Создавайте секреты Azure Keyvault через Ansible

Question

Ansible версия 2.7.6

Ansible playbook выглядит следующим образом:

- hosts: localhost
  name: Create instance of Key Vault
  tasks:
    - name: Create a secret
      azure_rm_keyvaultsecret:
        secret_name: test25
        secret_value: 218y490randomstuff9515215123
        keyvault_uri: https://vrandomg3252.vault.azure.net/
        tags:
            testing: test

Ошибка генерации вывода "Не удалось найти обработчики для регистратора"

PLAY [Create instance of Key Vault] *************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************
ok: [localhost]

TASK [Create a secret] **************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "No handlers could be found for logger \"keyring.backend\"\nTraceback (most recent call last):\n  File \"/home/ansibleadm/.ansible/tmp/ansible-tmp-1549893073.25-278009488310625/AnsiballZ_azure_rm_keyvaultsecret.py\", line 113, in <module>\n    _ansiballz_main()\n  File \"/homedirectoryname/.ansible/tmp/ansible-tmp-1549893073.25-278009488310625/AnsiballZ_azure_rm_keyvaultsecret.py\", line 113, in <module>\n    _ansiballz_main()\n File \"/homedirectoryname/.ansible/tmp/ansible-tmp-1549893073.25-278009488310625/AnsiballZ_azure_rm_keyvaultsecret.py\", line 105, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/ansibleadm/.ansible/tmp/ansible-tmp-1549893073.25-278009488310625/AnsiballZ_azure_rm_keyvaultsecret.py\", line 48, in invoke_module\n    imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/tmp/ansible_azure_rm_keyvaultsecret_payload_VsqDCW/__main__.py\", line 215, in <module>\n  File \"/tmp/ansible_azure_rm_keyvaultsecret_payload_VsqDCW/__main__.py\", line 211, in main\n  File \"/tmp/ansible_azure_rm_keyvaultsecret_payload_VsqDCW/__main__.py\", line 126, in __init__\n  File \"/tmp/ansible_azure_rm_keyvaultsecret_payload_VsqDCW/ansible_azure_rm_keyvaultsecret_payload.zip/ansible/module_utils/azure_rm_common.py\", line 308, in __init__\n  File \"/tmp/ansible_azure_rm_keyvaultsecret_payload_VsqDCW/__main__.py\", line 174, in exec_module\n  File \"/tmp/ansible_azure_rm_keyvaultsecret_payload_VsqDCW/__main__.py\", line 199, in create_secret\n  File \"/usr/local/lib/python2.7/dist-packages/azure/keyvault/key_vault_client.py\", line 1586, in set_secret\n    raise models.KeyVaultErrorException(self._deserialize, response)\nazure.keyvault.models.key_vault_error.KeyVaultErrorException: (Forbidden) Access denied\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1

Как правильно использовать модуль azure_rm_keyvaultsecret?

Answer 1

Вам не хватает параметров аутентификации.Смотри https://docs.ansible.com/ansible/latest/modules/azure_rm_keyvaultsecret_module.html

- name: create a secret for mysql
  azure_rm_keyvaultsecret: 
    secret_name: test25
    secret_value: 218y490randomstuff9515215123
    keyvault_uri: https://vrandomg3252.vault.azure.net/
    client_id: "{{ AZURE_CLIENT_ID }}"
    secret: "{{ AZURE_CLIENT_SECRET }}"
    tenant: "{{ AZURE_TENANT_ID }}"
    subscription_id: "{{ AZURE_SUBSCRIPTION_ID }}"