内联加密变量不是JSON可序列化的

时间:2017-11-30 06:57:21

标签: ansible ansible-vault

我正在尝试了解如何使用保险库加密单个变量。首先,我用xFormatted加密字符串,然后将输出写入我的剧本。当我执行playbook时,它说解密的字符串不是JSON可序列化的。

加密字符串:ansible-vault encrypt_string -n -p 我也尝试使用"inline_name"inline_name,每次都有相同的结果。

我的剧本:

inlinename

错误讯息:

---
- name: Build System

  hosts: dev

  tasks:
  - name: Create 
    mysql_db:
      state: present
      name: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39613261386438623937643062636166663638633062323939343734306334346537613233623064
          3761633832326365356231633338396132646532313861350a316666376566616633376238313636
          39343833306462323534623238333639663734626662623731666239366566643636386261643164
          3861363730336331660a316165633232323732633364346636363764623639356562336536636136
          6364
      login_host: "{{ mysql_host }}"
      login_user: "{{ mysql_user }}"
      login_password: "{{ mysql_pass }}"
  - name: Check if can access plain text vars
    debug:
      msg: "{{ my_plain_txt }}"

3 个答案:

答案 0 :(得分:10)

添加任务级变量:

  - name: Create 
    mysql_db:
      state: present
      name: "{{ mysql_name }}"
      login_host: "{{ mysql_host }}"
      login_user: "{{ mysql_user }}"
      login_password: "{{ mysql_pass }}"
    vars:
      mysql_name: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39613261386438623937643062636166663638633062323939343734306334346537613233623064
          3761633832326365356231633338396132646532313861350a316666376566616633376238313636
          39343833306462323534623238333639663734626662623731666239366566643636386261643164
          3861363730336331660a316165633232323732633364346636363764623639356562336536636136
          6364

答案 1 :(得分:0)

双引号可以解释此错误,但对我而言不行。查看整个错误/警告,以了解试图解析json的内容。就我而言....

[警告]:在回调插件中使用方法(v2_runner_on_ok)失败 ():u'secret_value'不可JSON序列化

一个名为json.load的较旧的AWX回调插件,并以纯文本形式记录了警告以及机密信息。它需要升级。

答案 2 :(得分:0)

我已经实现了使用邮件模块发送电子邮件的功能,并且可以正常工作。

ansible-vault encrypt_string yourgmailapppassword --name gmail_password

使用上述方法使用ansible保险库字符串选项对gmail应用程序密码进行加密,并将加密后的变量定义到剧本中。

cat fetch-users-deatils.yml

    - name: Linux servers user audit report preparation
      hosts: "{{ HOSTS }}"
      roles:
        - user-collections
    
    - name: Refreshing user Dashboard & sending email from localhost
      hosts: localhost
      become: false
      vars:
       - gmail_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              62613232383962323430633831113465356231563163366235353034393230656331663436646233
              3266353862303738303737383530313664356135336661390a336562613436626665333833323030
              61393135643433313930643337363465343332353716333831222766376137396430426361663633
              6233313433633231320a663435636230636431643731333166366435346564316331323361633566
              38622138392437888466666535323432653034323936353961646233613437343831
      tasks:
        - name: Collecting the user details information and recreating the users dashboard
          script: dashboard_user.sh
          tags: user_dashboard
    
    
        - name: User Audit data output file stored on below location
          debug:
            msg:
             /tmp/user_collection/user_details.csv
    
        - name: 'Sending Ansible users report email'
          mail:
            host: smtp.gmail.com
            subtype: html
            port: 587
            password: "{{ gmail_password }}"
            to: abcdefghijkl@gmail.com
            from: abcdefghijkl@gmail.com
            username: abcdefghijkl@gmail.com
            subject: User details report
            attach: /tmp/user_collection/user_details.csv
            body: <pre> {{ lookup('file', '/tmp/user_collection/user_details.csv') }} </pre>
          delegate_to: localhost

下面是一个有趣的剧本执行命令

ansible-playbook fetch-users-deatils.yml -e "HOSTS=all" --ask-vault-pass
相关问题
最新问题