ansible-vault

问题 I'm trying to figure out how to provide the following facilities to a Python script so that it can: Import Ansible Python modules Open up my defined ansible.cfg and read vault_password_file variable Read vault_password_file and temporarily store in a Python variable Decrypt a referenced Ansible vaulted file I found this code via google but it did not appear to work when I tried it: import ansible.utils bar = dict() bar = ansible.utils._load_vars_from_path("secrets.yml", results=bar, vault

问题 Hello I am trying to run the following playbook using the vault, but i can't seem to get it to work. Created an ansible vault file using: ansible-valut create group_vars/routers in there i had the following entries: ansible_ssh_user: admin ansible_ssh_pw: admin auth_pass: admin Then i had the following playbook: --- - hosts:routers gather_facts: true connection: local tasks: - name: show run ios_command: authorize: yes auth_pass: "{{ auth_pass }}" commands: - show run register: config When i

问题 I am trying (newbie) to setup a playbook, which will use lookup plugin to fetch secrets from vault (https://github.com/jhaals/ansible-vault), but it will fail on missing environment variables every time. Can anyone help? Thanks for the help. PS: token is for a test purposes There is condition in lookup module : url = os.getenv('VAULT_ADDR') if not url: raise AnsibleError('VAULT_ADDR environment variable is missing') Playbook: --- - hosts: localhost vars: vault1_env: VAULT_ADDR: https:/

问题 I am trying (newbie) to setup a playbook, which will use lookup plugin to fetch secrets from vault (https://github.com/jhaals/ansible-vault), but it will fail on missing environment variables every time. Can anyone help? Thanks for the help. PS: token is for a test purposes There is condition in lookup module : url = os.getenv('VAULT_ADDR') if not url: raise AnsibleError('VAULT_ADDR environment variable is missing') Playbook: --- - hosts: localhost vars: vault1_env: VAULT_ADDR: https:/

问题 I am trying to use the Alternative Directory Layout and ansible-vaults within. But when i run my playbook, variables which are vault encrypted could not resolve with that directory structure. So what iam doing wrong? I execute via: ansible-playbook -i inventories/inv/hosts playbooks/inv/invTest.yml --check --ask-vault Here is my structure: . ├── inventories │ ├── inv │ │ ├── group_vars │ │ │ ├── var.yml │ │ │ └── vault.yml │ │ └── hosts │ └── staging │ ├── group_vars │ │ ├── var.yml │ │ └──

问题 This question already has an answer here : Ansible with “Alternative Directory Layout” and using vaults (1 answer) Closed 2 years ago . I am trying to use ansible-vault to secure a single Windows login password. I do not want to place hte password as plain text in my windows.yml file (see below) and so I am trying to use ansible-vault to secure/encrypt this password. I have this directory structure: myansiblehome - windows_manage - group_vars - windows.yml - vault - hosts - win_playbook.yml

问题 In using Ansible, I'm trying to use a vaulted vars file to store private variables, and then using those in another vars file, in the same role. (The idea from 'Vault Pseudo leaf encryption' here.) e.g. I have one standard vars file, roles/myrole/vars/main.yml : --- my_variable: '{{ my_variable_vaulted }}' and then one which is encrypted, roles/myrole/vars/vaulted_vars.yml : --- my_variable_vaulted: 'SECRET!' But when I run the playbook I always get '"ERROR! ERROR! 'my_variable_vaulted' is

问题 Is there a way to access the vault password as a variable in an Ansible playbook? I am looking for something like this: --- debug: var=ansible_vault_password 回答1: I ended up solving this by copying the local vault password file to the server. The task to do that looks like that: - name: setup ansible vault password file copy: src: /path/to/local/vault_pass dest: /root/.vault_pass mode: 0600 owner: root group: root And then the root user will execute the ansible-pull command. 回答2: Try to save

问题 I really love using ansible-vault on the command-line to encrypt/decrypt files easily. For example if I have a plaintext file called ~/fizzbuzz.foo with the following contents: bupo I can use this tool like so: ansible-vault encrypt ~/fizzbuzz.foo New Vault password: 123 Confirm New Vault password: 123 Boom -- encrypted! When I vi ~/fizzbuzz.foo now: $ANSIBLE_VAULT;1.1;AES256 36663138613666623730653164333138343133383233313562363733346461663334393932393461

问题 Here is what I have, I know this works without encryption and I can run ansible-vault edit common.yml with ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt set in the env. from collections import namedtuple from ansible.parsing.dataloader import DataLoader from ansible.vars import VariableManager from ansible.inventory import Inventory from ansible.playbook import Playbook from ansible.executor.playbook_executor import PlaybookExecutor variable_manager = VariableManager() loader = DataLoader()