kind: pipeline
steps:
- name: check ansible syntax
image: plugins/ansible:1
settings:
playbook: ansible/playbook.yaml
inventory: ansible/inventory
syntax_check: true
when:
event:
- push
- name: apply ansible playbook
image: plugins/ansible:1
settings:
playbook: ansible/playbook.yaml
inventory: ansible/inventory
private_key:
from_secret: ansible_private_key
when:
event:
- push
---
kind: secret
data:
ansible_private_key: ANSIBLE_PRIVATE_KEY
error:
“error”:“yaml: unmarshal errors:\n line 4: cannot unmarshal !!map into string”
I’m not sure what to do to get this working : [
Any suggestions?
are you trying to encrypt the secret as shown at this link?
https://docs.drone.io/configure/secrets/encrypted/
in this case it looks like your syntax is invalid. If you look at the syntax at the above link you will note that data should be set to the encrypted string value, not a map.
1 Like
Thanks for your help (I’ll give this a try tonight)
I currently have the secret setup this way
https://docs.drone.io/configure/secrets/repository/
Is the encrypted secret the preferred way?
I’m guessing the drone commands should be available on the drone server?
(I am new to drone and still learning the ropes)
Is the encrypted secret the preferred way?
nope, the reason I asked if you were trying to use encrypted secrets is because the yaml you provided had syntax that is only required when using encrypted secrets or external secrets.
since you are using registry secrets, the following section should be removed:
---
kind: secret
data:
ansible_private_key: ANSIBLE_PRIVATE_KEY
I also want to add that there are a lot of syntax and structural errors in the original example that do not match anything in the documentation. So be sure to read the documentation closely.
This is the documentation i followed:
http://plugins.drone.io/drone-plugins/drone-ansible/
Can you point me in the right direction?
let’s take a step back and look at how plugin parameters and secrets work. plugins are configured by setting key values in the settings section, like this:
settings:
username: octocat
password: correct-horse-battery-staple
sometimes you want these setting values to come from secrets, so that you do not need to store them in plain text in your yaml which would be insecure. You can therefore add named secrets through the user interface as shown below:
you can then modify your yaml, and source settings from secret like this:
settings:
username: octocat
password:
from_secret: docker_password
notice that we only needed to make a very small change to the yaml to use a secret:
settings:
username: octocat
- password: correct-horse-battery-staple
+ password:
+ from_secret: docker_password
once you understand the fundamentals of how secrets work, you can easily source any plugin setting from a secret value.
1 Like
That helps and makes sense : )
The rest I will test tonight.
Should I be following documenation outside the docs for the ansible plugin? (linked above)
This got it working.
It was the secret at the bottom. Since I am using a repo secret, I didn’t have to declare it there.
Thank you so much for your help (and your quick response). (I really do appreciate it because i had been dead in the water for a while)
kind: pipeline
name: default
steps:
- name: verify-ansible-playbook
image: plugins/ansible:1
settings:
playbook: ansible/playbook.yaml
inventory: ansible/inventory
syntax_check: true
when:
event:
- push
