带有to_nice_json的Ansible Vault内联变量:发生了意外的模板类型错误...不是JSON可序列化的

时间:2018-06-09 03:01:15

标签: json templates ansible jinja2 ansible-vault

我通常通过vars/main.yml中的设置配置变量来配置我的项目,并通过to_nice_json将这些变量的子集呈现给JSON。

考虑vars/main.yaml的示例,如下所示:

  # Application Configuration Settings.
  config:

    dev:
      # General Settings.
      logger_level: DEBUG

      # PostgreSQL Server Configuration Settings.
      sql_host: "localhost"
      sql_port: 5432
      sql_username: "someuser"
      sql_password: "somepassword"
      sql_db: "somedb"

我通过Jinja2模板和template模块渲染出来,其中包含以下内容:

{{ config.dev | to_nice_json }}

最近我尝试使用Ansible Vault加密敏感位,例如sql_passwordencrypt_string命令:

ansible-vault encrypt_string --vault-id .ansible-vault-password "somepassword" --name 'sql_password'

并直接在YAML文件中内嵌加密版本,如下所示:

# Application Configuration Settings.
config:

    dev:
      # General Settings.
      logger_level: DEBUG

      # PostgreSQL Server Configuration Settings.
      sql_host: "localhost"
      sql_port: 5432
      sql_username: "someuser"
      sql_password: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      35383832623937353934636538306539623336633336643430396662323161333838333463653764
      3839653635326166303636643664333466376236626137310a323839373862626237643162303535
      35333966383834356239376566356263656635323865323466306362323864356663383661333262
      3165643733633262650a663363653832373936383033306137633234626264353538356630336131
      3063
      sql_db: "somedb"

但是,当应用to_nice_json过滤器时,我收到以下错误:

fatal: [myrole]: FAILED! => {"changed": false, "msg": "AnsibleError: Unexpected templating type error occurred on ({{ config.dev | to_nice_json }}\n): somepassword' is not JSON serializable"}

可以看出,变量是属性解密但在序列化为JSON时出错。但是,如果我将内联保险库变量用双引号括起来,则解密不会发生,并且生成的JSON包含整个保险库blob。

我错过了什么吗?这是to_nice_json过滤器的问题,还是以错误的方式内联?

1 个答案:

答案 0 :(得分:2)

作为此类问题的解决方法,将拱形值提取到单独的变量(而不是字典中键的值):

vars:
  my_sql_password: !vault | 
    $ANSIBLE_VAULT;1.1;AES256
    5383832623937353934636538306539623336633336643430396662323161333838333463653764
    3839653635326166303636643664333466376236626137310a323839373862626237643162303535
    35333966383834356239376566356263656635323865323466306362323864356663383661333262
    3165643733633262650a663363653832373936383033306137633234626264353538356630336131
    3063
  # Application Configuration Settings.
  config:
    dev:
      # General Settings.
      logger_level: DEBUG

      # PostgreSQL Server Configuration Settings.
      sql_host: "localhost"
      sql_port: 5432
      sql_username: "someuser"
      sql_password: "{{ my_sql_password }}"
      sql_db: "somedb"
相关问题
最新问题