将保险库密码传递给流浪者 ansible_local 供应商

Question

I'm using the ansible_local provisioner for my vagrant box.我正在为我的流浪盒子使用ansible_local供应商。 Some of my variables should be stored in a vault file.我的一些变量应该存储在 Vault 文件中。

While the ansible provisioner provides ask_vault_pass as configuration option ( https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass ), the ansible_local does not.虽然ask_vault_pass供应商提供ask_vault_pass作为配置选项（ https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass ），但ansible_local没有。

Is there any workaround?有什么解决方法吗？

Answer 1

You can use vault_password_file option.您可以使用vault_password_file选项。

1. echo to password file 1.回显到密码文件

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.provision :shell, inline: "echo 'password' > /tmp/vault_pass"

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.vault_password_file = "/tmp/vault_pass"
      ...
    end
  end
end

2. use `.synced_folder` 2. 使用`.synced_folder`

Create vault_pass file, like following.创建vault_pass文件，如下所示。

mkdir provision
cd provision
echo password > vault_pass

and Vagrantfile is following.和Vagrantfile正在跟进。

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.synced_folder "./provision", "/provision", id: "ansible", owner: "vagrant", group: "vagrant", mount_options: ["dmode=775,fmode=664"]

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.vault_password_file = "/provision/vault_pass"
      ...
    end
  end
end

Answer 2

I suggest another approach to sujoyu's answer by asking the user to input the vault password when provisioning.我建议另一种方法来解决 sujoyu 的问题，要求用户在配置时输入保管库密码。 Also inspired by this answer .也受到这个答案的启发。

Vagrant.configure(2) do |config|

  config.vm.box = "..."

  # Password Input Function
  class Password
    def to_s
      begin
      system 'stty -echo'
      print "Ansible Vault Password: "
      pass = URI.escape(STDIN.gets.chomp)
      ensure
      system 'stty echo'
      end
      print "\n"
      pass
    end
  end

  # Ask for vault password
  config.vm.provision "shell", env: {"VAULT_PASS" => Password.new}, inline: <<-SHELL
    echo "$VAULT_PASS" > /tmp/vault_pass
  SHELL

  # Run ansible provision
  config.vm.provision "ansible_local" do |ansible|

      ansible.playbook = "playbook.yml"
      ansible.vault_password_file = "/tmp/vault_pass"

  end

  # Delete temp vault password file
  config.vm.provision "shell", inline: <<-SHELL
    rm /tmp/vault_pass
  SHELL

end

Answer 3

for vagrant version 2.2.9 using ansible.vault_password_file was resulting in对于使用ansible.vault_password_file vagrant 版本 2.2.9 导致

vault_password_file` does not exist on the host:

use ask_vault_pass option使用ask_vault_pass选项

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.ask_vault_pass = true
      ...
    end
  end
end

将保险库密码传递给流浪者 ansible_local 供应商

问题描述

3 个解决方案

解决方案1
7 已采纳 2017-02-16 11:14:01

1. echo to password file 1.回显到密码文件

2. use `.synced_folder` 2. 使用`.synced_folder`

解决方案2
1 2018-07-07 18:58:21

解决方案3
1 2020-07-23 19:35:17

将保险库密码传递给流浪者 ansible_local 供应商

问题描述

3 个解决方案

解决方案1 7 已采纳 2017-02-16 11:14:01

1. echo to password file 1.回显到密码文件

2. use .synced_folder 2. 使用.synced_folder

解决方案2 1 2018-07-07 18:58:21

解决方案3 1 2020-07-23 19:35:17

解决方案1
7 已采纳 2017-02-16 11:14:01

2. use `.synced_folder` 2. 使用`.synced_folder`

解决方案2
1 2018-07-07 18:58:21

解决方案3
1 2020-07-23 19:35:17