Vagrantfile provision script credentials

huangapple
go评论51阅读模式
英文:

Vagrantfile provision script credentials

问题

Banging my head of a brick wall with this and have tried multiple methods without success so far. Hoping the Vagrant gurus out there can assist. I am trying to find a method of successfully removing the credential variables RH_username & RH_password so that they are not retained in source code but I cannot figure out how to remove them and construct the script and/or the provision inline correctly.

I don't really want to use $export VAR1 VAR2 ; vagrant reload etc and would prefer to have some sort of hidden 'secrets' file - I tried a couple of 'solutions' but was unable to construct the script/inline properly.

Hopefully this is an easy community answer.

$cat Vagrantfile (snipped to problem area)

RH_username = "XXXXX";
RH_password = "XXXXX";

script = %{
if ! sudo subscription-manager status; then
sudo subscription-manager register --username=#{RH_username} --password=#{RH_password}
fi
}

Vagrant.configure("2") do |config|
(1..NODES).each do |i|
config.vm.define "node#{i}" do |node|

  node.vm.provision "subscription-manager", type: "shell" do |subscription|
    subscription.inline = script
  end # node.vm.provision

end # config.vm.define

end # NODES loop
end # Vagrant.configure

Unable to hide credentials

Tried this idea from JustaGuyCoding.com

$vagrant --version
Vagrant 2.3.4

$vagrant plugin list
vagrant-vbguest (0.31.0, global)
vagrant-vmware-desktop (3.0.1, global)

$cat .vagrant/secrets.rb
module Secrets
RH_username = "XXXXX"
RH_password = "XXXXX"
end

$cat Vagrantfile (snipped)

require_relative '.vagrant/secrets.rb'
include Secrets

Vagrant.configure("2") do |config|
(1..NODES).each do |i|
config.vm.define "node#{i}" do |node|

  node.vm.provision "subscription-manager", type: "shell" do |subscription|
    subscription.inline = "sudo subscription-manager register --username=Secrets::RH_username --password=Secrets::RH_password"
  end # node.vm.provision

end # config.vm.define

end # NODES loop
end # Vagrant.configure

But it has not worked: it seems to pick up the secrets OK but they are not being extracted correctly in the provision inline statement

Error summary: The registration command actions but says incorrect username/password.

英文:

Banging my head of a brick wall with this and have tried multiple methods without success so far. Hoping the Vagrant gurus out there can assist. I am trying to find a method of successfully removing the credential variables RH_username & RH_password so that they are not retained in source code but I cannot figure out how to remove them and construct the script and/or the provision inline correctly.

I don't really want to use $export VAR1 VAR2 ; vagrant reload etc and would prefer to have some sort of hidden 'secrets' file - I tried a couple of 'solutions' but was unable to construct the script/inline properly.

Hopefully this is an easy community answer.

$cat Vagrantfile (snipped to problem area)

RH_username = "XXXXX"
RH_password = "XXXXX"

script = %{
if ! sudo subscription-manager status; then
  sudo subscription-manager register --username=#{RH_username} --password=#{RH_password}
fi
}

Vagrant.configure("2") do |config|
  (1..NODES).each do |i|
    config.vm.define "node#{i}" do |node|

      node.vm.provision "subscription-manager", type: "shell" do |subscription|
        subscription.inline = script
      end # node.vm.provision

    end # config.vm.define
  end # NODES loop
end # Vagrant.configure

Unable to hide credentials

Tried this idea from JustaGuyCoding.com

$vagrant --version
Vagrant 2.3.4

$vagrant plugin list
vagrant-vbguest (0.31.0, global)
vagrant-vmware-desktop (3.0.1, global)

$cat .vagrant/secrets.rb
module Secrets
        RH_username = "XXXXX"
        RH_password = "XXXXX"
end

$cat Vagrantfile (snipped)

require_relative '.vagrant/secrets.rb'
include Secrets

Vagrant.configure("2") do |config|
  (1..NODES).each do |i|
    config.vm.define "node#{i}" do |node|

      node.vm.provision "subscription-manager", type: "shell" do |subscription|
        subscription.inline = "sudo subscription-manager register --username=Secrets::RH_username --password=Secrets::RH_password"
      end # node.vm.provision

    end # config.vm.define
  end # NODES loop
end # Vagrant.configure

But it has not worked : it seems to pick up the secrets OK but they are not being extracted correctly in the provision inline statement

Error summary :
The registration command actions but says incorrect username/password.

