我正在尝试通过Ansible自动化Hashicorp保险库的开封操作,为此,我需要使用Vault初始化的标准输出来传递正则表达式并捕获自动生成的5个密钥。任何人都可以协助正则表达式捕获多个密钥,但仅捕获密钥部分吗?
解开钥匙的示例:
Unseal Key 1: `vhK9/+JLLa59BOdR7SClCnuRERrEPqRk3z5yO4aCOKj0`
当前,我有以下任务:
- name: extract keys
- changed_when: no
- set_fact:
vault_keys: `"{{ vault_init_output.stdout | regex_findall ('unseal key', multiline=True, ignorecase=True) }}"`
- tags:
- vault
- debug: `msg="{{ vault_keys }}"`
但是它捕获了整行,我只需要捕获键。
答案 0 :(得分:0)
解决了。以下是初始化Hashicorp保管库并通过register和regexp捕获密钥/令牌的任务:
- name: Initialize the vault
command: vault operator init
register: vault_init_output
environment:
VAULT_ADDR: "http://127.0.0.1:8200"
- debug: msg="{{ vault_init_output }}"
- name: extract keys
changed_when: no
set_fact:
vault_keys: "{{ vault_init_output.stdout | regex_findall ('(?<=unseal key [0-9]:\\s).*$', multiline=True, ignorecase=True) }}"
tags:
- vault
- debug: msg="{{ vault_keys }}"
- name: extract root token
changed_when: no
set_fact:
vault_token: "{{ vault_init_output.stdout | regex_findall ('(?<=Initial Root Token:\\s).*$', multiline=True, ignorecase=True) }}"
tags:
- vault
- debug: msg="{{ vault_token }}"