The problem was with the format of my group_vars file.
With the file like this:
1 ---
2
3 pass: areallygoodpassword
4 ansible_user: root
5 ansible_ssh_pass: "{{ pass }}"
Everything works perfectly.
The only thing left to do is to upvote my answer.
If I understand correctly, you have a mostly shared ansible run between two servers, but each need to apply a different drupal playbook.
The best way to target hosts for a particular play is inside the playbook. Though it's logical to think that the import_playbook top level action should be targeted to specific hosts, That's not really the way ansible looks at it. Ansible builds a list of plays that contain tasks and roles (themselves containing takss), each of which targeting one or more hosts or groups, and then runs all the plays from the ansible controller host, ruuning each particular task only on the hosts it targets. Thus, what you want to do here is define separate drupal host groups for each site, and then add both playbooks to the main site, each targeting a specific group.
Here's a simplified example:
site.yaml:
- import_playbook: shared.yaml
- import_playbook: drupal_1.yaml
- import_playbook: drupal_2.yaml
shared.yaml has the os setup etc that you refer to, and it needs no change.
drupal_1.yaml looks like this:
- hosts: drupal_site_1
- tasks:
[ ... set up drupal site 1 ... ]
and drupal_2.yaml looks like this:
- hosts: drupal_site_2
- tasks:
[ ... set up drupal site 2 ... ]
Now we just need to make sure the groups are defined in your inventory, and the hosts that should get the first site are in drupal_site_1, and those that should get the second site are in drupal_site_2. You could even make a server be in both groups to serve both sites ( but of course the playbooks would have to be carefully crafted not to interfere). See https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html for information about how you can group your hosts.
Using host groups keeps the targeting logic out of the plays, so it's the ideal way to target different hosts in different plays. You can limit the play to those individual hosts, or you can have a more global site run that includes all the hosts' settings. Each play still only applies to the hosts / groups it targets.
Best Answer
I don't think you can encrypt the hosts file. A much better approach would be to have any sensitive information like credentials stored in a secondary vars file that's encrypted with ansible-vault and then just include that file in your playbook:
Your
inventoryfile contains a host:Your
vars/vars.ymlwill store your credentials:To use more than one host you can add groups in the inventory file. The hosts that are in the specific group are sharing the same credentials:
Your playbook will now have two hosts sections:
The
group1.ymlandgroup2.ymlfiles must share the same password.