将保管库密码传递给 vagrants ansible_local provisioner

Pass vault password to vagrants ansible_local provisioner

我正在为我的 vagrant box 使用 ansible_local 配置器。我的一些变量应该存储在保险库文件中。

虽然 ansible provisioner 提供 ask_vault_pass 作为配置选项 (https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass),但 ansible_local 没有。

有什么解决办法吗?

您可以使用 vault_password_file 选项。

1。回显到密码文件

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.provision :shell, inline: "echo 'password' > /tmp/vault_pass"

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.vault_password_file = "/tmp/vault_pass"
      ...
    end
  end
end

2。使用 .synced_folder

创建 vault_pass 文件,如下所示。

mkdir provision
cd provision
echo password > vault_pass

Vagrantfile 正在关注。

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.synced_folder "./provision", "/provision", id: "ansible", owner: "vagrant", group: "vagrant", mount_options: ["dmode=775,fmode=664"]

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.vault_password_file = "/provision/vault_pass"
      ...
    end
  end
end

我建议 sujoyu 回答的另一种方法是要求用户在配置时输入保管库密码。也受此启发 answer.

Vagrant.configure(2) do |config|

  config.vm.box = "..."

  # Password Input Function
  class Password
    def to_s
      begin
      system 'stty -echo'
      print "Ansible Vault Password: "
      pass = URI.escape(STDIN.gets.chomp)
      ensure
      system 'stty echo'
      end
      print "\n"
      pass
    end
  end

  # Ask for vault password
  config.vm.provision "shell", env: {"VAULT_PASS" => Password.new}, inline: <<-SHELL
    echo "$VAULT_PASS" > /tmp/vault_pass
  SHELL

  # Run ansible provision
  config.vm.provision "ansible_local" do |ansible|

      ansible.playbook = "playbook.yml"
      ansible.vault_password_file = "/tmp/vault_pass"

  end

  # Delete temp vault password file
  config.vm.provision "shell", inline: <<-SHELL
    rm /tmp/vault_pass
  SHELL

end

对于 vagrant 版本 2.2.9 使用 ansible.vault_password_file 导致

vault_password_file` does not exist on the host: 

使用ask_vault_pass选项

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.ask_vault_pass = true
      ...
    end
  end
end