jdgue 发表于 2018-7-29 09:00:19

ansible_vault

1.  # Iventory,并未做ssh-copy,未明文写出remote_pwd
  $ cat /etc/ansible/hosts
  client_105 ansible_ssh_host=192.168.38.105 key=105
  2.
  # 定义ssh_pwd存放在pwd.yaml
  # tasks: 使用remote_pwd 获取hostname
  $ cat test_vault.yaml
  ---
  - hosts: all
  gather_facts: False
  vars_files:
  - pwd.yaml
  tasks:
  - name: get hostname
  shell: hostname
  register: info
  - name: print hostname
  debug: msg="the varible is {{ info }}"
  3.
  # 定义ssh密码文件
  # 此处必须为dict格式
  $ cat pwd.yaml
  ---
  ansible_ssh_pass: "client105"
  4.
  # 对pwd.yaml加密(输入加密key):
  $ ansible-vault encrypt pwd.yaml
  New Vault password:
  Confirm New Vault password:
  Encryption successful
  $ cat pwd.yaml
  $ANSIBLE_VAULT;1.1;AES256
  33636264323464613265343965616563343366333233313135373337636162396437333466643165
  6164323334303632613633666330643362313563356134330a326563363533656362396131323036
  64333734646564666238343036363836633038383532633339313837653831356338656465663863
  3339613638333765330a333161383131633534653532306464636231316466336534656466356338
  34643334356636613639623838306564626535643234643161653335376138666538636339663665
  3164633330313133633538396432333932353765636632373338
  5.
  # 验证:
  -- 交互运行playbook:
  ansible-playbooktest_vault.yaml --ask-vault-pass
  -- 文件保存key:
  ansible-playbook test_vault.yaml --vault-password-file ~/.ansible/duan.txt
  6. duan.txt
  $ cat ~/.ansible/duan.txt
  duan
页: [1]
查看完整版本: ansible_vault