2

我正在尝试(新手)设置一个剧本,它将使用查找插件从保险库(https://github.com/jhaals/ansible-vault)中获取机密,但每次都会因缺少环境变量而失败。任何人都可以帮忙吗?谢谢您的帮助。

PS:token 仅供测试

查找模块中有条件:

url = os.getenv('VAULT_ADDR')
        if not url:
            raise AnsibleError('VAULT_ADDR environment variable is missing')

剧本:

---
- hosts: localhost
  vars:
    vault1_env:
      VAULT_ADDR: https://localhost:8200/
      VAULT_TOKEN: my-token-id
      VAULT_SKIP_VERIFY: True

  tasks:
     - shell: echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY
       environment: "{{ vault1_env }}"
       register: shellout
     - debug: var=shellout
     - debug: msg="{{ lookup('vault', 'secret/hello', 'value') }}"

输出:

PLAY ***************************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [command] *****************************************************************
changed: [localhost]

TASK [debug] *******************************************************************
ok: [localhost] => {
    "shellout": {
        "changed": true, 
        "cmd": "echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY", 
        "delta": "0:00:00.001268", 
        "end": "2016-05-17 15:46:34.144735", 
        "rc": 0, 
        "start": "2016-05-17 15:46:34.143467", 
        "stderr": "", 
        "stdout": "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True", 
        "stdout_lines": [
            "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True"
        ], 
        "warnings": []
    }
}

TASK [debug] *******************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "ERROR! VAULT_ADDR environment variable is missing"}

PLAY RECAP *********************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=1
4

2 回答 2

1

在这里,您只是为shell模块设置环境变量,而不是为其他模块设置环境变量。如果要跨多个模块或整个主机使用变量,则应在所有模块或主机本身上使用该environment属性,如下所示:

---
- hosts: localhost
  environment:
    VAULT_ADDR: https://localhost:8200/
    VAULT_TOKEN: my-token-id
    VAULT_SKIP_VERIFY: True
于 2016-05-17T14:15:06.910 回答
0

您为什么不使用保管库功能来加密变量文件,然后将此文件包含在您的剧本中。

http://docs.ansible.com/ansible/playbooks_vault.html#running-a-playbook-with-vault

于 2017-02-22T16:19:44.657 回答