在Openshift上将Ansible Playbook捆绑包与多行秘密一起使用

时间:2018-08-02 18:54:14

标签: ansible openshift

使用Ansible Playbook Bundles时指定使用https://github.com/openshift/ansible-service-broker/blob/master/docs/secrets.md机密

但是,多行机密似乎无法正常工作。

如果通过create_broker_secret.py添加了机密,则多行机密在解析为Playbook包参数时会将其换行符更改为空格。

如果机密是按照以下方式手动添加的:

---
apiVersion: v1
kind: Secret
metadata:
    name: test
    namespace: openshift-automation-service-broker
stringData:
    "test1": "test1"
    "test2": "test2"
    "test_multiline": |-
      -----BEGIN RSA PRIVATE KEY-----
      <FIRST LINE OF THE SSH KEY>
      <SECOND LINE OF THE SSH KEY>

Ansible Playbook捆绑包在加载机密YAML文件时会看到错误,就像它使用换行符来分隔机密一样:

ERROR! Syntax Error while loading YAML.
  could not find expected ':'
The error appears to have been in '/tmp/secrets': line 6, column 1, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
<FIRST LINE OF THE SSH KEY>
<SECOND LINE OF THE SSH KEY>
^ here

使用SSH密钥时,此问题非常令人沮丧。

您知道如何与Ansible Broker一起使用多行机密吗?

编辑:

我注意到Ansible Playbook Bundle代码似乎存在错误。

https://github.com/ansibleplaybookbundle/apb-base/blob/cc949ecfeee2e84bd626c73b4cbc54d496fc6738/files/usr/bin/entrypoint.sh#L48

for key in ${mounted_secrets} ; do
      for file in $(ls ${SECRETS_DIR}/${key}/..data); do
        echo "$file: $(cat ${SECRETS_DIR}/${key}/..data/${file})" >> /tmp/secrets
      done
done

从这段代码中可以看出,仅使用cat复制已安装的机密,而忽略了其中某些可能是多行字符串块的事实。

欢迎任何错误解决方法。

0 个答案:

没有答案