Igo*_*cek 6 ansible ansible-vault
我有一个非常奇怪的问题无法解决。已经调试了4个小时但是没有任何进展,以前从未遇到过这样的事情。
\n安西布的资料:
\nansible [core 2.11.5]\n config file = /Users/igor/Projects/infrastructure/mint2/ansible.cfg\n configured module search path = ['/Users/igor/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']\n ansible python module location = /Users/igor/.local/share/virtualenvs/mint2-x8LdeqZ_/lib/python3.9/site-packages/ansible\n ansible collection location = /Users/igor/.ansible/collections:/usr/share/ansible/collections\n executable location = /Users/igor/.local/share/virtualenvs/mint2-x8LdeqZ_/bin/ansible\n python version = 3.9.6 (default, Jun 28 2021, 19:24:41) [Clang 12.0.5 (clang-1205.0.22.9)]\n jinja version = 3.0.1\n libyaml = False\n这是一个示例剧本:
\n---\n- hosts: somehost\n gather_facts: yes\n vars_files:\n - host_vars/somehost/common/common.yml\n - host_vars/somehost/backup/backup.yml\n pre_tasks:\n - name: Prepare | Remove AppArmor\n apt:\n name: apparmor\n state: absent\n \n - name: Prepare | Stop AppArmor\n service:\n name: apparmor\n enabled: no\n roles: \n - roles/role-provision-common\n - roles/role-deploy-backup\n这是 的结构host_vars:
host_vars/somehost\n\xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 backup\n\xe2\x94\x82 \xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 backup.yml\n\xe2\x94\x82 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 encryption_key\n\xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 common\n\xe2\x94\x82 \xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 common.yml\n\xe2\x94\x82 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 ssh-keys\n\xe2\x94\x82 \xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 id_rsa_backup\n\xe2\x94\x82 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 id_rsa_backup.pub\n以下是 的内容common.yml:
common_packages_generic_enabled: true\ncommon_packages_stats_enabled: true\ncommon_packages_mysql_enabled: true\ncommon_packages_web_server_enabled: false\ncommon_network_rename_interfaces: true\ncommon_preferred_timezone: 'UTC'\n以下是 的内容backup.yml:
backup_server_hostname: someserver\nbackup_server_path: /home/someuser\nbackup_server_user: somerserver\nbackup_server_port: '22'\nbackup_host_user: someremoteuser\nbackup_host_mount_path: /home/someremoteuser/backup\nbackup_host_user_private_key_path: host_vars/somehost/common/ssh-keys/id_rsa_backup\n和是保管encryption_key库加密文件。id_rsa_backupid_rsa_backup_pub
所以,当我跑步时:
\nansible-playbook --check --diff somehost.yml -vvvvvvvv\n我收到以下错误:
\nPLAY [somehost] ************************************************************************************************************************************************************************************\nFound a vault_id (default) in the vaulttext\nWe have a secret associated with vault id (default), will try to use to decrypt /Some/Local/Path/host_vars/somehost/backup/encryption_key\nTrying to use vault secret=(FileVaultSecret(filename='/Some/Local/Path/.vault')) id=default to decrypt /Some/Local/Path/host_vars/somehost/backup/encryption_key\nTrying