我正试图通过Ansible部署Hashicorp Vault。我已经成功地安装了它,并进行了初始设置,生成了5个未密封的密钥和根令牌。然而,当我试图通过ansible打开它时,我遇到了错误。我尝试了各种方法来实现这一点,但每次都会出现超时错误。我甚至无法通过终端运行它,我也会遇到同样的错误。以下是我试图打开保险库的所有不同方法:
方法1
- name: unseal vault
uri:
url: "http://172.0.0.1:8200/v1/sys/unseal"
method: PUT
body: "{{ item }}"
body_format: json
return_content: yes
status_code: 200
become: no
loop:
- "{{ key3.stdout }}"
- "{{ key4.stdout }}"
- "{{ key5.stdout }}"
方法2:
- name: unseal vault 1
shell: |
vault operator unseal {{ key4.stdout }}
vault operator unseal {{ key5.stdout }}
vault operator unseal {{ key3.stdout }}
environment:
VAULT_ADDR: "http://172.0.0.1:8200"
方法3重复3次:
- name: unseal the vault
become: yes
command: vault operator unseal {{ key4.stdout }}
environment:
VAULT_ADDR: "http://172.0.0.1:8200"
我已经验证了我从文件中获得的关键变量是正确的。
这是我在方法1:中得到的错误
failed: [172.26.1.238] (item=2q2h3y6XsztNEToISMADvbZ5XOugvi7NMHkfiarQq8bN) => {"changed": false, "content": "", "item": "2q2h3y6XsztNEToISMADvbZ5XOugvi7NMHkfiarQq8bN", "msg": "Status code was -1 and not [200]: Request failed: <urlopen error timed out>", "redirected": false, "status": -1, "url": "http://172.0.0.1:8200/v1/sys/unseal"}
这是我在方法2:中得到的错误
fatal: [172.26.1.238]: FAILED! => {"changed": true, "cmd": "vault operator unseal jwmGkN2O5t0JvAI2+82I9WAJuEL1PEG7sbkk8lmao+2Bn vault operator unseal 2q2h3y6XsztNEToISMADvbZ5XOugvi7NMHkfiarQq8bNn vault operator unseal J74KbqOcqi6CBAB95PRy9kZF77Q7T2XAFWd7amQk1uP+", "delta": "0:01:30.078433", "end": "2018-12-02 00:53:45.609747", "msg": "non-zero return code", "rc": 2, "start": "2018-12-02 00:52:15.531314", "stderr": "Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeoutnError unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeoutnError unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout", "stderr_lines": ["Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/otimeout", "Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout", "Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout"], "stdout": "", "stdout_lines": []}
这是我在方法3:中得到的错误
fatal: [172.26.1.238]: FAILED! => {"changed": true, "cmd": ["vault", "operator", "unseal", "jwmGkN2O5t0JvAI2+82I9WAJuEL1PEG7sbkk8lmao+2B"], "delta": "0:00:30.025966", "end": "2018-12-02 00:58:28.997154", "msg": "non-zero return code", "rc": 2, "start": "2018-12-02 00:57:58.971188", "stderr": "Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout", "stderr_lines": ["Error unsealing: Put http://172.0.0.1:8200/v1/sys/unseal: dial tcp 172.0.0.1:8200: i/o timeout"], "stdout": "", "stdout_lines": []}
有没有想过我可能做错了什么?我试着在网上遵循一些指南,也从GitHub中遵循其他人的代码,但似乎什么都不起作用。如有任何帮助,将不胜感激
感谢
所以这很尴尬,但我认为这可能会帮助人们尝试做同样的事情。所以我可以确认方法2确实有效。其他的可能也有效,但我还没有测试过。我唯一需要更改的就是将VAULT_ADDR值更改为127.0.0.1:8200,而不是172.0.0.1:82000。这是一个愚蠢的错误,但我花了两天多的时间才解决。所以我希望其他人能从中吸取教训。
感谢