如果没有设置保管库密码,如何跳过任务?

问题描述 投票:0回答:1

我们的剧本安装了私钥文件等:

- name: Install the deploy key
  copy:
    src: gitkey
    dest: ~/.ssh/gitkey
    mode: 0400

密钥很少改变,我们也很少添加新服务器。

密钥使用保管库加密,如果我们不指定密码(通过多种方法之一),任务将失败

fatal: [xxxx]: FAILED! => {"msg": "A vault password or secret must be specified to decrypt .../playbooks/roles/make-from-git/files/gitkey"} 
如果运行时没有可用的密码,我希望简单地“跳过”此任务。我该怎么做?

    
	

您可以在 


ansible

ansible-vault


1个回答




    
    
    

        

            

                

                    
0
投票

                    
                

            

        

        
 处使用 
include_vars
 并忽略当保管库密码可用时触发的错误:


---
- name: Test playbook
  hosts: localhost
  connection: local
  gather_facts: false
  tasks:
    - name: include secrets
      ansible.builtin.include_vars:
        file: secrets.yml
      register: include_secret_result
      failed_when: 'include_secret_result["failed"] and include_secret_result["message"] != "Attempting to decrypt but no vault secrets found"'

    - name: Some task
      ansible.builtin.debug:
        msg: "Some message"
      when: secret_var is defined


    

	



    

    


  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2024. All rights reserved.