根据Ansible Configuration Settings的文档,我们可以将ansible.cfg放在我们正在处理的项目的当前目录中,Ansible将按照上面的链接中指定的顺序搜索配置文件。
但是,ansible似乎无法正确解析我的项目目录中的ansible.cfg文件。我不确定,但我认为必须与Ini ConfigParser一起使用
ansible 2.6.3
config file = /Users/pnotes/Code/Terraform/Blog/ansible/ansible.cfg
configured module search path = ['/Users/pnotes/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/pnotes/.pyenv/versions/3.6.4/lib/python3.6/site-packages/ansible
executable location = /Users/pnotes/.pyenv/versions/3.6.4/bin/ansible
python version = 3.6.4 (default, Feb 26 2018, 21:07:35) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
“ ansible-config dump --only-changed”的输出
Error reading config file (/Users/pnotes/Code/Terraform/Blog/terraform/ansible.cfg): File contains no section headers.
file: '/Users/pnotes/Code/Terraform/Blog/terraform/ansible.cfg', line: 3
'vault_password_file = ~/.vault_pass.txt\n'
macOS High Sierra
目录布局:
- project_dir
- terraform
- ansible.cfg
- base.tf
- terraform.tfvars
- variables.tfvars
- ansible
- roles
- user
- tasks
- main.yml
- vars
- creds.yml
- provison.yml
注意:在角色目录中,执行一个确保已加密文件的任务(角色/用户/vars/creds.yml)
terraform/ansible.cfg的内容:
# If set, configures the path to the Vault password file as an
# alternative to specifying --vault-password-file on the command
# line.
vault_password_file = ~/.vault_pass.txt
n
运行Terraform(terraform init && terraform apply最终通过local-exec调用ansible:
provisioner "local-exec" {
command = "sleep 30; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --ask-pass -i '${linode_linode.base.ip_address},' ../ansible/provision.yml --extra-vars 'ip=${linode_linode.base.ip_address}' -vvvv"
}
注意:注释为project_directory/terraform/ansible.cfg时,ansible使用~/.ansible.cfg并能够解密加密的文件。
我希望剧本使用项目目录中配置文件(ansible.cfg)中提供的路径中存储的ansible Vault密码来解密所有加密的var。
实际结果我收到以下错误:
terraform init && terraform apply
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "null" (1.0.0)...
- Downloading plugin for provider "template" (1.0.0)...
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
<= data.template_file.hosts
id: <computed>
rendered: <computed>
template: "[public]\n${api_public}\n"
vars.%: <computed>
+ linode_linode.base
id: <computed>
disk_expansion: "false"
group: "Test-group"
helper_distro: "true"
image: "Ubuntu 16.04 LTS"
ip_address: <computed>
kernel: "Latest 64 bit"
manage_private_ip_automatically: "true"
name: "Test"
plan_storage: <computed>
plan_storage_utilized: <computed>
private_ip_address: <computed>
region: "Newark, NJ, USA"
root_password: "QLWOVauEwNxWGbj2ErWF9vFYIXsxW/2duL/og8gtV84="
size: "1024"
ssh_key: "Gb4DfTd6icrN49GevRjx+9IwmSgVVCLU8WjL0PY2p0s="
status: <computed>
swap_size: "512"
+ null_resource.hosts
id: <computed>
triggers.%: <computed>
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
linode_linode.base: Creating...
disk_expansion: "" => "false"
group: "" => "Test-group"
helper_distro: "" => "true"
image: "" => "Ubuntu 16.04 LTS"
ip_address: "" => "<computed>"
kernel: "" => "Latest 64 bit"
manage_private_ip_automatically: "" => "true"
name: "" => "Test"
plan_storage: "" => "<computed>"
plan_storage_utilized: "" => "<computed>"
private_ip_address: "" => "<computed>"
region: "" => "Newark, NJ, USA"
root_password: "" => "QLWOVauEwNxWGbj2ErWF9vFYIXsxW/2duL/og8gtV84="
size: "" => "1024"
ssh_key: "" => "Gb4DfTd6icrN49GevRjx+9IwmSgVVCLU8WjL0PY2p0s="
status: "" => "<computed>"
swap_size: "" => "512"
linode_linode.base: Still creating... (10s elapsed)
linode_linode.base: Still creating... (20s elapsed)
linode_linode.base: Still creating... (30s elapsed)
linode_linode.base: Still creating... (40s elapsed)
linode_linode.base: Still creating... (50s elapsed)
linode_linode.base: Provisioning with 'remote-exec'...
linode_linode.base (remote-exec): Connecting to remote host via SSH...
linode_linode.base (remote-exec): Host: 172.104.29.185
linode_linode.base (remote-exec): User: root
linode_linode.base (remote-exec): Password: true
linode_linode.base (remote-exec): Private key: false
linode_linode.base (remote-exec): SSH Agent: true
linode_linode.base (remote-exec): Checking Host Key: false
linode_linode.base: Still creating... (1m0s elapsed)
linode_linode.base (remote-exec): Connecting to remote host via SSH...
linode_linode.base (remote-exec): Host: 172.104.29.185
linode_linode.base (remote-exec): User: root
linode_linode.base (remote-exec): Password: true
linode_linode.base (remote-exec): Private key: false
linode_linode.base (remote-exec): SSH Agent: true
linode_linode.base (remote-exec): Checking Host Key: false
linode_linode.base (remote-exec): Connected!
linode_linode.base (remote-exec): foo
linode_linode.base: Provisioning with 'local-exec'...
linode_linode.base (local-exec): Executing: ["/bin/sh" "-c" "sleep 30; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --ask-pass -i '172.104.29.185,' ../ansible/provision.yml --extra-vars 'ip=172.104.29.185' -vvvv"]
linode_linode.base: Still creating... (1m10s elapsed)
linode_linode.base: Still creating... (1m20s elapsed)
linode_linode.base: Still creating... (1m30s elapsed)
linode_linode.base (local-exec): Error reading config file (/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg): File contains no section headers.
linode_linode.base (local-exec): file: '/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg', line: 3
linode_linode.base (local-exec): 'vault_password_file = ~/.vault_pass.txt\n'
Error: Error applying plan:
1 error(s) occurred:
* linode_linode.base: Error running command 'sleep 30; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --ask-pass -i '172.104.29.185,' ../ansible/provision.yml --extra-vars 'ip=172.104.29.185' -vvvv': exit status 5. Output: Error reading config file (/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg): File contains no section headers.
file: '/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg', line: 3
'vault_password_file = ~/.vault_pass.txt\n'
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
有人可以解释为什么我继续收到错误信息** exit status 5. Output: Error reading config file (/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg): File contains no section headers.
/etc/ansible.cfg文件的信息,但似乎无法对其进行跟踪(我以有限的容量使用python,因此这可能就是为什么我很难过的原因这个)真的会很感激。
答案 0 :(得分:1)
ansible.cfg分为标头为[section_name]的部分。与大多数配置选项一样,vault_password_file选项属于[defaults]部分,因此您的ansible.cfg必须看起来像:
[defaults]
vault_password_file = ~/.vault_pass.txt