首页 文章

从jenkinsfile启动包含vault文件引用的Ansible playbook

提问于
浏览
1

我有一个Jenkins文件试图启动一个Ansible playbook,它引用了一个存储在Ansible库加密文件中的参数 .

Ansible安装在2.4.0.0版本中

这是我的jenkins文件的片段:

withCredentials([[$class: 'StringBinding', credentialsId: 'vault_token', variable: 'VAULT_TOKEN']]) {

                    ansiblePlaybook(
                            playbook: "./ansible/playbooks/deploy.yml",
                            inventory: "./ansible/hosts/hosts",
                            credentialsId: "$VAULT_TOKEN"
                }

还有剧本:

---
- hosts: managers
  become: true
  tasks:
  - include_vars: ../vaults/passwords.yml
  - name: Log into Docker repository
    docker_login:
      registry: my.registry.org
      username: "{{ reg_user }}"
      password: "{{ reg_password }}"

此剧集包括包含加密值的Vault文件 . 当Jenkins执行Jenkins文件时,我收到以下错误: Attempting to decrypt but no vault secrets found

为什么ansible不使用我在Jenkins文件中传递给他的credentialId,传递这个凭证的好方法是什么?

jenkins ansible jenkins-pipeline ansible-2.x ansible-vault

2 回答

  • 0

    尝试以下方法

    withCredentials([file(credentialsId: 'vault_token', variable: 'VAULT_TOKEN')]) {
        ansiblePlaybook colorized: true, credentialsId: '', forks: 10, inventory: 'ansible/hosts/hosts', limit: '', playbook: 'ansible/playbooks/deploy.yml', sudoUser: null, extras: "--vault-password-file ${VAULT_TOKEN}"
        }

    你需要添加

    extras:“ - default-password-file $

    并将credentialsId留空 .

    回复于
  • 0

    • 请使用'vaultCredentialsId'而不是'credentialsId'作为保险库令牌 .

    • 删除'withCredentials'部分并直接写入类似于VaultCredentialsId:'vault_token' Ansible Plugin link

    回复于

相关问题