我有一个带保险库的剧本,我可以运行它:
ansible-playbook info.yml --ask-vault-pass
现在,我想在 Ansible 中运行我的剧本 API。How to run playbook api in Ansible v2 with vault 中的答案说我们可以设置
loader = DataLoader()
loader.set_vault_password('mypass')
在 2.2.0.0 API 中,我也在我的 api 中设置了这些?但它不起作用。错误信息如下:
Traceback (most recent call last):
File "test2.py", line 63, in <module>
playbook.run()
File "/usr/lib/python2.7/site-packages/ansible/executor/playbook_executor.py", line 82, in run
pb = Playbook.load(playbook_path, variable_manager=self._variable_manager, loader=self._loader)
File "/usr/lib/python2.7/site-packages/ansible/playbook/__init__.py", line 54, in load
pb._load_playbook_data(file_name=file_name, variable_manager=variable_manager)
File "/usr/lib/python2.7/site-packages/ansible/playbook/__init__.py", line 78, in _load_playbook_data
ds = self._loader.load_from_file(os.path.basename(file_name))
File "/usr/lib/python2.7/site-packages/ansible/parsing/dataloader.py", line 130, in load_from_file
(b_file_data, show_content) = self._get_file_contents(file_name)
File "/usr/lib/python2.7/site-packages/ansible/parsing/dataloader.py", line 206, in _get_file_contents
data = self._vault.decrypt(data, filename=b_file_name)
File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 561, in decrypt
plaintext, vault_id = self.decrypt_and_get_vault_id(vaulttext, filename=filename)
File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 617, in decrypt_and_get_vault_id
_matches = match_secrets(self.secrets, vault_id_matchers)
File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 456, in match_secrets
matches = [(vault_id, secret) for vault_id, secret in secrets if vault_id in target_vault_ids]
ValueError: need more than 1 value to unpack
然后我改变
loader.set_vault_password('mypass')
到
loader.set_vault_secrets([('default','mypass')])
但它也不起作用。错误信息是:
Traceback (most recent call last):
File "test2.py", line 63, in <module>
playbook.run()
File "/usr/lib/python2.7/site-packages/ansible/executor/playbook_executor.py", line 82, in
pb = Playbook.load(playbook_path, variable_manager=self._variable_manager, loader=self._l
File "/usr/lib/python2.7/site-packages/ansible/playbook/__init__.py", line 54, in load
pb._load_playbook_data(file_name=file_name, variable_manager=variable_manager)
File "/usr/lib/python2.7/site-packages/ansible/playbook/__init__.py", line 78, in _load_pla
ds = self._loader.load_from_file(os.path.basename(file_name))
File "/usr/lib/python2.7/site-packages/ansible/parsing/dataloader.py", line 130, in load_fr
(b_file_data, show_content) = self._get_file_contents(file_name)
File "/usr/lib/python2.7/site-packages/ansible/parsing/dataloader.py", line 206, in _get_fi
data = self._vault.decrypt(data, filename=b_file_name)
File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 561, in dec
plaintext, vault_id = self.decrypt_and_get_vault_id(vaulttext, filename=filename)
File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 638, in dec
b_plaintext = this_cipher.decrypt(b_vaulttext, vault_secret)
File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 1344, in de
b_password = secret.bytes
AttributeError: 'str' object has no attribute 'bytes'
我尝试改变线路
b_password = secret.bytes
在文件/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py中
b_password = secret
然后api正常工作。但我认为这不是从根本上解决我的问题的好方法。
使用VaultSecret类而不是字符串密码:
from ansible.module_utils._text import to_bytes
from ansible.parsing.vault import VaultSecret
loader.set_vault_secrets([('default',VaultSecret(_bytes=to_bytes('123456')))])