1

我正在使用这个角色来安装google-cloud-sdk. 有一个带有名称的任务Activate service account,它使用 ansible 过滤器from_json从 GCE 服务帐户密钥中获取数据。

由于在 git repo 中存储敏感数据不是一个好方法,我auth.json用下一个命令加密了我的文件(首先使它成为单行):

awk -v RS= '{$1=$1}1' ./auth.json |ansible-vault encrypt_string --stdin-name gcloud_key

具体问题或错误:

但是,我在运行分子测试时遇到了下一个错误:

"msg": "Unexpected templating type error occurred on (CLOUDSDK_PYTHON_SITEPACKAGES=1 gcloud auth activate-service-account {{ gcloud_key | from_json | json_query('client_email') }} --key-file {{ __gcloud_temp_key.path }}): expected string or buffer"

我已经加密了该文件并尝试将其路径放入gcloud_key变量值,但得到:

the field 'args' has an invalid value ([u'gcloud:config', u'gcloud', u'gcloud:config']), and could not be converted to an dict.The error was: No JSON object could be decoded

添加加密文件内容作为变量值也会导致No JSON object could be decoded

期望的行为:

Playbook 应该解码 Vault 变量并将from_json其作为 JSON 获取。

重现所需的最短代码:

(保险库密码是123456,放在里面./vpass

auth.json文件内容为:

{ "type": "service_account", "project_id": "test-project-id", "private_key_id": "b56d5cb56d5ceef90eb56d5cb56d5c2aa0c047cb56d5c949eea", "private_key": "-----BEGIN PRIVATE KEY-----\nMIEvgIDfGZtFRhg+ZVb\n-----END PRIVATE KEY-----\n", "client_email": "user@test-project-id.iam.gserviceaccount.com", "client_id": "56454677288787963561849", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/user%40test-project-id.iam.gserviceaccount.com" }

您可以使用以下方法测试它是否是有效的 JSON:

cat ./auth.json |jq -e

对其进行加密的命令是:

cat auth.json |ansible-vault encrypt_string --stdin-name gcloud_key

将 next 放入main.yml项目根目录的文件中:

---
- hosts: all
  become_user: root
  become_method: sudo
  vars:
    gcloud_key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          31373834643439636535333563336430366434313533653632616565383531356562356263383634
          6565356238306161623164643035343930323766643465630a323131306634373831353139626230
          63613937656336346130343938656166396236313637633538326662346532373637313763326139
          6431623334373565310a376635383336613237656635316437646436306664316436396231333764
          61613834336635303438643261346666366139346332313933643962343663616338633735333335
          30313639643064336461333365326366303931313165613963666533356539636538643139663631
          65323235393134326361383664613362626238663365643064363664356436303033343663653361
          61383739346263636339356462646432633634623130646432333230323534663639653663343232
          39363963613532613035653666393533656661303832316339323936313632316630333430656565
          66643130333738623464373437373634646664323363313239323532623434366537343835643961
          32616461373262623137316664316661353337643065386635623364623066656662626162376534
          32623530613866646161303430383066386335346538316139333238613737633337356434346261
          63613061313532633032663334626462623962386130663631666366306130643837636266323035
          65366434393133303566616639333466356666613935353961373534343161353639653461636265
          66333333383531333338326538666561353937376562306266386365643764353031616462323938
          32316339386162393330646136306635343735393862333238303532393532633061616236633238
          37326231376264313238303166383662663930326630363561623436616362306236623730306263
          36396365613862323461656134613130373564383731333430303630333831656639666166663065
          64666138306134626165643736303165646436343864636165313631343234313361666433396637
          61346536316531346631363437316463626530346236336439633564653439313562323064343031
          63336531303032353830393232646436333537353433396464386138383232386636656535323966
          36636436363131383636363466386333373334383639353933353366303236356463626538376561
          63343339666238333061613332393263333832333634383431653930346362653839386633363734
          61353465393037343139646263383134346139353635616534613761363934343165343132613066
          63366564353164656436646463343637663234303566306633383434356562666661353331643334
          33303263633863613232643730306166373264643731626663343061373166383362643637353735
          63306535333163643434336134393932613537363965343235363164396339346136643739333630
          34303561336331323465383061316539316262643762646139303838623638376665316639313833
          62613334363434663365303966633537303335663063303933643931393963396437623135626332
          35336666393137666439313639343632343665366437343933383762653465656134333761616264
          61316165303962326537313836663935356439393633353838373031386265323263623530366135
          39386237666537623730303533373630313233356536356466623361393165373762643335356133
          64383636633631636132303830376261313565303539353830363562326435643164383836353338
          64346434613663383539633931316630653435306339306338633136623230643538383737396634
          38393963336238643861653162353066306531383166633266383661653762313536333430626434
          39396662366533333839663539633735303730373862393865386436616532623062356132666131
          3263


  tasks:
    - name: Install gcloud
      include_role:
        name: leucos.gcloud

使用此requirements.yml内容:

- src: https://github.com/leucos/ansible-gcloud.git
  name: leucos.gcloud
  version: 3.0.0

这个ansible.cfg内容:

[defaults]
vault_password_file = ./vpass

使用此命令运行测试:

ansible-galaxy install -r requirements.yml
export ansible_ssh_private_key_file=/ssh/key/path
ansible-playbook -i HOST_IP, -u $(whoami) -k main.yml

我究竟做错了什么?提前致谢。

4

0 回答 0