0

我需要用 curl 解析一个名为 keys_base64 的 JSON 属性。我只能选择使用 Ansible 的原始模块来完成此操作。这是因为网络相关问题。我尝试了许多不同的方法,但迷路了。我怎样才能让它工作?

更新:找到答案

原帖

** JSON 键示例对象 **

{"keys":["tony_01","tony_02","tony_03"],"keys_base64": 
["dG9ueV8wMQ==","dG9ueV8wMg==","dG9ueV8wMw=="],"root_token":"6c03bbce-eb8a-0af0-4e37-77e3a647d41d"}

** unseal.json **

{ "key": {{ item }} }

** 剧本**

- name: "Unseal Vault OCS"
  remote_user: Tony
  raw: curl -k -d@"{{ lookup('template','templates/unseal.json') }} https://{{ vault_ocs_pod_ip }}:8200/v1/sys/unseal"
  delegate_to: 10.x.x.10
  with_items: "{{ (vault_ocs_unseal_keys.stdout | from_json)['keys_base64'] }}"
  register: vault_ocs_unseal_result

playbook 变量“vault_ocs_unseal_keys”包含 JSON 对象。

**剧本输出**

<10.x.x.10> ESTABLISH SSH CONNECTION FOR USER: quattro
<10.x.x.10> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=tony -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/%h-%r -tt 10.x.x.10 'curl -k -d - "{
  "key": gB2ZTK2V9Ch/9rOTenpz06u+p7t9qp5uKXEjqeCREEAZ
}
 https://10.x.x.98:8200/v1/sys/unseal"'
<10.x.x.10> (3, 'curl: (3) Illegal characters found in URL\r\n', 'Shared 
connection to 10.x.x.10 closed.\r\n')
failed: [localhost -> 10.x.x.10] 
(item=gB2ZTK2V9Ch/9rOTenpz06u+p7t9qp5uKXEjqeCREEAZ) => {
"changed": true,
"item": "gB2ZTK2V9Ch/9rOTenpz06u+p7t9qp5uKXEjqeCREEAZ",
"rc": 3

}

STDOUT:

curl: (3) Illegal characters found in URL

STDERR:

Shared connection to 10.x.x.10 closed.

MSG:

non-zero return code
4

2 回答 2

0

这对我有用。使用不带@ 的 curl 命令,如前所述,它用于读取文件。我使用了run_once。查找插件执行循环。它需要在 keys_base64 属性中找到的密钥来为每个密钥申请 API 调用。伟大的!

****工作代码****

- name: "Unseal Vault OCS"
  remote_user: tony
  raw: "curl -k -d '{{ lookup('template','unseal.json') | to_json }}' https://10.x.x.1:8200/v1/sys/unseal"
  with_items: "{{ (vault_ocs_unseal_keys.stdout | from_json)['keys_base64'] | list }}"
  delegate_to: 10.x.x.2
  run_once: true
  register: vault_ocs_unseal_keys_result
于 2018-05-25T23:17:17.587 回答
0

我在该任务中发现了两个问题:

  1. 在 curl 中,@ 用于读取文件。当您在 Ansible 中使用查找功能时,您在该命令中插入内容,无需读取文件。

  2. 双引号应该限制 JSON 数据,不包括 URL

这是对我有用的代码。也许它与我硬编码的 JSON 数据不同:

- name: "Unseal Vault OCS"
  raw: curl -k -d "{{ lookup('template','unseal.json') }}" https://10.x.x.10/v1/sys/unseal
  with_items:
    - {"keys":["tony_01","tony_02","tony_03"],"keys_base64": ["dG9ueV8wMQ==","dG9ueV8wMg==","dG9ueV8wMw=="],"root_token":"6c03bbce-eb8a-0af0-4e37-77e3a647d41d"}
  register: vault_ocs_unseal_result
于 2018-05-25T11:12:50.913 回答