1. 技术文章
  2. How to run playbook api in Ansible with vault

How to run playbook api in Ansible with vault

早过忘川 提交于 2020-03-15 17:54:32

问题


I have a playbook with vault, and I can run it through:

ansible-playbook info.yml --ask-vault-pass

Now, I want to run my playbook api in Ansible. The answer in How to run playbook api in Ansible v2 with vault said that we can set 

loader = DataLoader()
loader.set_vault_password('mypass')

in 2.2.0.0 API, and I also set these in my api,but it doesn't work. The error message is as follows:

Traceback (most recent call last):
  File "test2.py", line 63, in <module>
    playbook.run()
  File "/usr/lib/python2.7/site-packages/ansible/executor/playbook_executor.py", line 82, in run
    pb = Playbook.load(playbook_path, variable_manager=self._variable_manager, loader=self._loader)
  File "/usr/lib/python2.7/site-packages/ansible/playbook/__init__.py", line 54, in load
    pb._load_playbook_data(file_name=file_name, variable_manager=variable_manager)
  File "/usr/lib/python2.7/site-packages/ansible/playbook/__init__.py", line 78, in _load_playbook_data
    ds = self._loader.load_from_file(os.path.basename(file_name))
  File "/usr/lib/python2.7/site-packages/ansible/parsing/dataloader.py", line 130, in load_from_file
    (b_file_data, show_content) = self._get_file_contents(file_name)
  File "/usr/lib/python2.7/site-packages/ansible/parsing/dataloader.py", line 206, in _get_file_contents
    data = self._vault.decrypt(data, filename=b_file_name)
  File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 561, in decrypt
    plaintext, vault_id = self.decrypt_and_get_vault_id(vaulttext, filename=filename)
  File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 617, in decrypt_and_get_vault_id
    _matches = match_secrets(self.secrets, vault_id_matchers)
  File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 456, in match_secrets
    matches = [(vault_id, secret) for vault_id, secret in secrets if vault_id in target_vault_ids]
ValueError: need more than 1 value to unpack

Then I change the 

loader.set_vault_password('mypass')

to 

loader.set_vault_secrets([('default','mypass')])

But it doesn't work either. The error message is:

Traceback (most recent call last):
  File "test2.py", line 63, in <module>
    playbook.run()
  File "/usr/lib/python2.7/site-packages/ansible/executor/playbook_executor.py", line 82, in 
    pb = Playbook.load(playbook_path, variable_manager=self._variable_manager, loader=self._l
  File "/usr/lib/python2.7/site-packages/ansible/playbook/__init__.py", line 54, in load
    pb._load_playbook_data(file_name=file_name, variable_manager=variable_manager)
  File "/usr/lib/python2.7/site-packages/ansible/playbook/__init__.py", line 78, in _load_pla
    ds = self._loader.load_from_file(os.path.basename(file_name))
  File "/usr/lib/python2.7/site-packages/ansible/parsing/dataloader.py", line 130, in load_fr
    (b_file_data, show_content) = self._get_file_contents(file_name)
  File "/usr/lib/python2.7/site-packages/ansible/parsing/dataloader.py", line 206, in _get_fi
    data = self._vault.decrypt(data, filename=b_file_name)
  File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 561, in dec
    plaintext, vault_id = self.decrypt_and_get_vault_id(vaulttext, filename=filename)
  File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 638, in dec
    b_plaintext = this_cipher.decrypt(b_vaulttext, vault_secret)
  File "/usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 1344, in de
    b_password = secret.bytes
AttributeError: 'str' object has no attribute 'bytes'

I try to change the line

b_password = secret.bytes

in file /usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py to 

b_password = secret

then the api works normally. But I think it's not a good way to basically solve my problem.


回答1:


Use VaultSecret class instead of string password:

from ansible.module_utils._text import to_bytes
from ansible.parsing.vault import VaultSecret

loader.set_vault_secrets([('default',VaultSecret(_bytes=to_bytes('123456')))])


来源:https://stackoverflow.com/questions/48293226/how-to-run-playbook-api-in-ansible-with-vault

标签
python
ansible
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!