Comments (7)
TerryHowe
commented on July 28, 2024
Here is the working functional test if that helps: https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/functional/test_init.yml
The only odd thing I notice is you register vault_init, but have some environment variable of the same name and I assume that is what gets printed.
from ansible-modules-hashivault.
thalesac
commented on July 28, 2024
Many thanks Terry, totally my mistake.
I hurried up to open the issue.
My apologies, you can close this ticket.
Also, Many thanks for your work on this module.
from ansible-modules-hashivault.
dizzler
commented on July 28, 2024
I think your dual use of the vault_init variable is causing a misleading
result from your debug task.
Suggest using some other variable (key) for 'register:' in your
hashivault_init task, then use that new variable as the input to debug
task.
On Oct 25, 2017 12:56 PM, "Thales Ceolin" <[email protected]> wrote:
- hashivault_init:
register: 'vault_init'
environment:
VAULT_ADDR: "{{ VAULT_ADDR }}"
when: vault_init
run_once: yes
- debug: msg="{{vault_init}}"
The debug returns:
TASK [platform-vault-init : debug]
******************************************************************
ok: [10.0.20.143] => {
"msg": true
}
It's missing the keys.
This seems to be not working: https://github.com/TerryHowe/
ansible-modules-hashivault/blob/master/ansible/modules/
hashivault/hashivault_init.py#L101
Any ideas?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#35>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AKvcXqNhVZBqFKvDm_TxeceaVGuED8RIks5sv4RxgaJpZM4QGfY0>
.
from ansible-modules-hashivault.
thalesac
commented on July 28, 2024
Many thanks @dizzler . That was the issue.
Another thing I just came across: I'm trying to re-use the newly generated keys to unseal the vault just after the init:
- hashivault_unseal:
keys: '{{ vault_init_keys.keys_base64 }}'
environment:
VAULT_ADDR: "{{ VAULT_ADDR }}"
when: vault_init_keys
This doesn't work.
As far as I could see, the VAULT_KEYS expect a space separated keys and the vault_init_keys is an array.
If you have any ideas on that would be great.
from ansible-modules-hashivault.
thalesac
commented on July 28, 2024
Replying my own question, I came up with this:
- hashivault_unseal:
keys: '{{ vault_init_keys.keys_base64.0 }} {{ vault_init_keys.keys_base64.1 }} {{ vault_init_keys.keys_base64.2 }}'
environment:
VAULT_ADDR: "{{ VAULT_ADDR }}"
when: vault_init_keys
In the future might me nice to generate this automatically.
Thanks all of you.
from ansible-modules-hashivault.
TerryHowe
commented on July 28, 2024
This is how the function tests do it although your solution is fewer lines
https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/functional/test_init.yml#L17-L21
from ansible-modules-hashivault.
TerryHowe
commented on July 28, 2024
I guess one other thing, you should be able to specify VAULT_ADDR as an argument rather than the environment if you like
- hashivault_unseal:
keys: '{{ vault_init_keys.keys_base64.0 }} {{ vault_init_keys.keys_base64.1 }} {{ vault_init_keys.keys_base64.2 }}'
url: "{{ VAULT_ADDR }}"
when: vault_init_keys
I didn't test that, but it should work
from ansible-modules-hashivault.
Related Issues (20)
- `hashivault_pki_role` is missing a bunch of the more recent options
- hashivault_init not work with seal type transit HOT 2
- hashivault_secret_engine should support diff and check
- Possible hvac breaking change HOT 1
- whitelist_externals is deprecated in tox
- auth_method missing return value
- auth_method missing diff support HOT 1
- Policy module is missing check and diff
- oidc_auth_method_config & oidc_auth_role missing diff mode
- hashivault_db_secret_engine_config error using vault server 1.12.x and 1.13.x HOT 9
- Re-add wrap_ttl to hashivault_approle_role_secret HOT 1
- configuring allowed_other_sans parameter in hashivault_pki_role broken HOT 2
- hashivault_secret_engine doesn't support seal wrap HOT 5
- Add coverage for 'userfilter' in hashivault_auth_ldap HOT 2
- Dependency on ansible>=5.0.0 HOT 3
- TLS authentication uses removed method
- hashivault_token_renew: call to client.renew_self_token not working anymore
- https://github.com/TerryHowe/ansible-modules-hashivault/pull/467 breaks installs that use pip based hvac HOT 1
- hashivault_k8s_auth_role does not detect changes in policies
- hashivault_identity_entity_alias didn't have custom_metada parameter HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-modules-hashivault.