根据Ansible Configuration Settings的文档,我们可以将ansible.cfg
放在我们正在处理的项目的当前目录中,Ansible将按照上面链接中指定的顺序搜索配置文件。
但是,似乎ansible无法正确解析项目目录中的ansible.cfg
文件。我不确定,但我认为必须与Ini ConfigParser合作
ansible 2.6.3
config file = /Users/pnotes/Code/Terraform/Blog/ansible/ansible.cfg
configured module search path = ['/Users/pnotes/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/pnotes/.pyenv/versions/3.6.4/lib/python3.6/site-packages/ansible
executable location = /Users/pnotes/.pyenv/versions/3.6.4/bin/ansible
python version = 3.6.4 (default, Feb 26 2018, 21:07:35) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
输出“ansible-config dump --only-changed”
Error reading config file (/Users/pnotes/Code/Terraform/Blog/terraform/ansible.cfg): File contains no section headers.
file: '/Users/pnotes/Code/Terraform/Blog/terraform/ansible.cfg', line: 3
'vault_password_file = ~/.vault_pass.txt\n'
macOS High Sierra
目录布局:
- project_dir
- terraform
- ansible.cfg
- base.tf
- terraform.tfvars
- variables.tfvars
- ansible
- roles
- user
- tasks
- main.yml
- vars
- creds.yml
- provison.yml
注意:在角色目录中,有一个确保加密文件的任务(roles / user / vars / creds.yml)
terraform/ansible.cfg
的内容:
# If set, configures the path to the Vault password file as an
# alternative to specifying --vault-password-file on the command
# line.
vault_password_file = ~/.vault_pass.txt
n
运行terraform(terraform init && terraform apply
最终通过local-exec调用ansible:
provisioner "local-exec" {
command = "sleep 30; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --ask-pass -i '${linode_linode.base.ip_address},' ../ansible/provision.yml --extra-vars 'ip=${linode_linode.base.ip_address}' -vvvv"
}
注意:当project_directory/terraform/ansible.cfg
被注释掉时,ansible使用~/.ansible.cfg
并且能够解密加密文件。
我希望playbook使用保存在项目目录中提供的配置文件(ansible.cfg)中提供的路径中的ansible vault密码来解密所有加密的变量。
ACTUAL RESULTS我收到以下错误:
terraform init && terraform apply
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "null" (1.0.0)...
- Downloading plugin for provider "template" (1.0.0)...
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
<= data.template_file.hosts
id: <computed>
rendered: <computed>
template: "[public]\n${api_public}\n"
vars.%: <computed>
+ linode_linode.base
id: <computed>
disk_expansion: "false"
group: "Test-group"
helper_distro: "true"
image: "Ubuntu 16.04 LTS"
ip_address: <computed>
kernel: "Latest 64 bit"
manage_private_ip_automatically: "true"
name: "Test"
plan_storage: <computed>
plan_storage_utilized: <computed>
private_ip_address: <computed>
region: "Newark, NJ, USA"
root_password: "QLWOVauEwNxWGbj2ErWF9vFYIXsxW/2duL/og8gtV84="
size: "1024"
ssh_key: "Gb4DfTd6icrN49GevRjx+9IwmSgVVCLU8WjL0PY2p0s="
status: <computed>
swap_size: "512"
+ null_resource.hosts
id: <computed>
triggers.%: <computed>
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
linode_linode.base: Creating...
disk_expansion: "" => "false"
group: "" => "Test-group"
helper_distro: "" => "true"
image: "" => "Ubuntu 16.04 LTS"
ip_address: "" => "<computed>"
kernel: "" => "Latest 64 bit"
manage_private_ip_automatically: "" => "true"
name: "" => "Test"
plan_storage: "" => "<computed>"
plan_storage_utilized: "" => "<computed>"
private_ip_address: "" => "<computed>"
region: "" => "Newark, NJ, USA"
root_password: "" => "QLWOVauEwNxWGbj2ErWF9vFYIXsxW/2duL/og8gtV84="
size: "" => "1024"
ssh_key: "" => "Gb4DfTd6icrN49GevRjx+9IwmSgVVCLU8WjL0PY2p0s="
status: "" => "<computed>"
swap_size: "" => "512"
linode_linode.base: Still creating... (10s elapsed)
linode_linode.base: Still creating... (20s elapsed)
linode_linode.base: Still creating... (30s elapsed)
linode_linode.base: Still creating... (40s elapsed)
linode_linode.base: Still creating... (50s elapsed)
linode_linode.base: Provisioning with 'remote-exec'...
linode_linode.base (remote-exec): Connecting to remote host via SSH...
linode_linode.base (remote-exec): Host: 172.104.29.185
linode_linode.base (remote-exec): User: root
linode_linode.base (remote-exec): Password: true
linode_linode.base (remote-exec): Private key: false
linode_linode.base (remote-exec): SSH Agent: true
linode_linode.base (remote-exec): Checking Host Key: false
linode_linode.base: Still creating... (1m0s elapsed)
linode_linode.base (remote-exec): Connecting to remote host via SSH...
linode_linode.base (remote-exec): Host: 172.104.29.185
linode_linode.base (remote-exec): User: root
linode_linode.base (remote-exec): Password: true
linode_linode.base (remote-exec): Private key: false
linode_linode.base (remote-exec): SSH Agent: true
linode_linode.base (remote-exec): Checking Host Key: false
linode_linode.base (remote-exec): Connected!
linode_linode.base (remote-exec): foo
linode_linode.base: Provisioning with 'local-exec'...
linode_linode.base (local-exec): Executing: ["/bin/sh" "-c" "sleep 30; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --ask-pass -i '172.104.29.185,' ../ansible/provision.yml --extra-vars 'ip=172.104.29.185' -vvvv"]
linode_linode.base: Still creating... (1m10s elapsed)
linode_linode.base: Still creating... (1m20s elapsed)
linode_linode.base: Still creating... (1m30s elapsed)
linode_linode.base (local-exec): Error reading config file (/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg): File contains no section headers.
linode_linode.base (local-exec): file: '/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg', line: 3
linode_linode.base (local-exec): 'vault_password_file = ~/.vault_pass.txt\n'
Error: Error applying plan:
1 error(s) occurred:
* linode_linode.base: Error running command 'sleep 30; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --ask-pass -i '172.104.29.185,' ../ansible/provision.yml --extra-vars 'ip=172.104.29.185' -vvvv': exit status 5. Output: Error reading config file (/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg): File contains no section headers.
file: '/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg', line: 3
'vault_password_file = ~/.vault_pass.txt\n'
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
有人可以解释为什么我一直得到错误** exit status 5. Output: Error reading config file (/Users/pnotes/Code/Terraform/Test/terraform/ansible.cfg): File contains no section headers.
/etc/ansible.cfg
文件的信息,但似乎无法跟踪它(我在有限的容量中使用python,所以这可能就是为什么我很难用这个)真的很感激。
ansible.cfg
应该被分成具有[section_name]
形式的标题的部分。与大多数配置选项一样,vault_password_file
选项属于[defaults]
部分,所以你的ansible.cfg
需要看起来像:
[defaults]
vault_password_file = ~/.vault_pass.txt