ERROR

答案1

得分: 0

以下是代码部分的中文翻译:

我自己用一点蛮力弄清楚了(还好,哈哈)

BOX = "generic/rhel8"
NODES = 3
RAM = 2048

require_relative '.vagrant/secrets.rb'
include Secrets

unregister_script = %{
if sudo subscription-manager status; then
  sudo subscription-manager unregister
fi
}

Vagrant.configure("2") do |config|
  (1..NODES).each do |i|
    config.vm.define "node#{i}" do |node|

      node.vm.provision "subscription-manager", type: "shell" do |subscription|
        subscription.inline = "sudo subscription-manager register --username=#{USER} --password=#{PASS}"
        #subscription.inline = "sudo subscription-manager register --force --username=#{USER} --password=#{PASS}"
      end # node.vm.provision

      node.trigger.before :destroy do |unregister|
        unregister.name = "Unregister VM"
        unregister.info = "从 RedHat Subscription Manager 取消注册此虚拟机..."
        unregister.warn = "如果失败,请在 https://access.redhat.com/management/subscriptions 手动取消注册虚拟机"
        unregister.run_remote = {inline: unregister_script}
        unregister.on_error = :continue
      end # node.trigger.before

      node.vm.provision "repolist", type: "shell", run: "always" do |dnf|
        dnf.inline = "sudo dnf repolist"
      end # node.vm.provision

      node.vm.provider "vmware_workstation" do |vmware|
        vmware.gui = false
        vmware.memory = RAM
        vmware.vmx['displayname'] = "vagrant:node#{i}"
        vmware.vmx['guestos'] = "rhel8-64"
      end # node.vm.provider

      node.vm.box = BOX
      node.vm.hostname = "node#{i}"
      node.vm.boot_timeout = 1500
      node.vm.synced_folder "../share/", "/mnt/SHARE"
      node.vm.network "private_network", ip: "192.168.1.#{i + 10}"
    end # config.vm.define
  end # NODES 循环
end # Vagrant.configure

用于存储机密信息的 secrets 文件的内容如下:

$cat .vagrant/secrets.rb

module Secrets
        USER = "XXXXX"
        PASS = "XXXXX"
end

Vagrant 插件列表和版本信息如下:

$vagrant plugin list
vagrant-secret (0.0.1, 全局)
vagrant-vbguest (0.31.0, 全局)
vagrant-vmware-desktop (3.0.1, 全局)
$vagrant --version
Vagrant 2.3.4

请注意,代码和输出中的 "XXXXX" 部分表示敏感信息,已被遮蔽。

英文:

Figured it out with a bit of brute force myself (just as well lol)

BOX = "generic/rhel8"
NODES = 3
RAM = 2048
require_relative '.vagrant/secrets.rb'
include Secrets
unregister_script = %{
if sudo subscription-manager status; then
sudo subscription-manager unregister
fi
}
Vagrant.configure("2") do |config|
(1..NODES).each do |i|
config.vm.define "node#{i}" do |node|
node.vm.provision "subscription-manager", type: "shell" do |subscription|
subscription.inline = "sudo subscription-manager register --username=#{USER} --password=#{PASS}"
#subscription.inline = "sudo subscription-manager register --force --username=#{USER} --password=#{PASS}"
end # node.vm.provision
node.trigger.before :destroy do |unregister|
unregister.name = "Unregister VM"
unregister.info = "Unregistering this VM from RedHat Subscription Manager..."
unregister.warn = "If this fails, unregister VMs manually at https://access.redhat.com/management/subscriptions"
unregister.run_remote = {inline: unregister_script}
unregister.on_error = :continue
end # node.trigger.before
node.vm.provision "repolist", type: "shell", run: "always" do |dnf|
dnf.inline = "sudo dnf repolist"
end # node.vm.provision
node.vm.provider "vmware_workstation" do |vmware|
vmware.gui = false
vmware.memory = RAM
vmware.vmx['displayname'] = "vagrant:node#{i}"
vmware.vmx['guestos'] = "rhel8-64"
end # node.vm.provider
node.vm.box = BOX
node.vm.hostname = "node#{i}"
node.vm.boot_timeout = 1500
node.vm.synced_folder "../share/", "/mnt/SHARE"
node.vm.network "private_network", ip: "192.168.1.#{i + 10}"
end # config.vm.define
end # NODES loop
end # Vagrant.configure

For completeness the secrets file

$cat .vagrant/secrets.rb
module Secrets
USER = "XXXXX"
PASS = "XXXXX"
end
$vagrant plugin list
vagrant-secret (0.0.1, global)
vagrant-vbguest (0.31.0, global)
vagrant-vmware-desktop (3.0.1, global)
$vagrant --version
Vagrant 2.3.4

huangapple
  • 本文由 发表于 2023年3月8日 19:26:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/75672415.html
  • vagrant-provision
  • vagrantfile
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定