错误！未能组合变量，预期的字典，但得到了"字典"和"AnsibleUnicode"

我有一个非常奇怪的问题，我无法解决。已经花了4个小时调试，但没有任何进展，以前从未遇到过这样的问题。

Ansible信息:

ansible [core 2.11.5]
config file = /Users/igor/Projects/infrastructure/mint2/ansible.cfg
configured module search path = ['/Users/igor/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/igor/.local/share/virtualenvs/mint2-x8LdeqZ_/lib/python3.9/site-packages/ansible
ansible collection location = /Users/igor/.ansible/collections:/usr/share/ansible/collections
executable location = /Users/igor/.local/share/virtualenvs/mint2-x8LdeqZ_/bin/ansible
python version = 3.9.6 (default, Jun 28 2021, 19:24:41) [Clang 12.0.5 (clang-1205.0.22.9)]
jinja version = 3.0.1
libyaml = False

这是一个示例剧本:

---
- hosts: somehost
gather_facts: yes
vars_files:
- host_vars/somehost/common/common.yml
- host_vars/somehost/backup/backup.yml
pre_tasks:
- name: Prepare | Remove AppArmor
apt:
name: apparmor
state: absent

- name: Prepare | Stop AppArmor
service:
name: apparmor
enabled: no
roles: 
- roles/role-provision-common
- roles/role-deploy-backup

host_vars的结构:

host_vars/somehost
├── backup
│   ├── backup.yml
│   └── encryption_key
├── common
│   ├── common.yml
│   └── ssh-keys
│       ├── id_rsa_backup
│       └── id_rsa_backup.pub

以下是common.yml的内容:

common_packages_generic_enabled: true
common_packages_stats_enabled: true
common_packages_mysql_enabled: true
common_packages_web_server_enabled: false
common_network_rename_interfaces: true
common_preferred_timezone: 'UTC'

以下是backup.yml的内容:

backup_server_hostname: someserver
backup_server_path: /home/someuser
backup_server_user: somerserver
backup_server_port: '22'
backup_host_user: someremoteuser
backup_host_mount_path: /home/someremoteuser/backup
backup_host_user_private_key_path: host_vars/somehost/common/ssh-keys/id_rsa_backup

encryption_key、id_rsa_backup、id_rsa_backup_pub为vault加密文件。

所以，当我运行:

ansible-playbook --check --diff somehost.yml -vvvvvvvv

我收到以下错误:

PLAY [somehost] ************************************************************************************************************************************************************************************
Found a vault_id (default) in the vaulttext
We have a secret associated with vault id (default), will try to use to decrypt /Some/Local/Path/host_vars/somehost/backup/encryption_key
Trying to use vault secret=(FileVaultSecret(filename='/Some/Local/Path/.vault')) id=default to decrypt /Some/Local/Path/host_vars/somehost/backup/encryption_key
Trying secret FileVaultSecret(filename='/Some/Local/Path/.vault') for vault_id=default
Decrypt of "b'/Some/Local/Path/host_vars/somehost/backup/encryption_key'" successful with secret=FileVaultSecret(filename='/Some/Local/Path/.vault') and vault_id=default
Found a vault_id (default) in the vaulttext
We have a secret associated with vault id (default), will try to use to decrypt None
Trying to use vault secret=(FileVaultSecret(filename='Some/Local/Path/.vault')) id=default to decrypt None
Trying secret FileVaultSecret(filename='Some/Local/Path/.vault') for vault_id=default
Decrypt successful with secret=FileVaultSecret(filename='Some/Local/Path/.vault') and vault_id=default

ERROR! failed to combine variables, expected dicts but got a 'dict' and a 'AnsibleUnicode':
{'backup_server_hostname': 'somehost', 'backup_server_path': '/home/somehostpath', 'backup_server_user': 'somehostpath', 'backup_server_port': '22', 'backup_host_user': 'automator', 'backup_host_mount_path': '/home/xxxx/mnt/backup', 'backup_host_user_private_key_path': 'host_vars/somehost/common/ssh-keys/id_rsa_backup', 'backup_borgmatic_configuration': [{'source_directories': ['/home/xxxx/.mysql'], 'repositories': ['/home/xxxx/mnt/backup/backup'], 'application_name': 'somehost_db', 'location': {'exclude_if_present': '.nobackup'}, 'storage': {'encryption_passphrase': 'xxxxx', 'archive_name_format': "'{hostname}-mysql-{now}'"}, 'retention': {'keep_hourly': '168', 'prefix': "'{hostname}-mysql-'"}, 'consistency': {'checks': ['archives'], 'check_repositories': ['/home/xxxx/mnt/backup/backup']}, 'hooks': {'before_backup': ['sh /home/xxxx/.scripts/check_sshfs.sh', 'sh /home/xxxx/.scripts/mysql_backup.sh', 'echo "Starting a backup."'], 'after_backup': ['echo "Backup done"'], 'on_error': ['echo "Backup failed"']}}]}
"BORG_KEY 36dfe604435ad8eaca89e39 hqlhbGdvcml0aG2mc2hhMjU2pGRhdGHaAN5a1XnA0c3O3MC44+lN2nWgol31naZud/Gf1p Q2aDmnXeMj7pHR1LPL/K/b3vrBgWW64RV6e9E9PSsYicrLcYDrPA0s2YSHbZpTBBPKURxX h0uIhTTj8497vhiezwQOhjDxFpVPtzqWmlmz9ibQlrGCiBQQD95+NitfFJTBUoQ7HS+rgs /m87v8rQaOWhv6/4V9w1K4ooMu5ufMxNeUXUfidFJNs5HeJf2QS2iTd7dSBYLUmId5guZT PTypFvdtpsnUfXGQ5l0rluAgd1BigYxCtvdNwNRus88y9nc74y+kaGFzaNoAIN8uIPII2m Fzh6ZxBaG21vIbDFnFZHWjxBZwO+1MGz5Fqml0ZXJhdGlvbnPOAAGGoKRzYWx02gAgIpO9 oD"

BORG_KEY序列之前的部分为backup/backup.yml文件的内容，之后的文本为encyption_key解密。

为了运行这个剧本，我必须删除encryption_key和id_rsa_backup和id_rsa_backup_pub文件。

但是——这里有一个奇怪的部分——我有另外5个剧本，它们运行相同的角色，具有几乎相同的host_vars结构和vault加密文件，但它们运行得很好，不需要删除加密文件。所以在一半的情况下它不起作用，在另一半情况下它起作用。他们都属于同一个组。

我不知道为什么会发生这种情况，为什么Ansible试图包含我没有特别要求的文件。

任何帮助都是感激的。

更新:我还发现，如果我添加任何扩展到加密文件(。Key和.pem)，我的剧本工作得很好。我也不知道为什么。

我和你有同样的问题。在我的例子中，我将vault定义为vault.yaml。但问题是，我忘记了它是一个YAML文件，并将内容定义为:

vault_db_password=somepassword

在我的group_vars中，我有一个var文件，它引用了vault，如:

configuration:
rds:
password: "{{ vault_db_password }}"

为了解决这个问题，我只需要确保我的保险库是一个有效的yaml，所以我将内容更改为:

vault_db_password: somepassword

从你的更新看来，ansible很难理解文件类型，并且可能在解析/casting和合并变量时出错。希望这能帮助到一些人，干杯!

相关内容

最新更新

热门标签：