13

我试图了解如何使用 Vault 加密单个变量。首先我用 加密字符串ansible-vault encrypt_string -n -p,然后将输出写入我的剧本。当我执行剧本时,它说解密的字符串不是 JSON 可序列化的。

加密字符串:"inline_name" 我也用inline_nameand尝试过inlinename,每次都得到相同的结果。

我的剧本:

---
- name: Build System

  hosts: dev

  tasks:
  - name: Create 
    mysql_db:
      state: present
      name: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39613261386438623937643062636166663638633062323939343734306334346537613233623064
          3761633832326365356231633338396132646532313861350a316666376566616633376238313636
          39343833306462323534623238333639663734626662623731666239366566643636386261643164
          3861363730336331660a316165633232323732633364346636363764623639356562336536636136
          6364
      login_host: "{{ mysql_host }}"
      login_user: "{{ mysql_user }}"
      login_password: "{{ mysql_pass }}"
  - name: Check if can access plain text vars
    debug:
      msg: "{{ my_plain_txt }}"

错误信息:

An exception occurred during task execution. To see the full traceback, use -vvv. 
The error was: TypeError: u'"inline_name"' is not JSON serializable
fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "Unexpected failure during module execution.", "stdout": ""}
4

3 回答 3

19

添加任务级变量:

  - name: Create 
    mysql_db:
      state: present
      name: "{{ mysql_name }}"
      login_host: "{{ mysql_host }}"
      login_user: "{{ mysql_user }}"
      login_password: "{{ mysql_pass }}"
    vars:
      mysql_name: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39613261386438623937643062636166663638633062323939343734306334346537613233623064
          3761633832326365356231633338396132646532313861350a316666376566616633376238313636
          39343833306462323534623238333639663734626662623731666239366566643636386261643164
          3861363730336331660a316165633232323732633364346636363764623639356562336536636136
          6364
于 2017-11-30T07:11:04.180 回答
0

双引号可以解释这个错误,但不适用于我。查看整个错误/警告以查看尝试解析 json 的内容。在我的情况下......

[警告]:在回调插件 () 中使用方法 (v2_runner_on_ok) 失败:u'secret_value' 不是 JSON 可序列化的

一个较旧的 AWX 回调插件名为 json.load 并以纯文本形式记录警告和机密信息。它需要升级。

于 2019-01-23T18:54:44.087 回答
0

我已经实现了使用邮件模块发送电子邮件的相同方法,并且它按预期工作。

ansible-vault encrypt_string yourgmailapppassword --name gmail_password

使用上述方法使用 ansible vault string 选项加密 gmail 应用程序密码,并将加密变量定义到 playbook 中。

cat fetch-users-deatils.yml

    - name: Linux servers user audit report preparation
      hosts: "{{ HOSTS }}"
      roles:
        - user-collections
    
    - name: Refreshing user Dashboard & sending email from localhost
      hosts: localhost
      become: false
      vars:
       - gmail_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              62613232383962323430633831113465356231563163366235353034393230656331663436646233
              3266353862303738303737383530313664356135336661390a336562613436626665333833323030
              61393135643433313930643337363465343332353716333831222766376137396430426361663633
              6233313433633231320a663435636230636431643731333166366435346564316331323361633566
              38622138392437888466666535323432653034323936353961646233613437343831
      tasks:
        - name: Collecting the user details information and recreating the users dashboard
          script: dashboard_user.sh
          tags: user_dashboard
    
    
        - name: User Audit data output file stored on below location
          debug:
            msg:
             /tmp/user_collection/user_details.csv
    
        - name: 'Sending Ansible users report email'
          mail:
            host: smtp.gmail.com
            subtype: html
            port: 587
            password: "{{ gmail_password }}"
            to: abcdefghijkl@gmail.com
            from: abcdefghijkl@gmail.com
            username: abcdefghijkl@gmail.com
            subject: User details report
            attach: /tmp/user_collection/user_details.csv
            body: <pre> {{ lookup('file', '/tmp/user_collection/user_details.csv') }} </pre>
          delegate_to: localhost

下面是ansible playbook执行命令

ansible-playbook fetch-users-deatils.yml -e "HOSTS=all" --ask-vault-pass
于 2020-07-03T12:45:57.297 回答