You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current workarround i need to start all ansible processes with the KSM_CACHE_DIR variable set. But then all my ansible-vault keyfiles which use KSM need to have an override to set the current working directory again for their process context.
or maybe after line 177 an additional KSMCache.kms_cache_file_name = os.path.join(os.environ.get(KeeperAnsible.ENV_CACHE_DIR, ""), 'ksm_cache.bin') is needed:
# We are using the cache, what directory should the cache file be stored in.cache_dir_key=KeeperAnsible.keeper_key(KeeperAnsible.KEY_CACHE_DIR)
iftask_vars.get(cache_dir_key) isnotNoneandos.environ.get(KeeperAnsible.ENV_CACHE_DIR) isNone:
os.environ[KeeperAnsible.ENV_CACHE_DIR] =task_vars.get(cache_dir_key)
KSMCache.kms_cache_file_name=os.path.join(os.environ.get(KeeperAnsible.ENV_CACHE_DIR, ""), 'ksm_cache.bin')
The text was updated successfully, but these errors were encountered:
There are multiple integrations used in an ansible setup with keeper. Currently they do not play nicely with each other in a DR event.
Maybe i can explain when i show you a concret error resulting from that stuff above
Error: Notation error - found multiple records with same UID ...
How that comes?
ksm when cache enabled without KSM_CACHE_DIR set would put a file ksm_cache.bin in the current directory. keeper_ansible when cache enabled AND EVEN WHEN keeper_cache_dir is set as ansible variable would ignore the value of this variable because "kms_cache_file_name set in the class". Hence keeper_ansible would use the same ksm_cache.bin in the current directory as ksm would use.
But the cache files have different purpose. See your own documentation.
In DR event both need to have their own cache file if they do not share the VERY same parameters! Otherwise DR event is just D :-)
I am not sure if the addition of the one line in the code base is sufficient or usefull. Currently I decided to be very explicit with setting KSM_CACHE_DIR in several occurrences.
secrets-manager/sdk/python/core/keeper_secrets_manager_core/core.py
Line 1679 in fab6c47
secrets-manager/integration/keeper_secrets_manager_ansible/keeper_secrets_manager_ansible/__init__.py
Lines 175 to 177 in fab6c47
Current workarround i need to start all ansible processes with the KSM_CACHE_DIR variable set. But then all my ansible-vault keyfiles which use KSM need to have an override to set the current working directory again for their process context.
or maybe after line 177 an additional
KSMCache.kms_cache_file_name = os.path.join(os.environ.get(KeeperAnsible.ENV_CACHE_DIR, ""), 'ksm_cache.bin')
is needed:The text was updated successfully, but these errors were encountered: