made vault file visible

run.sh

@@ -61,23 +61,24 @@ if [ ! -z "$ANSIBLE_HOSTS" ] ; then
 fi
 
 #echo "Find vault encrypted files if any"
-if [ -d ./group_vars ] ; then
+#if [ -d ./group_vars ] ; then
-    VAULT_GROUP_FILES=$( find ./group_vars -name \*vault\* )
+#    VAULT_GROUP_FILES=$( find ./group_vars -name \*vault\* )
-fi
+#fi
-if [ -d ./host_vars ] ; then
+#if [ -d ./host_vars ] ; then
-    VAULT_HOST_FILES=$( find ./host_vars -name \*vault\* )
+#    VAULT_HOST_FILES=$( find ./host_vars -name \*vault\* )
-fi
+#fi
  
-if [ -n "$VAULT_GROUP_FILES" ] || [ -n "$VAULT_HOST_FILES" ] ; then
+#if [ -n "$VAULT_GROUP_FILES" ] || [ -n "$VAULT_HOST_FILES" ] ; then
     # Vault requires a password.
     # To encrypt a password for a user: python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('<password>')"
-    if [ -f ~/.conductor_ansible_vault_pass.txt ] ; then
+#    if [ -f ~/.conductor_ansible_vault_pass.txt ] ; then
-        PLAY_OPTS="$PLAY_OPTS --vault-password-file=~/.conductor_ansible_vault_pass.txt"
+#        PLAY_OPTS="$PLAY_OPTS --vault-password-file=~/.conductor_ansible_vault_pass.txt"
-    else
+#    else
-        echo "There are password protected encrypted files, we will ask for password before proceeding"
+#        echo "There are password protected encrypted files, we will ask for password before proceeding"
-        PLAY_OPTS="$PLAY_OPTS --ask-vault-pass"
+#        PLAY_OPTS="$PLAY_OPTS --ask-vault-pass"
-    fi
+#    fi
-fi
+#fi
+PLAY_OPTS="$PLAY_OPTS --ask-vault-pass"
 
 # Main
 ansible-playbook $PLAY_OPTS $MAIN $@

site-prod.yaml

@@ -1,5 +1,7 @@
 ---
 - hosts: prod_infra
+  vars_files:
+    - roles/external-postgres/defaults/vault_main.yaml
   vars:
     cluster_check: true
     conductor_workers_server: http://conductor-server:8080/api