Ansible剧本-环境变量
我正在尝试(新手)设置一个playbook,它将使用lookup插件从vault()获取机密,但每次都会因为缺少环境变量而失败。有人能帮忙吗?谢谢你的帮助 PS:令牌用于测试目的 查找模块中存在以下条件:Ansible剧本-环境变量,ansible,ansible-vault,Ansible,Ansible Vault,我正在尝试(新手)设置一个playbook,它将使用lookup插件从vault()获取机密,但每次都会因为缺少环境变量而失败。有人能帮忙吗?谢谢你的帮助 PS:令牌用于测试目的 查找模块中存在以下条件: url = os.getenv('VAULT_ADDR') if not url: raise AnsibleError('VAULT_ADDR environment variable is missing') 剧本: --- - hosts: lo
url = os.getenv('VAULT_ADDR')
if not url:
raise AnsibleError('VAULT_ADDR environment variable is missing')
剧本:
---
- hosts: localhost
vars:
vault1_env:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
tasks:
- shell: echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY
environment: "{{ vault1_env }}"
register: shellout
- debug: var=shellout
- debug: msg="{{ lookup('vault', 'secret/hello', 'value') }}"
输出:
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [command] *****************************************************************
changed: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"shellout": {
"changed": true,
"cmd": "echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY",
"delta": "0:00:00.001268",
"end": "2016-05-17 15:46:34.144735",
"rc": 0,
"start": "2016-05-17 15:46:34.143467",
"stderr": "",
"stdout": "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True",
"stdout_lines": [
"VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True"
],
"warnings": []
}
}
TASK [debug] *******************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "ERROR! VAULT_ADDR environment variable is missing"}
PLAY RECAP *********************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=1
这里只为
shell
模块设置环境变量,不为其他模块设置环境变量。如果要在多个模块或整个主机上使用变量,则应在所有模块上或主机本身上使用以下内容:
---
- hosts: localhost
environment:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
为什么不使用vault功能对变量文件进行加密,然后将该文件包含在剧本中
这也不起作用<代码>--主机:本地主机变量:VAULT 1\u环境:VAULT\u地址:https://localhost:8200/ VAULT\u令牌:我的令牌id VAULT\u SKIP\u验证:True任务:-shell:echo VAULT\u ADDR是$VAULT\u ADDR,VAULT\u令牌是$VAULT\u令牌,VAULT\u SKIP\u验证是$VAULT\u SKIP\u验证环境:“{{VAULT 1\u env}”register:shellout-debug:var=shellout-debug:msg=“{lookup('vault','secret/hello','value')}”环境:“{{vault1_env}}”@MUHAHA刚刚看到您的插件是一个查找模块。这些模块在本地上下文中运行,我不确定您是否可以从ansible重写它。您可以做的一件事是从ansible中调用ansible并预先设置环境变量。或者按照模块的建议,将env变量导出到ansible之外。您可能还希望使用developerR提交一个票证,您可以在其中设置模块上的变量(尽管它不是一个查找插件)