Comments (6)
rseabra
commented on August 20, 2024
1
~~There is a typo that nobody noticed. It's ANSIBLE_VAULT_PASSWORD_FILE! ~~ I'm off work and without access to my setup in order to checkout if there's an actual typo, because I'm almost 100% sure that the point was to load the password into a variable, and not a file that's not actually available in the container.
I'll let you know next week.
from ansible-navigator.
rseabra
commented on August 20, 2024
1
Thanks a lot for finding out my error in the documentation patch, it's a neat trick and it deserves to be properly documented. :)
from ansible-navigator.
netopsengineer
commented on August 20, 2024
@rseabra it looks like you introduced this documentation on #1714 could you comment on how it is to be used? From everything I can gather, there is no support for ANSIBLE_VAULT_PASSWORD as an env var from Ansible, it doesn't look for it, in fact it seems it was proposed, and the PR was rejected here ansible/ansible#64383 (comment)
Any help would be appreciated.
from ansible-navigator.
netopsengineer
commented on August 20, 2024
@rseabra appreciate the reply, yeah I figured that might be the case, but even then I was not sure how it would work, as ANSIBLE_VAULT_PASSWORD_FILE expects a path, and if I'm following the instructions properly in the README, this would essentially set the output of gpg --decrypt eg. the plaintext password as the value of ANSIBLE_VAULT_PASSWORD_FILE in the EE, which will not work.
You essentially need a file with the output of gpg ... as the contents AFAIK. The challenge is that you would need to symlink your .asc file into the project for it to be able to execute it in the EE, much like the current directions in the README do today.
If you were able to work around this, or this is some gpg-agent trick (I am new to working with gpg in this context), I would love to hear about it, and we can decide the best way to do a PR to update the docs to explain it better, and fix the typo.
from ansible-navigator.
rseabra
commented on August 20, 2024
"&%$#"%$#&"# I documented it wrong, I will fix the faq but here's the proper trick:
mylogin@myhost:~$ export ANSIBLE_VAULT_PASSWORD_FILE=~/bin/ansible-vault.sh
mylogin@myhost:~$ cat $ANSIBLE_VAULT_PASSWORD_FILE
#!/bin/sh
/usr/bin/gpg -q -d /.../vault.asc
mylogin@myhost:~$ cat ansible-vault.sh
#!/bin/sh
echo $ANSIBLE_VAULT_PASSWORD
mylogin@myhost:~$ cat zbr.yaml
- hosts: localhost
vars:
secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
37393239346661666331316663356662366262383732396237313939366666663733656439333265
3661636531633338306135326235643534656635333665310a343261643432303165633864666131
32343637336366356234633839346430346639623961646434356330393263313433346134386436
3236613664636235360a653834393430353938666164396663643537636665623930623339323865
6336
tasks:
- debug:
var: secret
mylogin@myhost:~$ ansible-playbook zbr.yaml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] *****************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [debug] *********************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
"secret": "Segredo!"
}
PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
mylogin@myhost:~$ ANSIBLE_VAULT_PASSWORD=$( $ANSIBLE_VAULT_PASSWORD_FILE ) ansible-navigator run -m stdout --eei registry.redhat.io/ansible-automation-platform/ee-minimal-rhel9:2.15.11-2 --senv=ANSIBLE_VAULT_PASSWORD_FILE=ansible-vault.sh --penv=ANSIBLE_VAULT_PASSWORD zbr.yaml
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"secret": "Segredo!"
}
PLAY RECAP *********************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
from ansible-navigator.
rseabra
commented on August 20, 2024
I added #1799 in order to resolve.
from ansible-navigator.
Related Issues (20)
- Image inspection fails in actions workflow HOT 2
- Switch Releases to CalVer
- Update `cmdline` description
- Update to the latest pytest-plus
- Refactor navigator testing
- Drop setuptools_scm_git_archive dependency HOT 1
- Provide visual feedback when filter is applied HOT 1
- collections command fails with message: Something went really wrong HOT 1
- Update docs to run on Podman for Mac
- Allow disabling logging completely
- How do I turn off the requirement for ansible-navigator being run in a tty? HOT 1
- Support the "newer" pull policy of podman to better cope with download issues
- Podman volume mount of single files are replaced by a directory mount rather than inserted correctly HOT 4
- ansible-navigator run does not allow using yaml output HOT 3
- ansible-navigator 24.3.2 attempts to load python 3.9 library instead of 3.12 when inspecting EE images HOT 4
- Images inspect not possible - Image introspection failed HOT 5
- CI and developer config updates HOT 1
- Can not start ansible-navigator container in podman on mac os HOT 1
- ansible-navigator ignores $TERM settings HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-navigator.