Ansible 与“替代目录布局"和使用保险库 [英] Ansible with "Alternative Directory Layout" and using vaults

问题描述

我正在尝试使用 替代目录布局 和 ansible-vaults 内.但是当我运行我的剧本时，保险库加密的变量无法用该目录结构解析.那么我做错了什么?

我通过以下方式执行:

ansible-playbook -i inventory/inv/hosts playbooks/inv/invTest.yml --check --ask-vault

这是我的结构:

<预><代码>.├── 库存│ ├── inv│ │ ├── group_vars│ │ │ ├── var.yml│ │ │ └── vault.yml│ │ └── 主持人│ └── 舞台│ ├── group_vars│ │ ├── var.yml│ │ └── vault.yml│ └── 主持人├── 剧本│ ├── 分期│ │ └── stagingTest.yml│ └── inv│ ├── invTest.retry│ └── invTest.yml└── 角色├── basic-linux│ ├── 默认值│ │ └── main.yml│ └── 任务│ └── main.yml├──测试│ ├── 默认值│ │ └── main.yml│ └── 任务│ └── main.yml└── 网络服务器├── 默认值│ └── main.yml├── 文件├── 处理程序│ └── main.yml├── 任务│ └── main.yml└── 模板

这是我的主机文件(inventories/inv/hosts):

[inv]testvm-01 ansible_ssh_port=22 ansible_ssh_host=172.16.0.101 ansible_ssh_user=roottestvm-02 ansible_ssh_port=22 ansible_ssh_host=172.16.0.102 ansible_ssh_user=root

剧本(playbooks/inv/invTest.yml):

---- 名称:这是测试主持人:inv角色:- { 角色:../../roles/test }...

使用保险库加密变量的角色(roles/test/tasks/main.yml):

---- 名称:创建测试文件夹文件:路径:/opt/test/{{ app_user }}/"状态:目录所有者:{{ default_user }}"组:{{ default_group }}"模式:2755递归:是...

var 指向 vault (inventories/inv/group_vars/var.yml):

---app_user: '{{ vault_app_user }}'app_pass: '{{ vault_app_pass }}'...

保险库文件(ansible-vault edit inventory/inv/group_vars/vault.yml):

vault_app_user: itestvault_app_pass: itest123

我得到的错误信息是这样的:

<块引用>

失败！=> {"failed": true, "msg": "the field 'args' has an invalid value, 它似乎包含一个未定义的变量.错误是:{{ app_user }}: 'app_user' is undefined\n\n错误似乎在roles/test/tasks/main.yml"中:但可能\n在文件中的其他地方，具体取决于确切的语法问题.\n\n有问题的行似乎是:\n\n\n - 名称:创建测试文件夹\n ^ 这里\n"}

解决方案

您在 group_vars 文件夹中存储的名为 var.yml 的文件中定义变量 app_user.

在您的执行行中，您指向 inventories/inv/hosts 作为您的库存目录.

在此路径中使用什么字符串无关紧要——从 Ansible 的角度来看，它只能看到:

主机group_vars├── var.yml└── vault.yml

它将读取名为 var 的主机组的 var.yml 和名为 vault<的主机组的 vault.yml/代码>.

就你而言——从不.

<小时>

您可能希望以这种方式组织您的文件:

库存└── 生产├── group_vars│ └── inv│ ├── var.yml│ └── vault.yml└── 主持人

这样，group_vars/inv 中的文件将被 inv 组中的主机读取.

I am trying to use the Alternative Directory Layout and ansible-vaults within. But when i run my playbook, variables which are vault encrypted could not resolve with that directory structure. So what iam doing wrong?

I execute via:

ansible-playbook -i inventories/inv/hosts playbooks/inv/invTest.yml --check --ask-vault

Here is my structure:

.
├── inventories
│   ├── inv
│   │   ├── group_vars
│   │   │   ├── var.yml
│   │   │   └── vault.yml
│   │   └── hosts
│   └── staging
│       ├── group_vars
│       │   ├── var.yml
│       │   └── vault.yml
│       └── hosts
├── playbooks
│   ├── staging
│   │   └── stagingTest.yml
│   └── inv
│       ├── invTest.retry
│       └── invTest.yml
└── roles
    ├── basic-linux
    │   ├── defaults
    │   │   └── main.yml
    │   └── tasks
    │       └── main.yml
    ├── test
    │   ├── defaults
    │   │   └── main.yml
    │   └── tasks
    │       └── main.yml
    └── webserver
        ├── defaults
        │   └── main.yml
        ├── files
        ├── handler
        │   └── main.yml
        ├── tasks
        │   └── main.yml
        └── templates

this is my hosts file (inventories/inv/hosts):

[inv]
testvm-01    ansible_ssh_port=22    ansible_ssh_host=172.16.0.101    ansible_ssh_user=root
testvm-02    ansible_ssh_port=22    ansible_ssh_host=172.16.0.102    ansible_ssh_user=root

playbook (playbooks/inv/invTest.yml):

---
  - name: this is test
    hosts: inv
    roles:
      - { role: ../../roles/test }
...

role which uses the vault encrypted var (roles/test/tasks/main.yml):

---
  - name: create test folder
    file:
        path: "/opt/test/{{ app_user }}/"
        state: directory
        owner: "{{ default_user }}"
        group: "{{ default_group }}"
        mode: 2755
        recurse: yes
...

var which points to vault (inventories/inv/group_vars/var.yml):

---
app_user: '{{ vault_app_user }}'
app_pass: '{{ vault_app_pass }}'
...

vault file (ansible-vault edit inventories/inv/group_vars/vault.yml):

vault_app_user: itest
vault_app_pass: itest123

The error message iam getting is something like this:

FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: {{ app_user }}: 'app_user' is undefined\n\nThe error appears to have been in 'roles/test/tasks/main.yml': but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: create test folder\n ^ here\n"}

解决方案

You define variable app_user in a file called var.yml stored in group_vars folder.

In your execution line you point to the inventories/inv/hosts as your inventory directory.

It doesn't matter what strings you used in this path -- from Ansible's point of view it sees only:

hosts
group_vars
├── var.yml
└── vault.yml

It will read var.yml for a host group called var and vault.yml for a host group called vault.

In your case -- never.

---

You likely wanted to organise your files this way:

inventories
└── production
    ├── group_vars
    │   └── inv
    │       ├── var.yml
    │       └── vault.yml
    └── hosts

This way, files in group_vars/inv will be read for hosts in group inv.

这篇关于Ansible 与“替代目录布局"和使用保险库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！