[英]How to get password from ansible vault to be used as variable?
I have the following ansible role:我有以下 ansible 角色:
- name: Get latest code from repository
git:
repo: 'https://{{ username }}:{{ password }}@{{ repository }}'
dest: "{{ destination }}"
force: yes
While username
and repository
can be variables, I am puzzled over how to retrieve password
from ansible vault.虽然username
和repository
可以是变量,但我对如何从 ansible 保险库中检索password
感到困惑。 Any advice and insight is appreciated.任何建议和见解都值得赞赏。
First, create a YAML file in vars/
folder (it can be in any folder, host_vars
or group_vars
are also valid, depending of what type of variables you're keeping) containing your variables.首先,在vars/
文件夹中创建一个 YAML 文件(它可以在任何文件夹中, host_vars
或group_vars
也有效,具体取决于您保留的变量类型)包含您的变量。 Let's call it vars/git-data.yml
.我们称之为vars/git-data.yml
。 Then, encrypt it using Vault with:然后,使用 Vault 加密它:
ansible-vault encrypt vars/git-data.yml
A password will be required.将需要密码。 Remember it.记住它。
Then, you have two options for including your variables while running your playbook:然后,您有两个选项可以在运行 playbook 时包含变量:
---
- hosts: localhost
connection: local
vars_files:
- vars/git-data.yml
tasks:
- name: Print variable
ansible.builtin.debug:
msg: "{{ username }}"
ansible-playbook
:选项 B:在调用ansible-playbook
时引用它们:ansible-playbook --ask-vault-pass -e @vars/git-data.yml cloning-repository.yml
Vault's password will be asked.将询问保险柜的密码。 You can also use --vault-password-file ${file}
or ANSIBLE_VAULT_PASSWORD_FILE
environment variable indicating a password containing a password file.您还可以使用--vault-password-file ${file}
或ANSIBLE_VAULT_PASSWORD_FILE
环境变量来指示包含密码文件的密码。
Best regards.此致。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.