内联加密变量不是 JSON 可序列化
Inline encrypted variable not JSON serializable
我正在尝试了解如何使用保险库加密单个变量。首先,我用 ansible-vault encrypt_string -n -p 加密字符串,然后将输出写入我的剧本。当我执行剧本时,它说解密的字符串不是 JSON 可序列化的。
加密字符串:"inline_name"
我也用 inline_name 和 inlinename 尝试过,每次都得到相同的结果。
我的剧本:
---
- name: Build System
hosts: dev
tasks:
- name: Create
mysql_db:
state: present
name: !vault |
$ANSIBLE_VAULT;1.1;AES256
39613261386438623937643062636166663638633062323939343734306334346537613233623064
3761633832326365356231633338396132646532313861350a316666376566616633376238313636
39343833306462323534623238333639663734626662623731666239366566643636386261643164
3861363730336331660a316165633232323732633364346636363764623639356562336536636136
6364
login_host: "{{ mysql_host }}"
login_user: "{{ mysql_user }}"
login_password: "{{ mysql_pass }}"
- name: Check if can access plain text vars
debug:
msg: "{{ my_plain_txt }}"
错误信息:
An exception occurred during task execution. To see the full traceback, use -vvv.
The error was: TypeError: u'"inline_name"' is not JSON serializable
fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "Unexpected failure during module execution.", "stdout": ""}
添加任务级变量:
- name: Create
mysql_db:
state: present
name: "{{ mysql_name }}"
login_host: "{{ mysql_host }}"
login_user: "{{ mysql_user }}"
login_password: "{{ mysql_pass }}"
vars:
mysql_name: !vault |
$ANSIBLE_VAULT;1.1;AES256
39613261386438623937643062636166663638633062323939343734306334346537613233623064
3761633832326365356231633338396132646532313861350a316666376566616633376238313636
39343833306462323534623238333639663734626662623731666239366566643636386261643164
3861363730336331660a316165633232323732633364346636363764623639356562336536636136
6364
双引号可以解释这个错误,但不适合我。查看整个 error/warning 以查看正在尝试解析的内容 json。就我而言....
[警告]:在回调插件中使用方法 (v2_runner_on_ok) 失败
(): u'secret_value' 不是 JSON 可序列化的
一个名为 json.load 的较旧的 AWX 回调插件,并以纯文本形式记录警告和秘密。它需要升级。
我已经实现了使用邮件模块发送电子邮件的相同方法,并且它按预期工作。
ansible-vault encrypt_string yourgmailapppassword --name gmail_password
使用上述方法使用 ansible vault 字符串选项加密 gmail 应用程序密码,并将加密变量定义到剧本中。
cat fetch-users-deatils.yml
- name: Linux servers user audit report preparation
hosts: "{{ HOSTS }}"
roles:
- user-collections
- name: Refreshing user Dashboard & sending email from localhost
hosts: localhost
become: false
vars:
- gmail_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62613232383962323430633831113465356231563163366235353034393230656331663436646233
3266353862303738303737383530313664356135336661390a336562613436626665333833323030
61393135643433313930643337363465343332353716333831222766376137396430426361663633
6233313433633231320a663435636230636431643731333166366435346564316331323361633566
38622138392437888466666535323432653034323936353961646233613437343831
tasks:
- name: Collecting the user details information and recreating the users dashboard
script: dashboard_user.sh
tags: user_dashboard
- name: User Audit data output file stored on below location
debug:
msg:
/tmp/user_collection/user_details.csv
- name: 'Sending Ansible users report email'
mail:
host: smtp.gmail.com
subtype: html
port: 587
password: "{{ gmail_password }}"
to: abcdefghijkl@gmail.com
from: abcdefghijkl@gmail.com
username: abcdefghijkl@gmail.com
subject: User details report
attach: /tmp/user_collection/user_details.csv
body: <pre> {{ lookup('file', '/tmp/user_collection/user_details.csv') }} </pre>
delegate_to: localhost
下面是ansible playbook执行命令
ansible-playbook fetch-users-deatils.yml -e "HOSTS=all" --ask-vault-pass
我正在尝试了解如何使用保险库加密单个变量。首先,我用 ansible-vault encrypt_string -n -p 加密字符串,然后将输出写入我的剧本。当我执行剧本时,它说解密的字符串不是 JSON 可序列化的。
加密字符串:"inline_name"
我也用 inline_name 和 inlinename 尝试过,每次都得到相同的结果。
我的剧本:
---
- name: Build System
hosts: dev
tasks:
- name: Create
mysql_db:
state: present
name: !vault |
$ANSIBLE_VAULT;1.1;AES256
39613261386438623937643062636166663638633062323939343734306334346537613233623064
3761633832326365356231633338396132646532313861350a316666376566616633376238313636
39343833306462323534623238333639663734626662623731666239366566643636386261643164
3861363730336331660a316165633232323732633364346636363764623639356562336536636136
6364
login_host: "{{ mysql_host }}"
login_user: "{{ mysql_user }}"
login_password: "{{ mysql_pass }}"
- name: Check if can access plain text vars
debug:
msg: "{{ my_plain_txt }}"
错误信息:
An exception occurred during task execution. To see the full traceback, use -vvv.
