include_vars 当 yml 嵌入加密变量时出错
Error during include_vars when yml has embedded encrypted variables
问题类似于
我有一个 Ansible 配置文件,其中包含许多纯文本和一个加密值。
config_value: "something in plain text"
another_value: "another plain text value"
my_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
36343434346535636131316538313039386539363337326432336330393734306562336563386335
3663323065343330303039655530313833623439616630320a323730613534613338326263386136
33313033363737626230343432363764356336346363306466356330633561353831346433333366
3964386161306338300a333164333932333539333565303038643462643137663438326664336431
66613433396133633039385664366564626231313230383464356537636434646534
我按照以下方式加密变量,描述 here:
ansible-vault encrypt_string --vault-password-file path/to/password testvalue
当 运行 include_vars 我收到以下错误消息:
TASK [include_vars] ************************************************************
task path: /var/jenkins_home/workspace/path/to/deploy-playbook.yml:21
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.default.CallbackModule object at 0x7f37a284fa90>):
u'testvalue' is not JSON serializable
Callback Exception:
File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/executor/task_queue_manager.py", line 375, in send_callback
method(*new_args, **kwargs)
File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/plugins/callback/default.py", line 100, in v2_runner_on_ok
msg += " => %s" % (self._dump_results(result._result),)
File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/plugins/callback/__init__.py", line 107, in _dump_results
return json.dumps(abridged_result, indent=indent, ensure_ascii=False, sort_keys=sort_keys)
File "/usr/lib/python2.7/json/__init__.py", line 251, in dumps
sort_keys=sort_keys, **kw).encode(obj)
File "/usr/lib/python2.7/json/encoder.py", line 209, in encode
chunks = list(chunks)
File "/usr/lib/python2.7/json/encoder.py", line 434, in _iterencode
for chunk in _iterencode_dict(o, _current_indent_level):
File "/usr/lib/python2.7/json/encoder.py", line 408, in _iterencode_dict
for chunk in chunks:
File "/usr/lib/python2.7/json/encoder.py", line 408, in _iterencode_dict
for chunk in chunks:
File "/usr/lib/python2.7/json/encoder.py", line 442, in _iterencode
o = _default(o)
File "/usr/lib/python2.7/json/encoder.py", line 184, in default
raise TypeError(repr(o) + " is not JSON serializable")
我也试过以下命令来加密秘密,但没有成功:
ansible-vault encrypt_string --vault-password-file path/to/password 'testvalue'
ansible-vault encrypt_string --vault-password-file path/to/password "testvalue'
ansible-vault encrypt_string --vault-password-file path/to/password "'testvalue'"
"error message" 实际上并没有阻止秘密 (my_secret) 或同一文件中的任何其他配置值可用。
我之前在 ansible 2.4.2,升级到 2.7.0 解决了这个问题。
问题类似于
我有一个 Ansible 配置文件,其中包含许多纯文本和一个加密值。
config_value: "something in plain text"
another_value: "another plain text value"
my_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
36343434346535636131316538313039386539363337326432336330393734306562336563386335
3663323065343330303039655530313833623439616630320a323730613534613338326263386136
33313033363737626230343432363764356336346363306466356330633561353831346433333366
3964386161306338300a333164333932333539333565303038643462643137663438326664336431
66613433396133633039385664366564626231313230383464356537636434646534
我按照以下方式加密变量,描述 here:
ansible-vault encrypt_string --vault-password-file path/to/password testvalue
当 运行 include_vars 我收到以下错误消息:
TASK [include_vars] ************************************************************
task path: /var/jenkins_home/workspace/path/to/deploy-playbook.yml:21
[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin
(<ansible.plugins.callback.default.CallbackModule object at 0x7f37a284fa90>):
u'testvalue' is not JSON serializable
Callback Exception:
File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/executor/task_queue_manager.py", line 375, in send_callback
method(*new_args, **kwargs)
File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/plugins/callback/default.py", line 100, in v2_runner_on_ok
msg += " => %s" % (self._dump_results(result._result),)
File "/var/jenkins_home/workspace/path/to/virtualenv/local/lib/python2.7/site-packages/ansible/plugins/callback/__init__.py", line 107, in _dump_results
return json.dumps(abridged_result, indent=indent, ensure_ascii=False, sort_keys=sort_keys)
File "/usr/lib/python2.7/json/__init__.py", line 251, in dumps
sort_keys=sort_keys, **kw).encode(obj)
File "/usr/lib/python2.7/json/encoder.py", line 209, in encode
chunks = list(chunks)
File "/usr/lib/python2.7/json/encoder.py", line 434, in _iterencode
for chunk in _iterencode_dict(o, _current_indent_level):
File "/usr/lib/python2.7/json/encoder.py", line 408, in _iterencode_dict
for chunk in chunks:
File "/usr/lib/python2.7/json/encoder.py", line 408, in _iterencode_dict
for chunk in chunks:
File "/usr/lib/python2.7/json/encoder.py", line 442, in _iterencode
o = _default(o)
File "/usr/lib/python2.7/json/encoder.py", line 184, in default
raise TypeError(repr(o) + " is not JSON serializable")
我也试过以下命令来加密秘密,但没有成功:
ansible-vault encrypt_string --vault-password-file path/to/password 'testvalue'
ansible-vault encrypt_string --vault-password-file path/to/password "testvalue'
ansible-vault encrypt_string --vault-password-file path/to/password "'testvalue'"
"error message" 实际上并没有阻止秘密 (my_secret) 或同一文件中的任何其他配置值可用。
我之前在 ansible 2.4.2,升级到 2.7.0 解决了这个问题。