Import/handle ansible vars to foreman

Hi,

i have a very simple ansible playbook/tasks to change NTP-servers.
This works well and can be imported and started with foreman except ansible variables are not imported to foreman.

So how to handle this?
I want to set and overwrite the ansible variables via foreman GUI.
Is this possible?
i already read a post where to write variables in default folder but i did not get it working:-(

#pwd
/etc/ansible/roles/test

#cat vars/main.yml
---
# vars file for test
NTP_SERVERS:
  - 192.168.0.15
  - 192.168.0.151
  - 192.168.0.152

#cat tasks/main.yml
---
# tasks file for test

- name: Copy the chrony.conf template file
  template: src=templates/chrony.conf.j2 dest=/etc/chrony.conf
  register: ntp_conf

- name: restart chrony
  service:
    name: chronyd
    state: restarted
  when: ntp_conf.changed

Hi,
foreman imports variables from defaults/main.yml, so when you have that file in your role, the variables should get imported.

1 Like

many thanks it just working now perfect!
One small question: per default the values are hidden. Is there maybe a global switch to have it visible by default?

There is no global setting to change that, but feel free to submit a feature request in redmine.

Thanks! Feature: “set hidden ansible variables values with global setting” should imho be implemented in future as it makes configuration more efficient…however probably a user settings needs to be introduced for users should not see this values…so effort is not soo low…is there a chance to get this feature ??

Adding a setting that would determine if imported variables have hidden/visible values on import is quite easy, having different visibility per user is a bit more complex - whether the value is hidden or not is a variable attribute right now and it would have to be moved into the permission system.

It makes me wonder about the use case and whether this granularity is really needed, something similar can be achieved today by not giving users ‘view_ansible_variables’ permission. Of course, they would not see any variable details, not just the variable value.

Still, if the feature request is in redmine, someone may pick it up and start working on it.

What is the situation with other parameters such as Global or Puppet? I think a user with view_* permission should be able to see all hidden parameters values, but i might be wrong and it requires edit_* permission,
We should have a unified experience for all parameters in my opinion, rather than adding a specific setting for ansible.

i have created a Feature request in redmine for this: Feature #29762: make ansible variables values visible via setting/permissions - Ansible - Foreman

what is the reason that by default the value of imported variables are hidden?

I am not aware of any reason in particular.

then, shouldn’t we just set the default value for imported values to “not hidden”?

PR to fix the issue: Fixes #31651 - show the value of imported values by sbernhard ¡ Pull Request #378 ¡ theforeman/foreman_ansible ¡ GitHub

1 Like

cool if i understand it correctly it was a (hidden) bug :slight_smile:

many thanks

1 Like