很多时候,我们希望一些敏感的变量统一存放在aws ssm中 ,也就是Aws Parameter Store
首先,我们要明确一点,Aws Parameter Store 中存放的是一对 key: value
而且,对于key来说,没有目录层级的情况,所有的变量都在同一级别,但是!我们可以将变量的Key命名成类似的形式:
/secret/503error/test1
/secret/503error/test2
这样变相的实现了文件夹的形式,变量存放好之后我们如何调用呢?
首先,我们需要在本机配置好环境变量,也就是aws 的aws_access_key_id 和 aws_secret_access_key,也就是说,我们想读取SSM里边的变量,肯定要有权限才可以
核心的部分:
|
1 2 3 |
- name: get info from ssm set_fact: aws_ssm_ecs_vars: "{{ lookup('aws_ssm', '/secret/503error/', region='us-east-1', bypath=true, recursive=true, shortnames=true) }}" |
上边这句话的意思是,将aws ssm中,以/secret/503error/开头的变量,递归的方式全部赋值给aws_ssm_ecs_vars
然后,我们就可以通过aws_ssm_ecs_vars.test1来调用了(注意,此处不需要完整路径)
看完整例子:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
--- - hosts: localhost gather_facts: no tasks: - name: get info from ssm set_fact: aws_ssm_ecs_vars: "{{ lookup('aws_ssm', '/secret/503error/', region='us-east-1', bypath=true, recursive=true, shortnames=true) }}" - name: show me the aws_ssm_test_var(only for demo) debug: var: aws_ssm_ecs_vars - name: show me the test1 debug: var: aws_ssm_ecs_vars.test1 |
看Playbook的运行情况:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
ansible-playbook test.yml [WARNING]: No inventory was parsed, only implicit localhost is available [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' PLAY [localhost] ***************************************************************************************************************** TASK [get info from ssm] ********************************************************************************************************* ok: [localhost] TASK [show me the aws_ssm_test_var(only for demo)] ******************************************************************************** ok: [localhost] => { "aws_ssm_ecs_vars": { "test1": "Param_test1", "test2": "param2_test2" } } TASK [show me the test1] ********************************************************************************************************* ok: [localhost] => { "aws_ssm_ecs_vars.test1": "Param_test1" } PLAY RECAP *********************************************************************************************************************** localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 |
Latest posts by Zhiming Zhang (see all)
- aws eks node 自动化扩展工具 Karpenter - 8月 10, 2022
- ReplicationController and ReplicaSet in Kubernetes - 12月 20, 2021
- public key fingerprint - 5月 27, 2021