从AWS密钥管理器查找密钥| Ansible
从AWS密钥管理器查找密钥| Ansible
提问于 2019-04-24 10:11:35
使用Terraform代码,我在AWS Secrets Manager中创建了Other type of secrets。我需要在Ansible代码中使用这些AWS秘密。我在下面找到了这个链接,但我无法继续。
https://docs.ansible.com/ansible/2.8/plugins/lookup/aws_secret.html
我有下面的Ansible代码:
database.yml
- name: Airflow | DB | Create MySQL DB
mysql_db:
login_user: "{{ mysql_user }}"
# login_password: "{{ mysql_root_password }}"
login_password: "{{ lookup('ca_dev', 'mysql_root_password') }}"
# config_file: /etc/my.cnf
# login_unix_socket: /var/lib/mysql/mysql.sock
# encrypted: yes
name: "airflow"
state: "present"如何在我的ansible代码中加入AWS secret Manager?
错误消息:-
TASK [../../roles/airflow : Airflow | DB | Create MySQL DB] **************************************************************************************************************************************************************************
task path: /home/ec2-user/cng-ansible/roles/airflow/tasks/database.yml:25
The full traceback is:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 140, in run
res = self._execute()
File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 539, in _execute
self._task.post_validate(templar=templar)
File "/usr/lib/python2.7/site-packages/ansible/playbook/task.py", line 267, in post_validate
super(Task, self).post_validate(templar)
File "/usr/lib/python2.7/site-packages/ansible/playbook/base.py", line 364, in post_validate
value = templar.template(getattr(self, name))
File "/usr/lib/python2.7/site-packages/ansible/template/__init__.py", line 540, in template
disable_lookups=disable_lookups,
File "/usr/lib/python2.7/site-packages/ansible/template/__init__.py", line 495, in template
disable_lookups=disable_lookups,
File "/usr/lib/python2.7/site-packages/ansible/template/__init__.py", line 746, in do_template
res = j2_concat(rf)
File "<template>", line 8, in root
File "/usr/lib/python2.7/site-packages/jinja2/runtime.py", line 193, in call
return __obj(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/ansible/template/__init__.py", line 631, in _lookup
instance = self._lookup_loader.get(name.lower(), loader=self._loader, templar=self)
File "/usr/lib/python2.7/site-packages/ansible/plugins/loader.py", line 381, in get
obj = getattr(self._module_cache[path], self.class_name)
AttributeError: 'module' object has no attribute 'LookupModule'
fatal: [127.0.0.1]: FAILED! => {
"msg": "Unexpected failure during module execution.",
"stdout": ""
}
RUNNING HANDLER [../../roles/airflow : restart rabbitmq-server]
task path: /home/ec2-user/cng-ansible/roles/airflow/handlers/main.yml:28
to retry, use: --limit @/home/ec2-user/cng-ansible/plays/airflow/installAirflow.retry
PLAY RECAP
127.0.0.1 : ok=39 changed=7 unreachable=0 failed=1ansible-doc -t lookup -l输出
回答 1
Stack Overflow用户
发布于 2019-04-25 13:49:21
错误{"msg": "lookup plugin (ca_dev) not found"}表明您的问题是误用了lookup命令。
下面这行代码:
login_password: "{{ lookup('ca_dev', 'mysql_root_password') }}"应该看起来像这样
login_password: "{{ lookup('aws_secret', 'mysql_root_password') }}"ca_dev不是有效的查找类型,而aws_secret是。
你可以在官方文档的Lookup Plugins部分看到Ansible 2.8支持的查找插件的列表。
如果您正在使用自定义查找插件,或者将插件从ansible的未来版本反向移植到旧版本,则必须确保它位于ansible可见的目录中。
您可以将自定义文件放置在~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup中的默认位置,也可以使用以下lookup_plugins ini键在defaults部分下配置ansible.cfg以在不同的位置进行查找。
DEFAULT_LOOKUP_PLUGIN_PATH
Description: Colon separated paths in which Ansible will search for Lookup Plugins.
Type: pathspec
Default: ~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup
Ini Section: defaults
Ini Key: lookup_plugins
Environment: ANSIBLE_LOOKUP_PLUGINS这方面的文档可以在官方文档的Ansible Configuration部分找到
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/55827575
复制相关文章
相似问题
App Store Connect API请求销售报告
在App购买金额中- App Store Connect API
正在为App Store Connect API生成令牌
App Store Connect - In-App购买-等待加载
App Store Connect API上次上载的内部版本和编号
添加站长 进交流群
领取专属 10元无门槛券
AI混元助手 在线答疑
关注 腾讯云开发者公众号
洞察 腾讯核心技术
剖析业界实践案例
腾讯云开发者
