AnsibleとKubernetes:ansibleを使用したk8sキーの生成

AnsibleとKubernetes:ansibleを使用したk8sキーの生成

私は試みる:

# task
- name: Add ldap oauth query password
  k8s:
    state: present
    definition: "{{ lookup('file', 'openshift-config/secrets/ldap-bind-pw.yaml.j2') }}"
    kubeconfig: "{{ install_directory }}/auth/kubeconfig"


# openshift-config/secrets/ldap-bind-pw.yaml.j2
---
kind: Secret
apiVersion: v1
metadata:
  name: ldap-bind-password
  namespace: openshift-config
data:
  bindPassword: {{ vault_openshift_ldap_bind_pw | string | b64encode }} 
type: Opaque


# vault.yaml
vault_openshift_ldap_bind_pw: test1234

間違い:

<os-helper71.domain.com> Failed to connect to the host via ssh: Traceback (most recent call last):
  File "<stdin>", line 102, in <module>
  File "<stdin>", line 94, in _ansiballz_main
  File "<stdin>", line 40, in invoke_module
  File "/usr/lib/python3.6/runpy.py", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 279, in <module>
  File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 275, in main
  File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 145, in __init__
  File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 145, in <listcomp>
  File "/usr/lib/python3/dist-packages/yaml/__init__.py", line 84, in load_all
    yield loader.get_data()
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 31, in get_data
    return self.construct_document(self.get_node())
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 46, in construct_document
    for dummy in generator:
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 398, in construct_yaml_map
    value = self.construct_mapping(node)
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 204, in construct_mapping
    return super().construct_mapping(node, deep=deep)
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 128, in construct_mapping
    "found unhashable key", key_node.start_mark)
yaml.constructor.ConstructorError: while constructing a mapping
  in "<unicode string>", line 8, column 17:
      bindPassword: {{ vault_openshift_ldap_bind_pw | s ... 
                    ^
found unhashable key
  in "<unicode string>", line 8, column 18:
      bindPassword: {{ vault_openshift_ldap_bind_pw | st ... 
                     ^
The full traceback is:
Traceback (most recent call last):
  File "<stdin>", line 102, in <module>
  File "<stdin>", line 94, in _ansiballz_main
  File "<stdin>", line 40, in invoke_module
  File "/usr/lib/python3.6/runpy.py", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 279, in <module>
  File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 275, in main
  File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 145, in __init__
  File "/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 145, in <listcomp>
  File "/usr/lib/python3/dist-packages/yaml/__init__.py", line 84, in load_all
    yield loader.get_data()
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 31, in get_data
    return self.construct_document(self.get_node())
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 46, in construct_document
    for dummy in generator:
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 398, in construct_yaml_map
    value = self.construct_mapping(node)
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 204, in construct_mapping
    return super().construct_mapping(node, deep=deep)
  File "/usr/lib/python3/dist-packages/yaml/constructor.py", line 128, in construct_mapping
    "found unhashable key", key_node.start_mark)
yaml.constructor.ConstructorError: while constructing a mapping
  in "<unicode string>", line 8, column 17:
      bindPassword: {{ vault_openshift_ldap_bind_pw | s ... 
                    ^
found unhashable key
  in "<unicode string>", line 8, column 18:
      bindPassword: {{ vault_openshift_ldap_bind_pw | st ... 
                     ^
fatal: [os-helper71.domain.com]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 102, in <module>\n  File \"<stdin>\", line 94, in _ansiballz_main\n  File \"<stdin>\", line 40, in invoke_module\n  File \"/usr/lib/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py\", line 279, in <module>\n  File \"/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py\", line 275, in main\n  File \"/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py\", line 145, in __init__\n  File \"/tmp/ansible_k8s_payload_osgd8_f3/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py\", line 145, in <listcomp>\n  File \"/usr/lib/python3/dist-packages/yaml/__init__.py\", line 84, in load_all\n    yield loader.get_data()\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 31, in get_data\n    return self.construct_document(self.get_node())\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 46, in construct_document\n    for dummy in generator:\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 398, in construct_yaml_map\n    value = self.construct_mapping(node)\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 204, in construct_mapping\n    return super().construct_mapping(node, deep=deep)\n  File \"/usr/lib/python3/dist-packages/yaml/constructor.py\", line 128, in construct_mapping\n    \"found unhashable key\", key_node.start_mark)\nyaml.constructor.ConstructorError: while constructing a mapping\n  in \"<unicode string>\", line 8, column 17:\n      bindPassword: {{ vault_openshift_ldap_bind_pw | s ... \n                    ^\nfound unhashable key\n  in \"<unicode string>\", line 8, column 18:\n      bindPassword: {{ vault_openshift_ldap_bind_pw | st ... \n                     ^\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

何が問題なの?

Ansibleバージョン:2.9.9(Python 3.8.6を含む)

答え1

あなたは使用しています

lookup('file', '/path/to/template.j2')

指定されたファイルの元の内容を取得するために使用されます。代わりに、次を使用する必要があります。

lookup('template', '/path/to/template.j2')

jinja2テンプレートを埋めたい場合。

源泉

関連情報