我有一个Jenkins文件试图启动一个Ansible playbook,它引用存储在Ansible库加密文件中的一些参数。
Ansible安装在2.4.0.0版本中
以下是我的jenkins文件片段:
withCredentials([[$class: 'StringBinding', credentialsId: 'vault_token', variable: 'VAULT_TOKEN']]) {
ansiblePlaybook(
playbook: "./ansible/playbooks/deploy.yml",
inventory: "./ansible/hosts/hosts",
credentialsId: "$VAULT_TOKEN"
}
还有剧本:
---
- hosts: managers
become: true
tasks:
- include_vars: ../vaults/passwords.yml
- name: Log into Docker repository
docker_login:
registry: my.registry.org
username: "{{ reg_user }}"
password: "{{ reg_password }}"
此剧集包含包含加密值的保管库文件。 当Jenkins执行Jenkins文件时,我收到以下错误: 尝试解密但没有找到保险库秘密
为什么ansible不使用我在Jenkins文件中传递给他的credentialId,传递这个凭证的好方法是什么?
答案 0 :(得分:0)
尝试以下
withCredentials([file(credentialsId: 'vault_token', variable: 'VAULT_TOKEN')]) {
ansiblePlaybook colorized: true, credentialsId: '', forks: 10, inventory: 'ansible/hosts/hosts', limit: '', playbook: 'ansible/playbooks/deploy.yml', sudoUser: null, extras: "--vault-password-file ${VAULT_TOKEN}"
}
您需要添加
extras:" - vault-password-file $ {VAULT_TOKEN}"
并将credentialsId留空。
答案 1 :(得分:0)