Fatal编程技术网
  • ansible/
  • Ansible剧本-环境变量

Ansible剧本-环境变量

ansible

Ansible剧本-环境变量,ansible,ansible-vault,Ansible,Ansible Vault,我正在尝试(新手)设置一个playbook,它将使用lookup插件从vault()获取机密,但每次都会因为缺少环境变量而失败。有人能帮忙吗?谢谢你的帮助 PS:令牌用于测试目的 查找模块中存在以下条件: url = os.getenv('VAULT_ADDR') if not url: raise AnsibleError('VAULT_ADDR environment variable is missing') 剧本: --- - hosts: lo

我正在尝试(新手)设置一个playbook,它将使用lookup插件从vault()获取机密,但每次都会因为缺少环境变量而失败。有人能帮忙吗?谢谢你的帮助

PS:令牌用于测试目的

查找模块中存在以下条件:

url = os.getenv('VAULT_ADDR')
        if not url:
            raise AnsibleError('VAULT_ADDR environment variable is missing')
剧本:

---
- hosts: localhost
  vars:
    vault1_env:
      VAULT_ADDR: https://localhost:8200/
      VAULT_TOKEN: my-token-id
      VAULT_SKIP_VERIFY: True

  tasks:
     - shell: echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY
       environment: "{{ vault1_env }}"
       register: shellout
     - debug: var=shellout
     - debug: msg="{{ lookup('vault', 'secret/hello', 'value') }}"
输出:

PLAY ***************************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [command] *****************************************************************
changed: [localhost]

TASK [debug] *******************************************************************
ok: [localhost] => {
    "shellout": {
        "changed": true, 
        "cmd": "echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY", 
        "delta": "0:00:00.001268", 
        "end": "2016-05-17 15:46:34.144735", 
        "rc": 0, 
        "start": "2016-05-17 15:46:34.143467", 
        "stderr": "", 
        "stdout": "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True", 
        "stdout_lines": [
            "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True"
        ], 
        "warnings": []
    }
}

TASK [debug] *******************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "ERROR! VAULT_ADDR environment variable is missing"}

PLAY RECAP *********************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=1
这里只为
shell
模块设置环境变量,不为其他模块设置环境变量。如果要在多个模块或整个主机上使用变量,则应在所有模块上或主机本身上使用以下内容:

---
- hosts: localhost
  environment:
    VAULT_ADDR: https://localhost:8200/
    VAULT_TOKEN: my-token-id
    VAULT_SKIP_VERIFY: True
为什么不使用vault功能对变量文件进行加密,然后将该文件包含在剧本中

这也不起作用<代码>--主机:本地主机变量:VAULT 1\u环境:VAULT\u地址:https://localhost:8200/ VAULT\u令牌:我的令牌id VAULT\u SKIP\u验证:True任务:-shell:echo VAULT\u ADDR是$VAULT\u ADDR,VAULT\u令牌是$VAULT\u令牌,VAULT\u SKIP\u验证是$VAULT\u SKIP\u验证环境:“{{VAULT 1\u env}”register:shellout-debug:var=shellout-debug:msg=“{lookup('vault','secret/hello','value')}”环境:“{{vault1_env}}”@MUHAHA刚刚看到您的插件是一个查找模块。这些模块在本地上下文中运行,我不确定您是否可以从ansible重写它。您可以做的一件事是从ansible中调用ansible并预先设置环境变量。或者按照模块的建议,将env变量导出到ansible之外。您可能还希望使用developerR提交一个票证,您可以在其中设置模块上的变量(尽管它不是一个查找插件)