Ansible

Ansible 與 Kubernetes:使用 ansible 創建 k8s 機密

  • January 5, 2021

我嘗試:

# task
- name: Add ldap oauth query password
 k8s:
   state: present
   definition: "{{ lookup('file', 'openshift-config/secrets/ldap-bind-pw.yaml.j2') }}"
   kubeconfig: "{{ install_directory }}/auth/kubeconfig"


# openshift-config/secrets/ldap-bind-pw.yaml.j2
---
kind: Secret
apiVersion: v1
metadata:
 name: ldap-bind-password
 namespace: openshift-config
data:
 bindPassword: {{ vault_openshift_ldap_bind_pw | string | b64encode }} 
type: Opaque


# vault.yaml
vault_openshift_ldap_bind_pw: test1234

錯誤:

<os-helper71.domain.com> Failed to connect to the host via ssh: Traceback (most recent call last):
 File "<stdin>", line 102, in <module>
 File "<stdin>", line 94, in _ansiballz_main
 File "<stdin>", line 40, in invoke_module
 File "/usr/lib/python3.6/runpy.py", line 205, in run_module
   return _run_module_code(code, init_globals, run_name, mod_spec)
 File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
   mod_name, mod_spec, pkg_name, script_name)
 File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
   exec(code, run_globals)
 File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 279, in <module>
 File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 275, in main
 File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 145, in __init__
 File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 145, in <listcomp>
 File "/usr/lib/python3/dist-packages/yaml/__init__.py", line 84, in load_all
   yield loader.get_data()
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 31, in get_data
   return self.construct_document(self.get_node())
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 46, in construct_document
   for dummy in generator:
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 398, in construct_yaml_map
   value = self.construct_mapping(node)
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 204, in construct_mapping
   return super().construct_mapping(node, deep=deep)
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 128, in construct_mapping
   "found unhashable key", key_node.start_mark)
yaml.constructor.ConstructorError: while constructing a mapping
 in "<unicode string>", line 8, column 17:
     bindPassword: {{ vault_openshift_ldap_bind_pw | s ... 
                   ^
found unhashable key
 in "<unicode string>", line 8, column 18:
     bindPassword: {{ vault_openshift_ldap_bind_pw | st ... 
                    ^
The full traceback is:
Traceback (most recent call last):
 File "<stdin>", line 102, in <module>
 File "<stdin>", line 94, in _ansiballz_main
 File "<stdin>", line 40, in invoke_module
 File "/usr/lib/python3.6/runpy.py", line 205, in run_module
   return _run_module_code(code, init_globals, run_name, mod_spec)
 File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
   mod_name, mod_spec, pkg_name, script_name)
 File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
   exec(code, run_globals)
 File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 279, in <module>
 File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 275, in main
 File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 145, in __init__
 File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 145, in <listcomp>
 File "/usr/lib/python3/dist-packages/yaml/__init__.py", line 84, in load_all
   yield loader.get_data()
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 31, in get_data
   return self.construct_document(self.get_node())
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 46, in construct_document
   for dummy in generator:
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 398, in construct_yaml_map
   value = self.construct_mapping(node)
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 204, in construct_mapping
   return super().construct_mapping(node, deep=deep)
 File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 128, in construct_mapping
   "found unhashable key", key_node.start_mark)
yaml.constructor.ConstructorError: while constructing a mapping
 in "<unicode string>", line 8, column 17:
     bindPassword: {{ vault_openshift_ldap_bind_pw | s ... 
                   ^
found unhashable key
 in "<unicode string>", line 8, column 18:
     bindPassword: {{ vault_openshift_ldap_bind_pw | st ... 
                    ^
fatal: [os-helper71.domain.com]: FAILED! => {
   "changed": false,
   "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 102, in <module>\n  File \"<stdin>\", line 94, in _ansiballz_main\n  File \"<stdin>\", line 40, in invoke_module\n  File \"/usr/lib/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py\", line 279, in <module>\n  File \"/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py\", line 275, in main\n  File \"/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py\", line 145, in __init__\n  File \"/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py\", line 145, in <listcomp>\n  File \"/usr/lib/python3/dist-packages/yaml/__init__.py\", line 84, in load_all\n    yield loader.get_data()\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 31, in get_data\n    return self.construct_document(self.get_node())\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 46, in construct_document\n    for dummy in generator:\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 398, in construct_yaml_map\n    value = self.construct_mapping(node)\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 204, in construct_mapping\n    return super().construct_mapping(node, deep=deep)\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 128, in construct_mapping\n    \"found unhashable key\", key_node.start_mark)\nyaml.constructor.ConstructorError: while constructing a mapping\n  in \"<unicode string>\", line 8, column 17:\n      bindPassword: {{ vault_openshift_ldap_bind_pw | s ... \n                    ^\nfound unhashable key\n  in \"<unicode string>\", line 8, column 18:\n      bindPassword: {{ vault_openshift_ldap_bind_pw | st ... \n                     ^\n",
   "module_stdout": "",
   "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
   "rc": 1
}

怎麼了?

ansible 版本:2.9.9 和 python 3.8.6

您正在使用

lookup('file', '/path/to/template.j2')

用於檢索指定文件的原始內容。相反,您必須使用

lookup('template', '/path/to/template.j2')

如果你想jinja2填寫你的模板。

資源

引用自:https://unix.stackexchange.com/questions/627599

相關問答

Ansible

將文件中的多個值載入到 ansible 劇本中

  • October 20, 2022
檢視問答
Ubuntu

如何使用ansible來檢測Linux的具體風味?

  • October 12, 2022
檢視問答
Search

ansible lineinfile 模組以匹配 variable_value

  • October 10, 2022
檢視問答
Ansible

使用 Ansible 實現基礎架構自動化

  • September 23, 2022
檢視問答
Tcp

CLOSE_WAIT 在 kubernetes 節點上不可見

  • September 19, 2022
檢視問答
Shell

AWK 從帶有跳轉行的 CSV 文件中的項目啟動作業系統命令

  • September 14, 2022
檢視問答