可以与“备用目录布局"一起使用;并使用保管库 [英] Ansible with "Alternative Directory Layout" and using vaults
问题描述
我正在尝试使用备用目录布局和内部的ansible-Vault. 但是,当我运行剧本时,使用库加密的变量无法使用该目录结构解析.那我做错了什么?
I am trying to use the Alternative Directory Layout and ansible-vaults within. But when i run my playbook, variables which are vault encrypted could not resolve with that directory structure. So what iam doing wrong?
我通过以下方式执行:
ansible-playbook -i inventories/inv/hosts playbooks/inv/invTest.yml --check --ask-vault
这是我的结构:
.
├── inventories
│ ├── inv
│ │ ├── group_vars
│ │ │ ├── var.yml
│ │ │ └── vault.yml
│ │ └── hosts
│ └── staging
│ ├── group_vars
│ │ ├── var.yml
│ │ └── vault.yml
│ └── hosts
├── playbooks
│ ├── staging
│ │ └── stagingTest.yml
│ └── inv
│ ├── invTest.retry
│ └── invTest.yml
└── roles
├── basic-linux
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ └── main.yml
├── test
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ └── main.yml
└── webserver
├── defaults
│ └── main.yml
├── files
├── handler
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
这是我的主机文件(inventories/inv/hosts):
this is my hosts file (inventories/inv/hosts):
[inv]
testvm-01 ansible_ssh_port=22 ansible_ssh_host=172.16.0.101 ansible_ssh_user=root
testvm-02 ansible_ssh_port=22 ansible_ssh_host=172.16.0.102 ansible_ssh_user=root
剧本(playbooks/inv/invTest.yml):
---
- name: this is test
hosts: inv
roles:
- { role: ../../roles/test }
...
使用库加密的var(roles/test/tasks/main.yml)的角色:
role which uses the vault encrypted var (roles/test/tasks/main.yml):
---
- name: create test folder
file:
path: "/opt/test/{{ app_user }}/"
state: directory
owner: "{{ default_user }}"
group: "{{ default_group }}"
mode: 2755
recurse: yes
...
指向库的var(清单/inv/group_vars/var.yml):
var which points to vault (inventories/inv/group_vars/var.yml):
---
app_user: '{{ vault_app_user }}'
app_pass: '{{ vault_app_pass }}'
...
保管库文件(ansible-vault edit inventories/inv/group_vars/vault.yml):
vault_app_user: itest
vault_app_pass: itest123
iam收到的错误消息是这样的:
The error message iam getting is something like this:
失败! => {失败":true,"msg":字段'args'具有无效值,该值似乎包含未定义的变量.错误是:{{app_user}}:'app_user'未定义\ n \ n错误似乎出在'roles/test/tasks/main.yml'中:但可能\ n位于文件的其他位置,具体取决于确切的语法问题.\ n \ n有问题的行似乎是:\ n \ n \ n-名称:创建测试文件夹\ n ^此处\ n}
FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: {{ app_user }}: 'app_user' is undefined\n\nThe error appears to have been in 'roles/test/tasks/main.yml': but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: create test folder\n ^ here\n"}
推荐答案
您在存储在group_vars文件夹中的名为var.yml的文件中定义变量app_user.
You define variable app_user in a file called var.yml stored in group_vars folder.
在执行行中,将inventories/inv/hosts指向库存目录.
In your execution line you point to the inventories/inv/hosts as your inventory directory.
在此路径中使用什么字符串都没有关系-从Ansible的角度来看,它只能看到:
It doesn't matter what strings you used in this path -- from Ansible's point of view it sees only:
hosts
group_vars
├── var.yml
└── vault.yml
对于名为var的主机组,它将读取var.yml,对于名为vault的主机组,其将读取vault.yml.
It will read var.yml for a host group called var and vault.yml for a host group called vault.
以您的情况为准-永远不会.
In your case -- never.
您可能想以这种方式组织文件:
You likely wanted to organise your files this way:
inventories
└── production
├── group_vars
│ └── inv
│ ├── var.yml
│ └── vault.yml
└── hosts
这样,将为组inv中的主机读取group_vars/inv中的文件.
This way, files in group_vars/inv will be read for hosts in group inv.
这篇关于可以与“备用目录布局"一起使用;并使用保管库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
