[英]Ansible playbook - environment variables
I am trying (newbie) to setup a playbook, which will use lookup plugin to fetch secrets from vault ( https://github.com/jhaals/ansible-vault ), but it will fail on missing environment variables every time. 我正在尝试(新手)设置一个剧本,它将使用查找插件从保险库中获取秘密( https://github.com/jhaals/ansible-vault ),但每次都会丢失环境变量。 Can anyone help?
有人可以帮忙吗? Thanks for the help.
谢谢您的帮助。
PS: token is for a test purposes PS:令牌用于测试目的
There is condition in lookup module : 查找模块中有条件:
url = os.getenv('VAULT_ADDR')
if not url:
raise AnsibleError('VAULT_ADDR environment variable is missing')
Playbook: 剧本:
---
- hosts: localhost
vars:
vault1_env:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
tasks:
- shell: echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY
environment: "{{ vault1_env }}"
register: shellout
- debug: var=shellout
- debug: msg="{{ lookup('vault', 'secret/hello', 'value') }}"
output: 输出:
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [command] *****************************************************************
changed: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"shellout": {
"changed": true,
"cmd": "echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY",
"delta": "0:00:00.001268",
"end": "2016-05-17 15:46:34.144735",
"rc": 0,
"start": "2016-05-17 15:46:34.143467",
"stderr": "",
"stdout": "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True",
"stdout_lines": [
"VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True"
],
"warnings": []
}
}
TASK [debug] *******************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "ERROR! VAULT_ADDR environment variable is missing"}
PLAY RECAP *********************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=1
Here you are only setting environmental variables for the shell
module, and not for the others. 在这里,您只为
shell
模块设置环境变量,而不是为其他模块设置环境变量。 If you want to use variables across multiple modules, or for an entire a host, you should use the environment
attribute on all of the modules, or on the host itself, something like this: 如果要在多个模块或整个主机上使用变量,则应在所有模块或主机本身上使用
environment
属性 ,如下所示:
---
- hosts: localhost
environment:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
Why don't you make use of the vault feature to encrypt a variable file and then include this file in your playbook. 为什么不使用保险库功能加密变量文件,然后将此文件包含在您的剧本中。
http://docs.ansible.com/ansible/playbooks_vault.html#running-a-playbook-with-vault http://docs.ansible.com/ansible/playbooks_vault.html#running-a-playbook-with-vault
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.