Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hashivault_init does not return the generated keys in result #35

Closed
thalesac opened this issue Oct 25, 2017 · 7 comments
Closed

hashivault_init does not return the generated keys in result #35

thalesac opened this issue Oct 25, 2017 · 7 comments

Comments

@thalesac
Copy link

thalesac commented Oct 25, 2017
edited
Loading 

- hashivault_init:
  register: 'vault_init'
  environment:
    VAULT_ADDR: "{{ VAULT_ADDR }}"
  when: vault_init
  run_once: yes

- debug: msg="{{vault_init}}"

The debug returns:

TASK [platform-vault-init : debug] ******************************************************************
ok: [10.0.20.143] => {
    "msg": true
}

It's missing the keys.

This seems to be the culprit: https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/ansible/modules/hashivault/hashivault_init.py#L101

Any ideas?
@TerryHowe
Copy link
Owner

Here is the working functional test if that helps: https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/functional/test_init.yml

The only odd thing I notice is you register vault_init, but have some environment variable of the same name and I assume that is what gets printed.

@thalesac
Copy link
Author

Many thanks Terry, totally my mistake.
I hurried up to open the issue.
My apologies, you can close this ticket.
Also, Many thanks for your work on this module.

@dizzler
Copy link
Contributor

dizzler commented Oct 25, 2017 via email

@thalesac
Copy link
Author

Many thanks @dizzler . That was the issue.

Another thing I just came across: I'm trying to re-use the newly generated keys to unseal the vault just after the init:

- hashivault_unseal:
    keys: '{{ vault_init_keys.keys_base64 }}'
  environment:
    VAULT_ADDR: "{{ VAULT_ADDR }}"
  when: vault_init_keys

This doesn't work.
As far as I could see, the VAULT_KEYS expect a space separated keys and the vault_init_keys is an array.

If you have any ideas on that would be great.

@thalesac
Copy link
Author

Replying my own question, I came up with this:

- hashivault_unseal:
    keys: '{{ vault_init_keys.keys_base64.0 }} {{ vault_init_keys.keys_base64.1 }} {{ vault_init_keys.keys_base64.2 }}'
  environment:
    VAULT_ADDR: "{{ VAULT_ADDR }}"
  when: vault_init_keys

In the future might me nice to generate this automatically.

Thanks all of you.

@TerryHowe
Copy link
Owner

This is how the function tests do it although your solution is fewer lines

https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/functional/test_init.yml#L17-L21

@TerryHowe
Copy link
Owner

I guess one other thing, you should be able to specify VAULT_ADDR as an argument rather than the environment if you like

- hashivault_unseal:
    keys: '{{ vault_init_keys.keys_base64.0 }} {{ vault_init_keys.keys_base64.1 }} {{ vault_init_keys.keys_base64.2 }}'
    url: "{{ VAULT_ADDR }}"
  when: vault_init_keys

I didn't test that, but it should work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TerryHowe @thalesac @dizzler