[IDUh3y(j?XtL-o|a&<-tl@GCgO}VEzy#bsI!6NM4}"
        secure_auth_key: "U$/Hm.#n??@(?7rZr:yoFEBkg*bH[_O$OJG4!JaxT0OQNH]p@/d|Ai2:+t@Q!,Qk"
        logged_in_key: "R`kFoe;%_nk1egbXcV209oB,lXVk0Wh5d;N8K66E1l26W}*RL)EF{>iv|`PFcl4o"
        nonce_key: "*n4<MSBs)E#sPzHlT]HPrAd;5pgcok^7/Q<tvY-hQwU;2Q}z<Jsh!X17Y53hdf6_"
        auth_salt: "c_PH>jw2!_,+K$LUvr_Y3Wy6_2=9j_ZI#%kz@fM3Nb!Uc,]+Z9?GKHO[8}NZdB)S"
        secure_auth_salt: "(<uh1n!b6!CX:n8WjaR]YR,&3wNs6}f}5Uq0g.b2EI!JuUaoIy6W3<z;N}cpv]a3"
        logged_in_salt: "5Sll]@pqPMB:Mc;TT7+?`VsbdqkHDNXVMuDz@zG/:fxI&gl3P@S:dxVf8qvTl;Yl"
        nonce_salt: "O=<#H`D!H)3Pu,{x{.E#,V;lsk:MNF,Ek5e[_ZZ1E^_2|z>/7E0;eyszD^:xDV1;"
        # B2 credentials
        b2_account_id: XXXXXXX
        b2_application_key: XXXXXXX

And then within the task’s main.yaml, something like:

- name: Authorize B2 account via CLI
  shell: b2 authorize-account {{ site_env.b2_account_id }} {{ site_env.b2_application_key }}

This results in an error when running the task:

the field 'args' has an invalid value, which appears to include a variable
that is undefined. The error was: {{ wordpress_env_defaults |
combine(item.value.env | default({}), vault_wordpress_sites[item.key].env)
}}: {u'wp_env': u'{{ env }}', u'db_user': u'{{ item.key | underscore }}',
u'disable_wp_cron': True, u'wp_siteurl': u"{{ ssl_enabled | ternary('https',
'http') }}://{{ site_hosts_canonical | first }}/wp", u'db_name': u'{{
item.key | underscore }}_{{ env }}', u'db_host': u'localhost', u'wp_home':
u"{{ ssl_enabled | ternary('https', 'http') }}://{{ site_hosts_canonical |
first }}"}: 'item' is undefined

I’m guessing I’m totally going about this the wrong way and I’ve tried looking at the other tasks but I’m at a bit of a loss!


When an Ansible task loops over list items (with_items) or elements of a dictionary (with_dict) , it makes the item variable available during each loop.

Trellis creates the site_env var for use in looping tasks, so the variable definition refers to an item variable. For example, the “Create database of sites” task uses with_dict: "{{ wordpress_sites }}", which is probably what your task needs for item to be defined, and for your shell command to loop over each of your sites.

If it turns out you only need to “Authorize B2 account via CLI” just once, rather than for each site, you could just put the #B2 credentials at the end of the vault.yml file in their own section, with no indentation (i.e., not part of vault_wordpress_sites). Then:

  - name: Authorize B2 account via CLI
-   shell: b2 authorize-account {{ site_env.b2_account_id }} {{ site_env.b2_application_key }}
+   shell: b2 authorize-account {{ b2_account_id }} {{ b2_application_key }}


Informative, a full written explanation and contextual example given… you, sir, are the best.

Worked first time.

It does feel like I’m learning at such a vast pace as I dig a bit deeper into Trellis :slight_smile: