如何从 ansible 保险库获取密码以用作变量?
[英]How to get password from ansible vault to be used as variable?
问题描述
I have the following ansible role:
我有以下 ansible 角色:
- name: Get latest code from repository
git:
repo: 'https://{{ username }}:{{ password }}@{{ repository }}'
dest: "{{ destination }}"
force: yes
While username and repository can be variables, I am puzzled over how to retrieve password from ansible vault.虽然username和repository可以是变量,但我对如何从 ansible 保险库中检索password感到困惑。 Any advice and insight is appreciated.任何建议和见解都值得赞赏。
1 个解决方案
解决方案1
0 已采纳 2021-04-22 10:57:53
First, create a YAML file in vars/ folder (it can be in any folder, host_vars or group_vars are also valid, depending of what type of variables you're keeping) containing your variables.首先,在vars/文件夹中创建一个 YAML 文件(它可以在任何文件夹中, host_vars或group_vars也有效,具体取决于您保留的变量类型)包含您的变量。 Let's call it vars/git-data.yml .我们称之为vars/git-data.yml 。 Then, encrypt it using Vault with:然后,使用 Vault 加密它:
ansible-vault encrypt vars/git-data.yml
A password will be required.将需要密码。 Remember it.记住它。
Then, you have two options for including your variables while running your playbook:然后,您有两个选项可以在运行 playbook 时包含变量:
- Option A: Including them in your playbook:选项 A:将它们包含在您的剧本中:
---
- hosts: localhost
connection: local
vars_files:
- vars/git-data.yml
tasks:
- name: Print variable
ansible.builtin.debug:
msg: "{{ username }}"
- Option B: Referring them while you call
ansible-playbook:选项 B:在调用ansible-playbook时引用它们:
ansible-playbook --ask-vault-pass -e @vars/git-data.yml cloning-repository.yml
Vault's password will be asked.将询问保险柜的密码。 You can also use --vault-password-file ${file} or ANSIBLE_VAULT_PASSWORD_FILE environment variable indicating a password containing a password file.您还可以使用--vault-password-file ${file}或ANSIBLE_VAULT_PASSWORD_FILE环境变量来指示包含密码文件的密码。
Best regards.此致。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.