secret FileVaultSecret(filename='/Some/Local/Path/.vault') for vault_id=default\nDecrypt of "b'/Some/Local/Path/host_vars/somehost/backup/encryption_key'" successful with secret=FileVaultSecret(filename='/Some/Local/Path/.vault') and vault_id=default\nFound a vault_id (default) in the vaulttext\nWe have a secret associated with vault id (default), will try to use to decrypt None\nTrying to use vault secret=(FileVaultSecret(filename='Some/Local/Path/.vault')) id=default to decrypt None\nTrying secret FileVaultSecret(filename='Some/Local/Path/.vault') for vault_id=default\nDecrypt successful with secret=FileVaultSecret(filename='Some/Local/Path/.vault') and vault_id=default\n\n\nERROR! failed to combine variables, expected dicts but got a 'dict' and a 'AnsibleUnicode':\n{'backup_server_hostname': 'somehost', 'backup_server_path': '/home/somehostpath', 'backup_server_user': 'somehostpath', 'backup_server_port': '22', 'backup_host_user': 'automator', 'backup_host_mount_path': '/home/xxxx/mnt/backup', 'backup_host_user_private_key_path': 'host_vars/somehost/common/ssh-keys/id_rsa_backup', 'backup_borgmatic_configuration': [{'source_directories': ['/home/xxxx/.mysql'], 'repositories': ['/home/xxxx/mnt/backup/backup'], 'application_name': 'somehost_db', 'location': {'exclude_if_present': '.nobackup'}, 'storage': {'encryption_passphrase': 'xxxxx', 'archive_name_format': "'{hostname}-mysql-{now}'"}, 'retention': {'keep_hourly': '168', 'prefix': "'{hostname}-mysql-'"}, 'consistency': {'checks': ['archives'], 'check_repositories': ['/home/xxxx/mnt/backup/backup']}, 'hooks': {'before_backup': ['sh /home/xxxx/.scripts/check_sshfs.sh', 'sh /home/xxxx/.scripts/mysql_backup.sh', 'echo "Starting a backup."'], 'after_backup': ['echo "Backup done"'], 'on_error': ['echo "Backup failed"']}}]}\n"BORG_KEY 36dfe604435ad8eaca89e39 hqlhbGdvcml0aG2mc2hhMjU2pGRhdGHaAN5a1XnA0c3O3MC44+lN2nWgol31naZud/Gf1p Q2aDmnXeMj7pHR1LPL/K/b3vrBgWW64RV6e9E9PSsYicrLcYDrPA0s2YSHbZpTBBPKURxX h0uIhTTj8497vhiezwQOhjDxFpVPtzqWmlmz9ibQlrGCiBQQD95+NitfFJTBUoQ7HS+rgs /m87v8rQaOWhv6/4V9w1K4ooMu5ufMxNeUXUfidFJNs5HeJf2QS2iTd7dSBYLUmId5guZT PTypFvdtpsnUfXGQ5l0rluAgd1BigYxCtvdNwNRus88y9nc74y+kaGFzaNoAIN8uIPII2m Fzh6ZxBaG21vIbDFnFZHWjxBZwO+1MGz5Fqml0ZXJhdGlvbnPOAAGGoKRzYWx02gAgIpO9 oD"\nBORG_KEY序列之前的部分是文件的内容backup/backup.yml,之后的文本被解密encyption_key。
为了运行这个剧本,我必须删除encryption_key和id_rsa_backup和id_rsa_backup_pub文件。
但是 - 这是一个奇怪的部分 - 我还有另外 5 个剧本,它们运行相同的角色,并且具有几乎相同的 host_vars 结构和保管库加密文件,但它们运行得很好,不需要删除加密文件。因此,在一半情况下它不起作用,而在另一半情况下它却起作用。他们都属于同一群体。
\n我不知道为什么会发生这种情况,也不知道为什么 Ansible 会尝试包含我没有特别要求的文件。
\n任何帮助表示赞赏。
\n更新:我还发现,如果我向加密文件(.key 和 .pem)添加任何扩展名,我的剧本就可以正常工作。我不知道为什么。
\n小智 8
我和你有同样的问题。就我而言,我将Vault定义为vault.yaml。但问题是我忘记了它是一个 YAML 文件并将内容定义为:
vault_db_password=somepassword
在我的 group_vars 中,我有一个 var 文件引用了保管库,例如:
vault_db_password=somepassword
为了解决这个问题,我只需确保我的保管库是有效的 yaml,因此我将内容更改为:
configuration:
rds:
password: "{{ vault_db_password }}"
从您的更新看来,ansible 很难理解文件类型,因此在解析/转换和合并变量时可能会出错。希望这对某人有帮助,干杯!
| 归档时间: |
|
| 查看次数: |
9091 次 |
| 最近记录: |