ansible - gitlab-runner:找不到“本地”ansible角色
问题描述
ansible文档说
如果 Ansible
ansible.cfg
从全局可写的当前工作目录加载,则会产生严重的安全风险。
这是有道理的,但会在我的项目中导致我的 ci-pipeline 出现问题:
.
├── group_vars
├── host_vars
├── playbooks
├── resources
├── roles
| ├── bootstrap
| └── networking
├── ansible.cfg
├── inventory.yml
├── requirements.yml
├── site.yml
└── vault.yml
我有两个“本地”角色,它们在 ansible 项目的源代码控制下签入./roles
,但是当我运行时找不到这些角色ansible-playbook --syntax-check site.yml
$ ansible-playbook --syntax-check site.yml
[WARNING] Ansible is being run in a world writable directory (/builds/papanito/infrastructure), ignoring it as an ansible.cfg source. For more information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
[WARNING]: provided hosts list is empty, only localhost is available. Note
that the implicit localhost does not match 'all'
ERROR! the role 'networking' was not found in /builds/papanito/infrastructure/playbooks/roles:/root/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/builds/papanito/infrastructure/playbooks
The error appears to have been in '/builds/papanito/infrastructure/playbooks/networking.yml': line 14, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
roles:
- { role: networking, become: true }
^ here
ERROR: Job failed: exit code 1
--------------------------------------------------------
显然是因为搜索了角色
roles/
相对于 playbook 文件的目录。
因此我ansible.cfg
定义了查看./roles
# additional paths to search for roles in, colon separated
roles_path = ./roles
因此,基于ansible 文档,我可以使用环境变量 ANSIBLE_CONFIG
,如下所示gitlab-ci.yml
variables:
SITE: "site.yml"
PLAYBOOKS: "playbooks/**/*.yml"
ANSIBLE_CONIG: "./ansible.cfg"
stages:
- verify
before_script:
.....
ansible-verify:
stage: verify
script:
- ansible-lint -v $SITE
- ansible-lint -v $PLAYBOOKS
- ansible-playbook --syntax-check $SITE
- ansible-playbook --syntax-check $PLAYBOOKS
但我仍然得到上面的错误。我想念什么?
site.yml
- import_playbook: playbooks/networking.yml
- import_playbook: playbooks/monitoring.yml
playbooks/networking.yml
- name: Setup default networking
hosts: all
roles:
- { role: networking, become: true }
- { role: oefenweb.fail2ban, become: true }
解决方案
看起来像层次结构设置问题,角色引导程序、网络中没有关联的任务;相反,这些剧本看起来位于另一个名为 playbooks 的文件夹中。
参考目录布局:https ://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html
推荐阅读
- c - 使用 rtnetlink 监控路由变化时,如何获得新的路由指标?
- javascript - 如何从html表单获取价值到javascript
- javascript - 用表情符号替换字符串的最有效方法
- forms - 如何在 TYPO3 表单管理器中对表单进行排序?
- python-3.x - 如何使用python将额外的时间添加到带有数据的时间列中
- angular - 如何在 FormControl Angular 上设置自定义验证器
- python - Git命令行语法的含义?
- azure-devops - NuGet Push 任务,在 Target Feed 中输入变量名
- ios - 获取 PHAsset 修改日期
- pandas - zeppelin pyspark 中没有名为 pandas 的模块