Comments (4)
Well, the vault env vars don't seem to be set on the remote host even though you are delegating to localhost. I haven't tried that. What I normally do is use the lookup plugin kind of like this:
https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/functional/test_secret.yml#L97
Alternatively, I think you could do a set_fact and target two different hosts kind of like (if you really need to use hashivault_read):
https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/example/test_remote_host.yml
Another option would be if you are using roles you could put the lookup plugin calls in your defaults and that will run locally and then you don't need to set_fact.
from ansible-modules-hashivault.
Thanks for the quick reply. I tried a couple of more things following your suggestions and I agree it looks like using the lookup module is advantageous to my workflow.
I first tried this:
- hosts: master
vars:
DRONE_LICENSE: "{{ lookup('hashivault','secret/internal/CI/test','username')}}"
gather_facts: false
tasks:
- debug:
msg: "username={{ DRONE_LICENSE }}"
This resulted in a python back trace.
task path: /Users/snoby/work/Official/lab-ops-ansible/just-ci.yml:30
The full traceback is:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/template/vars.py", line 106, in __getitem__
value = self._templar.template(variable)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/template/__init__.py", line 450, in template
disable_lookups=disable_lookups,
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/template/__init__.py", line 672, in do_template
res = j2_concat(rf)
File "<template>", line 11, in root
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/jinja2/runtime.py", line 262, in call
return __obj(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/template/__init__.py", line 579, in _lookup
instance = self._lookup_loader.get(name.lower(), loader=self._loader, templar=self)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/plugins/loader.py", line 363, in get
self._module_cache[path] = self._load_module_source(name, path)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/plugins/loader.py", line 339, in _load_module_source
module = imp.load_source(full_name, path, module_file)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/imp.py", line 172, in load_source
module = _load(spec)
File "<frozen importlib._bootstrap>", line 684, in _load
File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 674, in exec_module
File "<frozen importlib._bootstrap_external>", line 781, in get_code
File "<frozen importlib._bootstrap_external>", line 741, in source_to_code
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/plugins/lookup/hashivault.py", line 78
print LookupModule().run(argv, None)[0]
^
SyntaxError: invalid syntax
also I would say when I put in a key that wasn't' there I got a back trace exception as well. I don't know how to catch exceptions in python but might want to do that. Does the lookup error mean that I must have the module and python installed on all the hosts? I tried installing ansible and the plugin on the host (even though I want the lookup to happen on the control machine) and this resulted in the same backtrace.
Next i tried
- hosts: master
gather_facts: false
tasks:
- set_fact:
DRONE_LICENSE: "{{ lookup('hashivault','secret/internal/CI/test','username')}}"
- debug:
msg: "username={{ DRONE_LICENSE }}"
This also imploded with the following backtrace:
The full traceback is:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/executor/task_executor.py", line 130, in run
res = self._execute()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/executor/task_executor.py", line 472, in _execute
self._task.post_validate(templar=templar)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/playbook/task.py", line 249, in post_validate
super(Task, self).post_validate(templar)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/playbook/base.py", line 377, in post_validate
value = templar.template(getattr(self, name))
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/template/__init__.py", line 494, in template
disable_lookups=disable_lookups,
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/template/__init__.py", line 450, in template
disable_lookups=disable_lookups,
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/template/__init__.py", line 672, in do_template
res = j2_concat(rf)
File "<template>", line 11, in root
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/jinja2/runtime.py", line 262, in call
return __obj(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/template/__init__.py", line 579, in _lookup
instance = self._lookup_loader.get(name.lower(), loader=self._loader, templar=self)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/plugins/loader.py", line 363, in get
self._module_cache[path] = self._load_module_source(name, path)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/plugins/loader.py", line 339, in _load_module_source
module = imp.load_source(full_name, path, module_file)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/imp.py", line 172, in load_source
module = _load(spec)
File "<frozen importlib._bootstrap>", line 684, in _load
File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 674, in exec_module
File "<frozen importlib._bootstrap_external>", line 781, in get_code
File "<frozen importlib._bootstrap_external>", line 741, in source_to_code
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/ansible/plugins/lookup/hashivault.py", line 78
print LookupModule().run(argv, None)[0]
^
SyntaxError: invalid syntax
fatal: [ci-master.ops.tropo.com]: FAILED! => {
"msg": "Unexpected failure during module execution.",
"stdout": ""
}
running it localhost results in the same error as well so perhaps I'm not using the lookup method properly...
from ansible-modules-hashivault.
I haven't read all your prose yet, but a quick look and my guess is that is a Python 3 incompatibility issue. That plugin was written in the early days of Ansible 2 and I haven't tested with Py3 and I think Py3 was added pretty recently.
from ansible-modules-hashivault.
I just uploaded version 3.8.4 which should fix a couple minor py3 compatibility issues. Alll tests are passing for me.
from ansible-modules-hashivault.
Related Issues (20)
- hashivault_init not work with seal type transit HOT 2
- hashivault_secret_engine should support diff and check
- Possible hvac breaking change HOT 1
- whitelist_externals is deprecated in tox
- auth_method missing return value
- auth_method missing diff support HOT 1
- Policy module is missing check and diff
- oidc_auth_method_config & oidc_auth_role missing diff mode
- hashivault_db_secret_engine_config error using vault server 1.12.x and 1.13.x HOT 9
- Re-add wrap_ttl to hashivault_approle_role_secret HOT 1
- configuring allowed_other_sans parameter in hashivault_pki_role broken HOT 2
- hashivault_secret_engine doesn't support seal wrap HOT 5
- Add coverage for 'userfilter' in hashivault_auth_ldap HOT 2
- Dependency on ansible>=5.0.0 HOT 3
- TLS authentication uses removed method
- hashivault_token_renew: call to client.renew_self_token not working anymore
- https://github.com/TerryHowe/ansible-modules-hashivault/pull/467 breaks installs that use pip based hvac HOT 1
- hashivault_k8s_auth_role does not detect changes in policies
- hashivault_identity_entity_alias didn't have custom_metada parameter HOT 3
- Bug on hashivault_approle_role_secret module HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-modules-hashivault.