要在 awx 中创建凭证,我们需要使用 awx.awx 集合。 我们处理一个 yaml 文件,该文件作为模板读入并使用 jinja2 渲染。 然后应该使用 set_facts 将 yaml 代码读入 playbook。
我们在 j2 文件中有 YAML 代码,我们希望通过 ansible.builtin.set_fact 在剧本中使用它。
这里是 j2-yml 文件:vars/Credentials.yml.j2:
{% filter from_yaml %}
################################################################
# credential_type: Source Control
################################################################
vars_credentials:
all:
- name: 'CRED_GIT_myuser'
description: 'Git-User myuser at Git-Projekt'
credential_type: Source Control
organization: myorg
state: 'present'
inputs:
ssh_key_data: '{{ lookup("file", "ssh/id_rsa_myuser") }}'
ssh_key_unlock: 'AxxxxxxZ'
################################################################
{% endfilter %}
在剧本中:
- name: "read vars/Credentials.yml.j2 as template"
ansible.builtin.set_fact:
Q: "{{ lookup('template', 'vars/Credentials.yml.j2') }}"
- name: "Show all from vars_credentials at vars/Credentials.yml.j2"
debug:
msg: "{{ q }}"
loop: "{{ Q.vars_credentials.all | list }}"
loop_control:
loop_var: q
不幸的是,私钥在这个过程中被jinja2修改得相当奇怪,以至于无法使用。
调试输出:
9│res:
10│ changed: false
11│ msg: All items completed
12│ results:
13│ - _ansible_item_label:
14│ credential_type: Source Control
16│ inputs:
17│ ssh_key_data: '-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxyeXB0AAAAGAAAABBBAIRG5X
18│ j8cgfTvYng0xxxxxxxxxxxxxxxxxxxxxxxxxxxxC1yc2EAAAADAQABAAABAQDDy4V/plIV MdHT/z2y1q3jZufbItSaidxxxxxxxxxxxxxxxxxxxxxxxxxxMBARgliFHUAtcAj1o803aR/
19│ +uuhIFkmoWlA9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxCYZU5w5SOHivms52LsY3SSwNI MkrETTmdy6XAZQ4FR/Wv6cxxxxxxxxxxxxxxxxxxxxxxfL7QrIR+GYGwFEvCIBsM4F+fQcq
20│ hL9JAnxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpWPDJWVggKAOwhngeQsNO3YwmSc2z5U//q pv7s6LdpSbywwd3oYfxxxxxxxxxxxxxxxxxxxxxxxxxxxxipvv6RAAADwP8dgtVN9CIO0g
21│ NXVbZpmEFxxxxxxxxxxxxxxxxxxxxxxxxfeuGdLbMLOY3Xfl250GvmEnIlXDxUG8uHeJA5 URIwWauCHwtFQNnRSJcuupn5/Ft9+pGxxxxxxxxxxxxxxxxmgUy91sVSyLOnBuzunY4kzL
22│ 9RZ1SwJ3CEcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxqlEc1csJbtt5qzlO7eUS+DWigs9 k5O9SfkIVk1KDNRITXzD/Cnk3Z6c9e4mxxxxxxxxxxxxxxxxxxxxAItT1dKi3tXHfZiQKE
23│ yqzZnEXU3JpN6xxxxxxxxxxxxxxxxxxxxxxPLzIyKl2QcNgdcn0drbxlNYJ/3hTnHjZf2c 9ltngGogUC85tvQsUxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxDEDLxPR/N2el7qbNIuoEV
24│ +VisxQ5G+QGJTH0xxxxxxxxxxxxxxxxxxxxxxx5TYE2DmMTj9YGQ/HYUWizAdq30lZH3qL L/gKPKqKK7Pxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5iiL9OnlWxEoiO4w
25│ kJZ7ls9Vfxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp5GPp+55SozE/ohoQBPMtNLq u+gUKTmG1ncGWL+RiGFXr5vQFsnMvD+xnT/0sIvrtC39a9pgdoPTh4/YXK4gpp1ObCzior
26│ RSBInYjnIsCDRJ5ZJ6rTmKzPIns19qZFuiPmwGBUcytPiwyTyS3axhoCwzS4bIKbMQEI3j TtBb/1ft5Nn7KwaX969FCFDSBYaf6jc0nBdQywj+mVCUdM/CsVTpqjjAD1afmhNGcUMDna
27│ wPZL3Lu6WIL3lUPCMwVYOUVIyvci3SZz4bo478xmBlKf/lWPndno9XmblIjvtwXU6+X0fq N3864XSmnx33E6HOaqCs0+Z34dLzFFevc9jntVGXVGC6QB4ubPDscBvLNGK8bbzVrKo0go
28│ +QhNfvfPEIagzFD2YEqn0RNwCQDPBVhHi9h1zl0eoKjvEtpUVlFItBHQdG82kYErgeNZPr kxh66UXsumzpwFs3TMsNZS1hFQCeHmn3FnbD8TmhldJnRCuBZMsTwiMcddaFv+ycZcneMx
29│ ZRQH3V+Ovf2MJFN+TE7rMfnPSNp/Dw4qEQTCjIr9AVDbfThJ1Asf96PqplalkOFPaYbIGc LJVRaTo1BJ5JQ4tVYgN0E0pBl9SwP8vGCzdyJ8uizfbOl8PiCRSm6oUcH6AmVT7eOMk3VT
30│ koM6Dw9Q== -----END OPENSSH PRIVATE KEY-----'
31│ ssh_key_unlock: AxxxxxxZ
如何防止 jinja2 破坏密钥?
也许我不明白你的初衷,但我假设你实际上想加载凭据列表并像这样迭代它:
# vars/credentials.yml
---
vars_credentials:
all:
- name: 'CRED_GIT_myuser'
description: 'Git-User myuser at Git-Projekt'
credential_type: Source Control
organization: myorg
state: 'present'
inputs:
ssh_key_data: '{{ lookup("file", "ssh/id_rsa_myuser") }}'
ssh_key_unlock: 'AxxxxxxZ'
# playbook.yaml
---
- name: Create the credentials
hosts: localhost
connection: local
vars_files:
- vars/credentials.yml
tasks:
- name: Create a valid SCM credential from a private_key file
credential:
name: "{{ item.name }}"
description: "{{ item.description }}"
organization: "{{ item.organization }}"
state: "{{ item.state }}"
credential_type: "{{ item.credential_type }}"
inputs:
ssh_key_data: "{{ item.ssh_key_data }}"
ssh_key_unlock: "{{ item.ssh_key_unlock }}"
loop: "{{ vars_credentials.all }}"