如何在带有保险库的 Ansible v2 中 运行 playbook api
How to run playbook api in Ansible v2 with vault
这是我所拥有的,我知道这可以在不加密的情况下使用,我可以 运行
ansible-vault edit common.yml
和
ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt
在环境中设置
from collections import namedtuple
from ansible.parsing.dataloader import DataLoader
from ansible.vars import VariableManager
from ansible.inventory import Inventory
from ansible.playbook import Playbook
from ansible.executor.playbook_executor import PlaybookExecutor
variable_manager = VariableManager()
loader = DataLoader()
inventory = Inventory(loader=loader, variable_manager=variable_manager, host_list='playbooks/hosts')
playbook_path = 'playbooks/' + PROJECT + '.yml'
Options = namedtuple('Options', ['connection', 'forks', 'become', 'become_method', 'become_user', 'check', 'listhosts', 'listtasks', 'listtags', 'syntax', 'module_path', 'vault_password_file'])
options = Options(connection='ssh', forks=5, become=None, become_method=None, become_user=None, check=False, listhosts=False, listtasks=False, listtags=False, syntax=False, module_path="", vault_password_file=os.environ['ANSIBLE_VAULT_PASSWORD_FILE'])
variable_manager.extra_vars = {'CAP_VERSION': CAP_VERSION, 'cluster': PROJECT + '-' + ENVIRONMENT, 'environ': ENVIRONMENT, 'rpm': rpmSource, 'VRSN': ARTI_BRANCH }
passwords = {}
pbex = PlaybookExecutor(playbooks=[playbook_path], inventory=inventory, variable_manager=variable_manager, loader=loader, options=options, passwords=passwords)
results = pbex.run()
解密失败common.yml
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/ansible/ansible/lib/ansible/executor/playbook_executor.py", line 125, in run
all_vars = self._variable_manager.get_vars(loader=self._loader, play=play)
File "/opt/ansible/ansible/lib/ansible/vars/__init__.py", line 304, in get_vars
data = preprocess_vars(loader.load_from_file(vars_file))
File "/opt/ansible/ansible/lib/ansible/parsing/dataloader.py", line 119, in load_from_file
(file_data, show_content) = self._get_file_contents(file_name)
File "/opt/ansible/ansible/lib/ansible/parsing/dataloader.py", line 178, in _get_file_contents
data = self._vault.decrypt(data, filename=b_file_name)
File "/opt/ansible/ansible/lib/ansible/parsing/vault/__init__.py", line 264, in decrypt
raise AnsibleError(msg)
ansible.errors.AnsibleError: Decryption failed on /ansible/playbooks/vars/common.yml
在 ansible 2.2.2 中(不确定其他版本,因为 API 可以经常更改):
您可以在 python 脚本中手动设置密码,如下所示:
loader = DataLoader()
loader.set_vault_password('mypass')
或者您可以从保管库密码文件加载密码:
import os
loader = DataLoader()
with open('{}/.vault_pass.txt'.format(os.path.expanduser('~')), 'r') as file:
loader.set_vault_password(file.read().splitlines()[0])
您可以跳过导入 os,只需输入 .vault_pass.txt 文件的绝对路径即可。
如果您确定您的 ANSIBLE_VAULT_PASSWORD_FILE 已在环境中设置:
import os
loader = DataLoader()
with open(os.environ['ANSIBLE_VAULT_PASSWORD_FILE'], 'r') as file:
loader.set_vault_password(file.read().splitlines()[0])
这是我所拥有的,我知道这可以在不加密的情况下使用,我可以 运行
ansible-vault edit common.yml
和
ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt
在环境中设置
from collections import namedtuple
from ansible.parsing.dataloader import DataLoader
from ansible.vars import VariableManager
from ansible.inventory import Inventory
from ansible.playbook import Playbook
from ansible.executor.playbook_executor import PlaybookExecutor
variable_manager = VariableManager()
loader = DataLoader()
inventory = Inventory(loader=loader, variable_manager=variable_manager, host_list='playbooks/hosts')
playbook_path = 'playbooks/' + PROJECT + '.yml'
Options = namedtuple('Options', ['connection', 'forks', 'become', 'become_method', 'become_user', 'check', 'listhosts', 'listtasks', 'listtags', 'syntax', 'module_path', 'vault_password_file'])
options = Options(connection='ssh', forks=5, become=None, become_method=None, become_user=None, check=False, listhosts=False, listtasks=False, listtags=False, syntax=False, module_path="", vault_password_file=os.environ['ANSIBLE_VAULT_PASSWORD_FILE'])
variable_manager.extra_vars = {'CAP_VERSION': CAP_VERSION, 'cluster': PROJECT + '-' + ENVIRONMENT, 'environ': ENVIRONMENT, 'rpm': rpmSource, 'VRSN': ARTI_BRANCH }
passwords = {}
pbex = PlaybookExecutor(playbooks=[playbook_path], inventory=inventory, variable_manager=variable_manager, loader=loader, options=options, passwords=passwords)
results = pbex.run()
解密失败common.yml
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/ansible/ansible/lib/ansible/executor/playbook_executor.py", line 125, in run
all_vars = self._variable_manager.get_vars(loader=self._loader, play=play)
File "/opt/ansible/ansible/lib/ansible/vars/__init__.py", line 304, in get_vars
data = preprocess_vars(loader.load_from_file(vars_file))
File "/opt/ansible/ansible/lib/ansible/parsing/dataloader.py", line 119, in load_from_file
(file_data, show_content) = self._get_file_contents(file_name)
File "/opt/ansible/ansible/lib/ansible/parsing/dataloader.py", line 178, in _get_file_contents
data = self._vault.decrypt(data, filename=b_file_name)
File "/opt/ansible/ansible/lib/ansible/parsing/vault/__init__.py", line 264, in decrypt
raise AnsibleError(msg)
ansible.errors.AnsibleError: Decryption failed on /ansible/playbooks/vars/common.yml
在 ansible 2.2.2 中(不确定其他版本,因为 API 可以经常更改):
您可以在 python 脚本中手动设置密码,如下所示:
loader = DataLoader()
loader.set_vault_password('mypass')
或者您可以从保管库密码文件加载密码:
import os
loader = DataLoader()
with open('{}/.vault_pass.txt'.format(os.path.expanduser('~')), 'r') as file:
loader.set_vault_password(file.read().splitlines()[0])
您可以跳过导入 os,只需输入 .vault_pass.txt 文件的绝对路径即可。
如果您确定您的 ANSIBLE_VAULT_PASSWORD_FILE 已在环境中设置:
import os
loader = DataLoader()
with open(os.environ['ANSIBLE_VAULT_PASSWORD_FILE'], 'r') as file:
loader.set_vault_password(file.read().splitlines()[0])