我有一个Jenkins文件试图启动一个Ansible playbook,它引用了一个存储在Ansible库加密文件中的参数。
Ansible安装在2.4.0.0版本中
这是我的jenkins文件的片段:
withCredentials([[$class: 'StringBinding', credentialsId: 'vault_token', variable: 'VAULT_TOKEN']]) {
ansiblePlaybook(
playbook: "./ansible/playbooks/deploy.yml",
inventory: "./ansible/hosts/hosts",
credentialsId: "$VAULT_TOKEN"
}
还有剧本:
---
- hosts: managers
become: true
tasks:
- include_vars: ../vaults/passwords.yml
- name: Log into Docker repository
docker_login:
registry: my.registry.org
username: "{{ reg_user }}"
password: "{{ reg_password }}"
此剧集包括包含加密值的Vault文件。当Jenkins执行Jenkins文件时,我收到以下错误:尝试解密但没有找到保险库机密
为什么ansible不使用我在Jenkins文件中传递给他的credentialId,传递这个凭证的好方法是什么?
尝试以下方法
withCredentials([file(credentialsId: 'vault_token', variable: 'VAULT_TOKEN')]) {
ansiblePlaybook colorized: true, credentialsId: '', forks: 10, inventory: 'ansible/hosts/hosts', limit: '', playbook: 'ansible/playbooks/deploy.yml', sudoUser: null, extras: "--vault-password-file ${VAULT_TOKEN}"
}
你需要添加
附加:“ - default-password-file $ {VAULT_TOKEN}”
并将credentialsId留空。