4

出于自动化测试的目的,我想在执行 ansible-playbook 时禁用保险库,以便在测试中覆盖加密变量。

我见过--ask-vault-pass但不是相反的 ie--no-vault-pass或类似的。

ansible设置没有指定环境变量来执行此操作。

4

2 回答 2

2

也许您正在寻找按环境划分的结构,如下所示:

├── ansible.cfg               # check below.
├── inventories               # directory to group all hosts and variables.
│   ├── production            # "environment" directory as we discussed before.
│   │   ├── group_vars
│   │   │   ├── appserver
│   │   │   │   ├── vars.yml
│   │   │   │   └── vault.yml # encrypted sensitive data.
│   │   │   └── proxyserver
│   │   │       ├── vars.yml
│   │   │       └── vault.yml
│   │   └── inventory
│   ├── staging
│   │   ├── group_vars
│   │   │   ├── appserver
│   │   │   │   ├── vars.yml
│   │   │   │   └── vault.yml # encrypted sensitive data.
│   │   │   └── proxyserver
│   │   │       ├── vars.yml
│   │   │       └── vault.yml
│   │   └── inventory
│   └── development
│       ├── group_vars
│       │   ├── appserver
│       │   │   └── vars.yml  # no need to encrypt for local development.
│       │   └── proxyserver
│       │       └── vars.yml
│       └── inventory
├── site.yml
├── books                     # group all the playbooks under same directory.
│   ├── appserver.yml
│   └── proxyserver.yml
├── roles
│   └── app
└── roles.galaxy              # separate contributed roles
    └── author.proxy

在此处继续: https ://steyeu.co/posts/ansible-project-layout-for-multistage-environments-based-on-best-practice/#the-suggested-way

于 2019-05-06T13:39:56.423 回答
1

您可以为您的测试创建一个特殊的配置文件,其中故意排除 vault 信息,并告诉 ansible 在运行您的测试 playbook 时使用此配置文件:

ANSIBLE_CONFIG=/my/special.cfg ansible-playbook testplaybook.yml
于 2019-05-06T13:31:32.423 回答