Hashicorp Vault通过Ansible开封错误

时间:2018-12-02 01:01:12

标签: ansible hashicorp-vault

我正在尝试通过Ansible部署Hashicorp Vault。我已经成功安装了它并进行了初始设置,并生成了5个解封密钥以及根令牌。但是,在尝试通过ansible解封时遇到错误。我尝试了各种方法来使其正常工作,但是每次遇到超时错误时,我都会尝试。我什至不能通过终端运行它,我得到同样的错误。以下是我尝试打开保险柜的所有不同方式:

方法1 

- name: unseal vault
  uri:
    url: "http://172.0.0.1:8200/v1/sys/unseal"
    method: PUT
    body: "{{ item }}"
    body_format: json
    return_content: yes
    status_code: 200
  become: no
  loop:
    - "{{ key3.stdout }}"
    - "{{ key4.stdout }}"
    - "{{ key5.stdout }}"

方法2:

 - name: unseal vault 1
   shell: |
     vault operator unseal {{ key4.stdout }} 
     vault operator unseal {{ key5.stdout }}
     vault operator unseal {{ key3.stdout }}
   environment:
     VAULT_ADDR: "http://172.0.0.1:8200"

方法3重复3次:

 - name: unseal the vault
   become: yes
   command: vault operator unseal {{ key4.stdout }}
   environment:
     VAULT_ADDR: "http://172.0.0.1:8200"

我已验证从文件中获取的键变量是正确的。

这是我为方法1遇到的错误

failed: [172.26.1.238] (item=2q2h3y6XsztNEToISMADvbZ5XOugvi7NMHkfiarQq8bN) => {"changed": false, "content": "", "item": "2q2h3y6XsztNEToISMADvbZ5XOugvi7NMHkfiarQq8bN", "msg": "Status code was -1 and not [200]: Request failed: <urlopen error timed out>", "redirected": false, "status": -1, "url": "http://172.0.0.1:8200/v1/sys/unseal"}

这是我在方法2中遇到的错误:

fatal: [172.26.1.238]: FAILED! => {"changed": true, "cmd": "vault operator unseal jwmGkN2O5t0JvAI2+82I9WAJuEL1PEG7sbkk8lmao+2B\n vault operator unseal 2q2h3y6XsztNEToISMADvbZ5XOugvi7NMHkfiarQq8bN\n vault operator unseal J74KbqOcqi6CBAB95PRy9kZF77Q7T2XAFWd7amQk1uP+", "delta": "0:01:30.078433", "end": "2018-12-02 00:53:45.609747", "msg": "non-zero return code", "rc": 2, "start": "2018-12-02 00:52:15.531314", "stderr": "Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout\nError unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout\nError unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout", "stderr_lines": ["Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/otimeout", "Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout", "Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout"], "stdout": "", "stdout_lines": []}

这是方法3的错误

fatal: [172.26.1.238]: FAILED! => {"changed": true, "cmd": ["vault", "operator", "unseal", "jwmGkN2O5t0JvAI2+82I9WAJuEL1PEG7sbkk8lmao+2B"], "delta": "0:00:30.025966", "end": "2018-12-02 00:58:28.997154", "msg": "non-zero return code", "rc": 2, "start": "2018-12-02 00:57:58.971188", "stderr": "Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout", "stderr_lines": ["Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout"], "stdout": "", "stdout_lines": []}

对我可能做错的事情有任何想法吗?我试图遵循一些在线指南以及来自GitHub的其他人的代码,但似乎没有任何效果。任何帮助将不胜感激

谢谢

1 个答案:

答案 0 :(得分:0)

所以这很尴尬,但是我认为这可能对尝试做同一件事的人有所帮助。因此,我可以肯定方法2可以肯定地起作用。其他人也可能工作,但我尚未测试它们。我要做的唯一更改就是将VAULT_ADDR值更改为127.0.0.1:8200,而不是172.0.0.1:8200。愚蠢的错误,但这花了我2天的时间才能解决。所以我希望其他人可以从中学到东西。

谢谢

相关问题
最新问题