将保管库密码传递给 vagrants ansible_local provisioner
Pass vault password to vagrants ansible_local provisioner
我正在为我的 vagrant box 使用 ansible_local 配置器。我的一些变量应该存储在保险库文件中。
虽然 ansible provisioner 提供 ask_vault_pass 作为配置选项 (https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass),但 ansible_local 没有。
有什么解决办法吗?
您可以使用 vault_password_file 选项。
1。回显到密码文件
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.provision :shell, inline: "echo 'password' > /tmp/vault_pass"
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.vault_password_file = "/tmp/vault_pass"
...
end
end
end
2。使用 .synced_folder
创建 vault_pass 文件,如下所示。
mkdir provision
cd provision
echo password > vault_pass
Vagrantfile 正在关注。
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.synced_folder "./provision", "/provision", id: "ansible", owner: "vagrant", group: "vagrant", mount_options: ["dmode=775,fmode=664"]
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.vault_password_file = "/provision/vault_pass"
...
end
end
end
我建议 sujoyu 回答的另一种方法是要求用户在配置时输入保管库密码。也受此启发 answer.
Vagrant.configure(2) do |config|
config.vm.box = "..."
# Password Input Function
class Password
def to_s
begin
system 'stty -echo'
print "Ansible Vault Password: "
pass = URI.escape(STDIN.gets.chomp)
ensure
system 'stty echo'
end
print "\n"
pass
end
end
# Ask for vault password
config.vm.provision "shell", env: {"VAULT_PASS" => Password.new}, inline: <<-SHELL
echo "$VAULT_PASS" > /tmp/vault_pass
SHELL
# Run ansible provision
config.vm.provision "ansible_local" do |ansible|
ansible.playbook = "playbook.yml"
ansible.vault_password_file = "/tmp/vault_pass"
end
# Delete temp vault password file
config.vm.provision "shell", inline: <<-SHELL
rm /tmp/vault_pass
SHELL
end
对于 vagrant 版本 2.2.9 使用 ansible.vault_password_file 导致
vault_password_file` does not exist on the host:
使用ask_vault_pass选项
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.ask_vault_pass = true
...
end
end
end
我正在为我的 vagrant box 使用 ansible_local 配置器。我的一些变量应该存储在保险库文件中。
虽然 ansible provisioner 提供 ask_vault_pass 作为配置选项 (https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass),但 ansible_local 没有。
有什么解决办法吗?
您可以使用 vault_password_file 选项。
1。回显到密码文件
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.provision :shell, inline: "echo 'password' > /tmp/vault_pass"
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.vault_password_file = "/tmp/vault_pass"
...
end
end
end
2。使用 .synced_folder
创建 vault_pass 文件,如下所示。
mkdir provision
cd provision
echo password > vault_pass
Vagrantfile 正在关注。
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.synced_folder "./provision", "/provision", id: "ansible", owner: "vagrant", group: "vagrant", mount_options: ["dmode=775,fmode=664"]
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.vault_password_file = "/provision/vault_pass"
...
end
end
end
我建议 sujoyu 回答的另一种方法是要求用户在配置时输入保管库密码。也受此启发 answer.
Vagrant.configure(2) do |config|
config.vm.box = "..."
# Password Input Function
class Password
def to_s
begin
system 'stty -echo'
print "Ansible Vault Password: "
pass = URI.escape(STDIN.gets.chomp)
ensure
system 'stty echo'
end
print "\n"
pass
end
end
# Ask for vault password
config.vm.provision "shell", env: {"VAULT_PASS" => Password.new}, inline: <<-SHELL
echo "$VAULT_PASS" > /tmp/vault_pass
SHELL
# Run ansible provision
config.vm.provision "ansible_local" do |ansible|
ansible.playbook = "playbook.yml"
ansible.vault_password_file = "/tmp/vault_pass"
end
# Delete temp vault password file
config.vm.provision "shell", inline: <<-SHELL
rm /tmp/vault_pass
SHELL
end
对于 vagrant 版本 2.2.9 使用 ansible.vault_password_file 导致
vault_password_file` does not exist on the host:
使用ask_vault_pass选项
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.ask_vault_pass = true
...
end
end
end