Lookup Plugin and Remote-Execution
57 views
Skip to first unread message
Marc Schlegel
May 14, 2021, 10:24:49 AM5/14/21
to Ansible Project
Hello everyone
I have to encrypt content in some configuration files on a target host by using encryption utilities provided by middleware (JBoss, Openliberty). The nicest solution would be, to encrypt the text while the template (for the config file) is being processed.
All that is needed is something like the "pipe" lookup plugin, just executed on the target machine of the current task. I know that lookup plugins are executed on the Ansible controller, but nothing should stop me from writing my own lookup-plugin which does the remote execution. Of course this would drastically slow down the template processing but it would be worth it.
My question is, is this feasible at all? Or is there some logic in how the lookup plugin is called which prevent us from doing something like this?
What I dont want to do is to roll a custom "ssh connect-here-logic", since our envrionments are quite complex so I hoped that a potential plugin could use some runtime information and just execute a remote command somehow.
Of course the other solution is to write the password from the template with some prefex and then replace those things on the target machine using some facts.
regards
Marc
Luca 'remix_tj' Lorenzetto
May 14, 2021, 10:27:34 AM5/14/21
to ansible...@googlegroups.com
and what about running a command on target host, save the output on a
fact and then use in template: module?
Luca
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenze...@gmail.com>
Brian Coca
May 14, 2021, 10:56:00 AM5/14/21
to Ansible Project
shell/command/raw modules do on hte remote what the 'pip lookup' does
locally, just register the output and use that variable in the
template.
--
----------
Brian Coca
locally, just register the output and use that variable in the
template.
--
----------
Brian Coca
Marc Schlegel
May 14, 2021, 6:28:53 PM5/14/21
to Ansible Project
Thats what I thought first but unfortunately my password are within a list of multiple elements, sometimes also deeper in a list of dicts. Since all of them are processed by the template registering a fact and then selecting the correct fact is (from my perspective) impossible.
Reply all
Reply to author
Forward
0 new messages