将保险箱密码传递给流浪者ansible_local配置者

时间:2017-01-30 09:48:21

标签: vagrant ansible vagrant-provision ansible-vault

我使用ansible_local配置器为我的流浪盒。我的一些变量应存储在Vault文件中。

虽然ansible供应商提供ask_vault_pass作为配置选项(https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass),但ansible_local却没有。{/ p>

有解决方法吗?

3 个答案:

答案 0 :(得分:6)

您可以使用vault_password_file选项。

1。回显密码文件

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.provision :shell, inline: "echo 'password' > /tmp/vault_pass"

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.vault_password_file = "/tmp/vault_pass"
      ...
    end
  end
end

2。使用.synced_folder

创建vault_pass文件,如下所示。

mkdir provision
cd provision
echo password > vault_pass

Vagrantfile正在关注。

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.synced_folder "./provision", "/provision", id: "ansible", owner: "vagrant", group: "vagrant", mount_options: ["dmode=775,fmode=664"]

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.vault_password_file = "/provision/vault_pass"
      ...
    end
  end
end

答案 1 :(得分:0)

我建议通过另一种方法来解决sujoyu的问题,方法是要求用户在配置时输入保管库密码。也受此answer的启发。

Vagrant.configure(2) do |config|

  config.vm.box = "..."

  # Password Input Function
  class Password
    def to_s
      begin
      system 'stty -echo'
      print "Ansible Vault Password: "
      pass = URI.escape(STDIN.gets.chomp)
      ensure
      system 'stty echo'
      end
      print "\n"
      pass
    end
  end

  # Ask for vault password
  config.vm.provision "shell", env: {"VAULT_PASS" => Password.new}, inline: <<-SHELL
    echo "$VAULT_PASS" > /tmp/vault_pass
  SHELL

  # Run ansible provision
  config.vm.provision "ansible_local" do |ansible|

      ansible.playbook = "playbook.yml"
      ansible.vault_password_file = "/tmp/vault_pass"

  end

  # Delete temp vault password file
  config.vm.provision "shell", inline: <<-SHELL
    rm /tmp/vault_pass
  SHELL

end

答案 2 :(得分:0)

使用ansible.vault_password_file的流浪者版本2.2.9导致

vault_password_file` does not exist on the host:

使用ask_vault_pass选项

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.ask_vault_pass = true
      ...
    end
  end
end
相关问题
最新问题