问题描述
我正在尝试使用备用目录布局和内部的ansible-Vault.但是,当我运行剧本时,使用库加密的变量无法使用该目录结构解析.那我做错了什么?
I am trying to use the Alternative Directory Layout and ansible-vaults within.But when i run my playbook, variables which are vault encrypted could not resolve with that directory structure. So what iam doing wrong?
我通过以下方式执行:
ansible-playbook -i inventories/inv/hosts playbooks/inv/invTest.yml --check --ask-vault
这是我的结构:
.
├── inventories
│ ├── inv
│ │ ├── group_vars
│ │ │ ├── var.yml
│ │ │ └── vault.yml
│ │ └── hosts
│ └── staging
│ ├── group_vars
│ │ ├── var.yml
│ │ └── vault.yml
│ └── hosts
├── playbooks
│ ├── staging
│ │ └── stagingTest.yml
│ └── inv
│ ├── invTest.retry
│ └── invTest.yml
└── roles
├── basic-linux
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ └── main.yml
├── test
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ └── main.yml
└── webserver
├── defaults
│ └── main.yml
├── files
├── handler
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
这是我的主机文件(inventories/inv/hosts):
this is my hosts file (inventories/inv/hosts):
[inv]
testvm-01 ansible_ssh_port=22 ansible_ssh_host=172.16.0.101 ansible_ssh_user=root
testvm-02 ansible_ssh_port=22 ansible_ssh_host=172.16.0.102 ansible_ssh_user=root
剧本(playbooks/inv/invTest.yml):
---
- name: this is test
hosts: inv
roles:
- { role: ../../roles/test }
...
使用库加密的var(roles/test/tasks/main.yml)的角色:
role which uses the vault encrypted var (roles/test/tasks/main.yml):
---
- name: create test folder
file:
path: "/opt/test/{{ app_user }}/"
state: directory
owner: "{{ default_user }}"
group: "{{ default_group }}"
mode: 2755
recurse: yes
...
指向库的var(清单/inv/group_vars/var.yml):
var which points to vault (inventories/inv/group_vars/var.yml):
---
app_user: '{{ vault_app_user }}'
app_pass: '{{ vault_app_pass }}'
...
保管库文件(ansible-vault edit inventories/inv/group_vars/vault.yml):
vault_app_user: itest
vault_app_pass: itest123
iam收到的错误消息是这样的:
The error message iam getting is something like this:
推荐答案
您在存储在group_vars文件夹中的名为var.yml的文件中定义变量app_user.
You define variable app_user in a file called var.yml stored in group_vars folder.
在执行行中,将inventories/inv/hosts指向库存目录.
In your execution line you point to the inventories/inv/hosts as your inventory directory.
在此路径中使用什么字符串都没有关系-从Ansible的角度来看,它只能看到:
It doesn't matter what strings you used in this path -- from Ansible's point of view it sees only:
hosts
group_vars
├── var.yml
└── vault.yml
对于名为var的主机组,它将读取var.yml,对于名为vault的主机组,其将读取vault.yml.
It will read var.yml for a host group called var and vault.yml for a host group called vault.
以您的情况为准-永远不会.
In your case -- never.
您可能想以这种方式组织文件:
You likely wanted to organise your files this way:
inventories
└── production
├── group_vars
│ └── inv
│ ├── var.yml
│ └── vault.yml
└── hosts
这样,将为组inv中的主机读取group_vars/inv中的文件.
This way, files in group_vars/inv will be read for hosts in group inv.
这篇关于可以与“备用目录布局"一起使用;并使用保管库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!