oops...typo...that'd be:
- shell: chdir={{ secret_stuff_folder }} sed -e '2s/#secret/secret/'
mysql_accounts.yml*.secret*
On Monday, January 27, 2014 2:09:53 AM UTC-6, Mark Casey wrote:
>
> With regard to your wanting to continue gracefully after trying to import
> an encrypted file... This is kind of a gross hack, but it might be a
> starting point. Specifically, you might consider putting a comment in the
> top of the unencrypted form of the secured vars file:
>
> ---
>> #secret
>>
>> password: cool
>>
>
> Then use a call to get that comment line and register it as an Ansible
> variable, and use that variable to complete the import filename.
>
> # untested sed on line 2 only
> - shell: chdir={{ secret_stuff_folder }} sed -e '2s/#secret/secret/'
> mysql_accounts.yml
> register: comment
>
> - vars_files: "{{ item }}"
> with_first_found:
> - secured_settings/vars/mysql_accounts.yml.{{ comment.stdout }}
> - secured_settings/vars/dummy.yml
>
> If the file was unencrypted, the var will finish the file's real name and
> it will be imported. If the file is encrypted, sed won't match and either
> the filename will be incomplete or it'll try to import some gibberish file
> like
> mysql_accounts.yml.lkj37&6DS^@##*&#@EJHhddfjjh337kldfs3r8y&YFYFAsdjfkeljdhd
> (and then in either case will import dummy.yml instead, which would be
> unencrypted, but blank).
>
> HTH,
> Mark
>
>
> On Saturday, January 25, 2014 2:08:14 PM UTC-6, Brent Langston wrote:
>>
>> So here's the story:
>>
>> My team is managing some of our secure settings using a set of variables
>> stored in a file, and encrypted using git-crypt. This has been working
>> great under the push model, because we all have the key, and have the
>> secret yaml files decrypted.
>>
>> I've rolled out ansible-pull, and obviously, the secret yaml files are
>> unreadable in the pull model. In my playbook, I have:
>>
>> vars_files:
>> - secured_settings/vars/mysql_accounts.yml.secret
>>
>> and when ansible-pull triggers, I get an error:
>>
>> ERROR: Could not parse YAML. Check over
>> /opt/ansible/secured_settings/vars/mysql_accounts.yml.secret again.
>>
>> Obviously this error is true, and valid; the file is encrypted. What I'd
>> like to figure out is how I can continue the playbook, ignoring this error.
>> Any tasks depending on these variables have conditionals checking to see
>> that the variable is defined, so it's not a big deal to do a run without
>> these variables in place.
>>
>> I could move these tasks and secured settings out into a totally separate
>> playbook, but I figured I'd ask here to see if there was an option to skip
>> an include if there is a problem.
>>
>> Thanks
>> Brent
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
