是否可以使用 ansible playbook 禁用保险库?

Is it possible to disable vault with ansible playbook?

出于自动化测试目的,我想在执行 ansible-playbook 时禁用保管库,以便在测试中覆盖加密变量。

我看过 --ask-vault-pass 但不是相反的 --no-vault-pass 之类的。

ansible settings 没有为此指定环境变量。

您可以为您的测试创建一个特殊的配置文件,其中有意排除保险库信息,并告诉 ansible 在 运行 您的测试剧本时使用此配置文件:

ANSIBLE_CONFIG=/my/special.cfg ansible-playbook testplaybook.yml

也许您正在寻找按环境划分的结构分离,如下所示:

├── ansible.cfg               # check below.
├── inventories               # directory to group all hosts and variables.
│   ├── production            # "environment" directory as we discussed before.
│   │   ├── group_vars
│   │   │   ├── appserver
│   │   │   │   ├── vars.yml
│   │   │   │   └── vault.yml # encrypted sensitive data.
│   │   │   └── proxyserver
│   │   │       ├── vars.yml
│   │   │       └── vault.yml
│   │   └── inventory
│   ├── staging
│   │   ├── group_vars
│   │   │   ├── appserver
│   │   │   │   ├── vars.yml
│   │   │   │   └── vault.yml # encrypted sensitive data.
│   │   │   └── proxyserver
│   │   │       ├── vars.yml
│   │   │       └── vault.yml
│   │   └── inventory
│   └── development
│       ├── group_vars
│       │   ├── appserver
│       │   │   └── vars.yml  # no need to encrypt for local development.
│       │   └── proxyserver
│       │       └── vars.yml
│       └── inventory
├── site.yml
├── books                     # group all the playbooks under same directory.
│   ├── appserver.yml
│   └── proxyserver.yml
├── roles
│   └── app
└── roles.galaxy              # separate contributed roles
    └── author.proxy

继续: https://steyeu.co/posts/ansible-project-layout-for-multistage-environments-based-on-best-practice/#the-suggested-way