Ansible and Sops files
260 views
Skip to first unread message
J M
Sep 12, 2023, 5:56:23 AM9/12/23
to Ansible Project
Hi,
I'm using some Sops files inside one ansible project.
Version is 8.3.0 - core 2.15.3
When launch one playbook shows warnings like:
[WARNING]: Skipping key (aaa) in group (bbb) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
...
...
How do I prevent those warnings from appearing?
I need extra configuration?
Regards,
Cesar Jorge
Brian Coca
Sep 12, 2023, 10:12:17 AM9/12/23
to ansible...@googlegroups.com
You do not give enough details, the message seems to indicate
malformed YAML, could you show the files involved?
--
----------
Brian Coca
malformed YAML, could you show the files involved?
--
----------
Brian Coca
J M
Sep 12, 2023, 12:22:53 PM9/12/23
to Ansible Project
Hi,
Yes (I have secrets here, then I cut):
One file example is: inventory/dev/ssh.yml
Then the sops encrypted file has this text in clear (sops -d file):
# This file is...
data:
sshpriv1: |
TEXT1
data:
sshpriv1: |
TEXT1
sshpub.pub: |
TEXT2
The warnings show like:
[WARNING]: Skipping key (MYKEY1) in group (data) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (MYKEY2) in group (data) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (MYKEY3 ) in group (data) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (MYKEY4) in group (data) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (kms) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (gcp_kms) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (azure_kv) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (hc_vault) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (age) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (lastmodified) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (mac) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (pgp) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (unencrypted_suffix) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (version) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (MYKEY2) in group (data) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (MYKEY3 ) in group (data) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (MYKEY4) in group (data) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (kms) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (gcp_kms) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (azure_kv) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (hc_vault) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (age) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (lastmodified) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (mac) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (pgp) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
[WARNING]: Skipping key (unencrypted_suffix) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
[WARNING]: Skipping key (version) in group (sops) as it is not a mapping, it is a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'>
The playbook works, but show these warns.
ansible-playbook -v -i inventory/dev ...
Also I'm using in Ansible configuration file:
callback_result_format=yaml
The sops version is 3.7.3.
Ah, at the moment that I write this, the inventory file is:
inventory/dev/hosts.yml
When I change the launch as:
ansible-playbook -v -i inventory/dev/hosts.yml ...
The warns dissapear. Hum, howto exclude with Ansible any encrypted files to use "inventory/dev"?
Or howto reorder this structure?
Regards,
Cesar Jorge
Brian Coca
Sep 12, 2023, 12:35:01 PM9/12/23
to ansible...@googlegroups.com
You are trying to use a vars file as an inventory also, that is why
you are getting those warnings. move it into a host_vars or group_vars
directory instead
--
----------
Brian Coca
you are getting those warnings. move it into a host_vars or group_vars
directory instead
--
----------
Brian Coca
J M
Sep 12, 2023, 12:38:31 PM9/12/23
to Ansible Project
Hum, but I would no longer have my inventory (machine location, ips, and their secrets...) centralized in one place
Reply all
Reply to author
Forward
0 new messages