我正试图获得https://github.com/ansible/awx-operator从我的git仓库导入库存,我的库存包含保险库机密,所以当我试图"同步";我的AWX可见库存与我的git回购作业失败:
ERROR! Attempting to decrypt but no vault secrets found
有一个变通办法,我正试图实现。解决方法是在"awx"上执行这些命令。节点:
echo "XXXXXXXXX" > /tmp/vault_password
chmod 777 /tmp/vault_password
,然后设置额外的变量:
---
ANSIBLE_VAULT_PASSWORD_FILE: /tmp/vault_password
awx-operator是一个kubernetes部署,所以我想我可以编辑部署中的pod定义来实现上面的解决方案,使用kubectl edit deployment -n awx awx-demo。
I change this…
262 initContainers:
263 - command:
264 - /bin/sh
265 - -c
266 - |
267 hostname=$MY_POD_NAME
268 receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
269 receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/receptor-ca.crt cakey=/etc/receptor/tls/ca/receptor-ca.key outcert=/etc/receptor/tls/receptor.crt verify=yes
…
262 initContainers:
263 - command:
264 - /bin/sh
265 - -c
266 - |
267 echo "XXXXXXXXX" > /tmp/vault_password
268 chmod 777 /tmp/vault_password
269 hostname=$MY_POD_NAME
270 receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
271 receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/receptor-ca.crt cakey=/etc/receptor/tls/ca/receptor-ca.key outcert=/etc/receptor/tls
但是一个pod正在死亡并且部署恢复到我编辑它之前的状态。我不知道如何查看导致CrashLoop的原因。
更新:
我设法通过在正确的时刻运行kubectl describe awx-demo来抓住错误。我看到:
Init Containers:
init:
Container ID: containerd://075110d13705a335850818ca49ba33eec94f4a1db06dfd9ff5b224ee8fd15480
Image: quay.io/ansible/awx-ee:latest
Image ID: quay.io/ansible/awx-ee@sha256:546c728608e57cb0903e10f4a530e6ff1cd8d94ee9e9bcb7db64f96ede6d0180
Port: <none>
Host Port: <none>
Command:
/bin/echo "XXXXXXX" > /tmp/vault_password
/bin/chmod 777 /tmp/vault_password
/bin/sh
-c
hostname=$MY_POD_NAME
receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/receptor-ca.crt cakey=/etc/receptor/tls/ca/receptor-ca.key outcert=/etc/receptor/tls/receptor.crt verify=yes
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: StartError
Message: failed to create containerd task: failed to
create shim task: OCI runtime create failed: runc create failed:
unable to start container process: exec: "/bin/echo "XXXXXXXX" >
/tmp/vault_password": stat /bin/echo "XXXXXXXX" >
/tmp/vault_password: no such file or directory: unknown
由于只能有一个进程作为入口点,因此您只能有一个命令(例如:bash)。试着用command和args来分解你的命令,并把所有的命令作为命令和args传递给bash。
- command: ["/bin/bash","-c"]
args: ["/bin/echo 'XXXXXXX' > /tmp/vault_password && /bin/chmod 777 /tmp/vault_password"]