[英]Pass vault password to vagrants ansible_local provisioner
I'm using the ansible_local
provisioner for my vagrant box.我正在为我的流浪盒子使用ansible_local
供应商。 Some of my variables should be stored in a vault file.我的一些变量应该存储在 Vault 文件中。
While the ansible provisioner provides ask_vault_pass
as configuration option ( https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass ), the ansible_local
does not.虽然ask_vault_pass
供应商提供ask_vault_pass
作为配置选项( https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass ),但ansible_local
没有。
Is there any workaround?有什么解决方法吗?
You can use vault_password_file
option.您可以使用vault_password_file
选项。
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.provision :shell, inline: "echo 'password' > /tmp/vault_pass"
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.vault_password_file = "/tmp/vault_pass"
...
end
end
end
.synced_folder
2. 使用.synced_folder
Create vault_pass
file, like following.创建vault_pass
文件,如下所示。
mkdir provision
cd provision
echo password > vault_pass
and Vagrantfile
is following.和Vagrantfile
正在跟进。
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.synced_folder "./provision", "/provision", id: "ansible", owner: "vagrant", group: "vagrant", mount_options: ["dmode=775,fmode=664"]
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.vault_password_file = "/provision/vault_pass"
...
end
end
end
I suggest another approach to sujoyu's answer by asking the user to input the vault password when provisioning.我建议另一种方法来解决 sujoyu 的问题,要求用户在配置时输入保管库密码。 Also inspired by this answer .也受到这个答案的启发。
Vagrant.configure(2) do |config|
config.vm.box = "..."
# Password Input Function
class Password
def to_s
begin
system 'stty -echo'
print "Ansible Vault Password: "
pass = URI.escape(STDIN.gets.chomp)
ensure
system 'stty echo'
end
print "\n"
pass
end
end
# Ask for vault password
config.vm.provision "shell", env: {"VAULT_PASS" => Password.new}, inline: <<-SHELL
echo "$VAULT_PASS" > /tmp/vault_pass
SHELL
# Run ansible provision
config.vm.provision "ansible_local" do |ansible|
ansible.playbook = "playbook.yml"
ansible.vault_password_file = "/tmp/vault_pass"
end
# Delete temp vault password file
config.vm.provision "shell", inline: <<-SHELL
rm /tmp/vault_pass
SHELL
end
for vagrant version 2.2.9 using ansible.vault_password_file
was resulting in对于使用ansible.vault_password_file
vagrant 版本 2.2.9 导致
vault_password_file` does not exist on the host:
use ask_vault_pass option使用ask_vault_pass选项
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.ask_vault_pass = true
...
end
end
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.