The error was: TypeError: u'"inline_name"' is not JSON serializable
fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "Unexpected failure during module execution.", "stdout": ""}
添加任务级变量:
- name: Create
mysql_db:
state: present
name: "{{ mysql_name }}"
login_host: "{{ mysql_host }}"
login_user: "{{ mysql_user }}"
login_password: "{{ mysql_pass }}"
vars:
mysql_name: !vault |
$ANSIBLE_VAULT;1.1;AES256
39613261386438623937643062636166663638633062323939343734306334346537613233623064
3761633832326365356231633338396132646532313861350a316666376566616633376238313636
39343833306462323534623238333639663734626662623731666239366566643636386261643164
3861363730336331660a316165633232323732633364346636363764623639356562336536636136
6364
双引号可以解释这个错误,但不适合我。查看整个 error/warning 以查看正在尝试解析的内容 json。就我而言....
[警告]:在回调插件中使用方法 (v2_runner_on_ok) 失败 (): u'secret_value' 不是 JSON 可序列化的
一个名为 json.load 的较旧的 AWX 回调插件,并以纯文本形式记录警告和秘密。它需要升级。
我已经实现了使用邮件模块发送电子邮件的相同方法,并且它按预期工作。
ansible-vault encrypt_string yourgmailapppassword --name gmail_password
使用上述方法使用 ansible vault 字符串选项加密 gmail 应用程序密码,并将加密变量定义到剧本中。
cat fetch-users-deatils.yml
- name: Linux servers user audit report preparation
hosts: "{{ HOSTS }}"
roles:
- user-collections
- name: Refreshing user Dashboard & sending email from localhost
hosts: localhost
become: false
vars:
- gmail_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62613232383962323430633831113465356231563163366235353034393230656331663436646233
3266353862303738303737383530313664356135336661390a336562613436626665333833323030
61393135643433313930643337363465343332353716333831222766376137396430426361663633
6233313433633231320a663435636230636431643731333166366435346564316331323361633566
38622138392437888466666535323432653034323936353961646233613437343831
tasks:
- name: Collecting the user details information and recreating the users dashboard
script: dashboard_user.sh
tags: user_dashboard
- name: User Audit data output file stored on below location
debug:
msg:
/tmp/user_collection/user_details.csv
- name: 'Sending Ansible users report email'
mail:
host: smtp.gmail.com
subtype: html
port: 587
password: "{{ gmail_password }}"
to: abcdefghijkl@gmail.com
from: abcdefghijkl@gmail.com
username: abcdefghijkl@gmail.com
subject: User details report
attach: /tmp/user_collection/user_details.csv
body: <pre> {{ lookup('file', '/tmp/user_collection/user_details.csv') }} </pre>
delegate_to: localhost
下面是ansible playbook执行命令
ansible-playbook fetch-users-deatils.yml -e "HOSTS=all" --ask-vault-pass