将保险库密码传递给vagrants ansible_local provisioner

Question

将保险库密码传递给vagrants ansible_local provisioner

vagrantansiblevagrant-provisionansible-vault

7

我正在使用ansible_local provisioner来管理我的vagrant box。我的一些变量应该存储在保险库文件中。

虽然ansible provisioner提供了ask_vault_pass作为配置选项(https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass)，但是ansible_local却没有提供。

有什么解决方法吗？

- turbophi

3个回答

1

我建议采用另一种方法来解决sujoyu的答案，即在预配时要求用户输入保险库密码。这个答案也给了我启示。

Vagrant.configure(2) do |config|

  config.vm.box = "..."

  # Password Input Function
  class Password
    def to_s
      begin
      system 'stty -echo'
      print "Ansible Vault Password: "
      pass = URI.escape(STDIN.gets.chomp)
      ensure
      system 'stty echo'
      end
      print "\n"
      pass
    end
  end

  # Ask for vault password
  config.vm.provision "shell", env: {"VAULT_PASS" => Password.new}, inline: <<-SHELL
    echo "$VAULT_PASS" > /tmp/vault_pass
  SHELL

  # Run ansible provision
  config.vm.provision "ansible_local" do |ansible|

      ansible.playbook = "playbook.yml"
      ansible.vault_password_file = "/tmp/vault_pass"

  end

  # Delete temp vault password file
  config.vm.provision "shell", inline: <<-SHELL
    rm /tmp/vault_pass
  SHELL

end

- knixxo

0

对于vagrant版本2.2.9，使用ansible.vault_password_file会导致问题。

vault_password_file` does not exist on the host:

使用ask_vault_pass选项。

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.ask_vault_pass = true
      ...
    end
  end
end

- Javed

2

这在vagrant 2.2.19上无法工作：ansible local provisioner: The following settings shouldn't exist: ask_vault_pass。 - Amael H.

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- sujoyu · Accepted Answer

您可以使用 vault_password_file 选项。

1. 将密码输出到文件中

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.provision :shell, inline: "echo 'password' > /tmp/vault_pass"

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.vault_password_file = "/tmp/vault_pass"
      ...
    end
  end
end

2. 使用`.synced_folder`

创建vault_pass文件，如下所示。

mkdir provision
cd provision
echo password > vault_pass

以下是Vagrantfile文件。

Vagrant.configure(2) do |config|
  config.vm.box = '...'

  config.vm.synced_folder "./provision", "/provision", id: "ansible", owner: "vagrant", group: "vagrant", mount_options: ["dmode=775,fmode=664"]

  config.vm.define :controller do |machine|
    ...

    machine.vm.provision 'ansible_local' do |ansible|
      ...
      ansible.vault_password_file = "/provision/vault_pass"
      ...
    end
  end
end

将保险库密码传递给vagrants ansible_local provisioner

1. 将密码输出到文件中

2. 使用.synced_folder

2. 使用`.synced_folder`