Ansible playbook - 环境变量
[英]Ansible playbook - environment variables
问题描述
I am trying (newbie) to setup a playbook, which will use lookup plugin to fetch secrets from vault ( https://github.com/jhaals/ansible-vault ), but it will fail on missing environment variables every time. 
我正在尝试(新手)设置一个剧本,它将使用查找插件从保险库中获取秘密( https://github.com/jhaals/ansible-vault ),但每次都会丢失环境变量。 Can anyone help? 有人可以帮忙吗? Thanks for the help. 谢谢您的帮助。
PS: token is for a test purposes PS:令牌用于测试目的
There is condition in lookup module : 查找模块中有条件:
url = os.getenv('VAULT_ADDR')
if not url:
raise AnsibleError('VAULT_ADDR environment variable is missing')
Playbook: 剧本:
---
- hosts: localhost
vars:
vault1_env:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
tasks:
- shell: echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY
environment: "{{ vault1_env }}"
register: shellout
- debug: var=shellout
- debug: msg="{{ lookup('vault', 'secret/hello', 'value') }}"
output: 输出:
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [command] *****************************************************************
changed: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"shellout": {
"changed": true,
"cmd": "echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY",
"delta": "0:00:00.001268",
"end": "2016-05-17 15:46:34.144735",
"rc": 0,
"start": "2016-05-17 15:46:34.143467",
"stderr": "",
"stdout": "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True",
"stdout_lines": [
"VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True"
],
"warnings": []
}
}
TASK [debug] *******************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "ERROR! VAULT_ADDR environment variable is missing"}
PLAY RECAP *********************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=1
2 个解决方案
解决方案1
0 2016-05-17 14:15:06
Here you are only setting environmental variables for the shell module, and not for the others. 在这里,您只为shell模块设置环境变量,而不是为其他模块设置环境变量。 If you want to use variables across multiple modules, or for an entire a host, you should use the environment attribute on all of the modules, or on the host itself, something like this: 如果要在多个模块或整个主机上使用变量,则应在所有模块或主机本身上使用environment属性 ,如下所示:
---
- hosts: localhost
environment:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
解决方案2
0 2017-02-22 16:19:44
Why don't you make use of the vault feature to encrypt a variable file and then include this file in your playbook. 为什么不使用保险库功能加密变量文件,然后将此文件包含在您的剧本中。
http://docs.ansible.com/ansible/playbooks_vault.html#running-a-playbook-with-vault http://docs.ansible.com/ansible/playbooks_vault.html#running-a-playbook-with-vault
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.