Question

为了改进我的团队的我的AWX管理,目前试图没收Hashicorp Vault证书,但一米带有一些错误和怀疑。

通常,在我的“圣能”项目中,我从一个德比亚服务器上运行,用像这样的眼光设立防弹秘密。

### Vault Configuration
ansible_hashi_vault_token="{{ lookup( env , VAULT_ANSIBLE ) }}"

my_secret="{{ lookup( community.hashi_vault.vault_kv2_get ,  my_secret , engine_mount_point= kv/ , token=ansible_hashi_vault_token) }}"

#### Credentials (compte de service ansible) ####
ansible_user="{{ my_secret.secret.ansible_user_from_vault}}"

可行办法将谋求环境变数,即: ANSIBLE是向我的违约服务器发出信号的结果。该法律允许在不写成法典中任何标志的情况下经营游戏。

www.un.org/Depts/DGACM/index_spanish.htm 如今,在AWX增加项目后,一米试图使Vault部分发挥作用 =>。

I created Credentials with HashiCorp Vault Secret Lookup as you can see here. Simply add Server URL + Token for testing.
When I click on Test, no matter what secrets I want to retrieve I always have this error

www.un.org/Depts/DGACM/index_spanish.htm 我的问题:。

which log file can give me more information about the credentials/api call to Vault?
Is there any thing I miss for this peculiar configuration ? I tried to add my root.CA in the corresponding field, but still the same error.
is there a proper way/another way to use Vault lookup within AWX ?

我在很多论坛上看到,人们正在创造习惯的增殖型,然后使用“因子”器进行ault视。

Thanks a lot for your help Gael

EDIT 12 12 2023 Found the logs (using kubectl logs my-pod) corresponding to the Test credential. Seems to be a django Bad Request but don t know how to investigate that;

2023-12-12 14:40:40,628 WARNING  [4fdf7cfc36804499b34fa50a28369fb7] awx.api.generics status 400 received by user admin attempting to access /api/v2/credentials/5/test/ from 10.10.10.10
2023-12-12 14:40:40,635 WARNING  [4fdf7cfc36804499b34fa50a28369fb7] django.request Bad Request: /api/v2/credentials/5/test/
2023-12-12 14:40:40,635 WARNING  [4fdf7cfc36804499b34fa50a28369fb7] django.request Bad Request: /api/v2/credentials/5/test/
10.10.10.10 - - [12/Dec/2023:14:40:40 +0000] "POST /api/v2/credentials/5/test/ HTTP/1.1" 400 21 "https://my-awx.net/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0" "10.230.173.133"
[pid: 23|app: 0|req: 228/1089] 172.20.245.206 () {72 vars in 2440 bytes} [Tue Dec 12 14:40:40 2023] POST /api/v2/credentials/5/test/ => generated 21 bytes in 76 msecs (HTTP/1.1 400) 14 headers in 598 bytes (1 switches on core 0)

Answer 1

你们是否知道了吗?

我也试图这样做。目前,我已经用弹.和AWX操作器粉碎的地方组群。

我也想建立这样的机构,使美国妇女银行能够读到无记名,结果必须反映在美国妇女银行的证书中。

I ve attached the policy, role, and auth type in the vault.

然而,当我从AWX认证,而不给它以印本时,它就回了你同样的错误:django Bad Request。

但是,如果我给它以虚伪的话,它将通过测试。

I am trying to let vault generate the token and assign it the AWX request.

我希望,我是感知的。

友情链接