如何在清单文件中使用 ansible-vault 加密密码?
[英]How can I use an ansible-vault encrypted password in inventory file?
问题描述
I want to use encrypted passoword in my inventory file with ansible-vault, then run playbooks against that file.
我想在带有 ansible-vault 的清单文件中使用加密密码,然后针对该文件运行剧本。 Something like:就像是:
ansible-playbook --ask-vault-pass -i inventory test.yml
I tried for single password for all the hosts and it worked fine, but need to use different password for different hosts.我尝试为所有主机使用单一密码,效果很好,但需要为不同的主机使用不同的密码。 How we can use the variable generated using ansible-vault in inventory file?我们如何在清单文件中使用使用 ansible-vault 生成的变量?
Below is the code I have tired:下面是我累了的代码:
Generate ansible-vault encrypted string生成 ansible-vault 加密字符串
ansible-vault encrypt_string 'abc123' --name ansible_ssh_pass > a_password_file
test.yml file test.yml 文件
- hosts: hostgroup_1
vars_files:
- a_password_file
tasks:
- command: date
register: output
- debug:
msg: "{{ output.stdout }}"
inventory file:库存文件:
[hostgroup_1]
xxx.xxx.com ansible_host=xx.xx.xx.xx ansible_user=root
xxx.xxx.com ansible_host=xx.xx.xx.xx ansible_user=root
[hostgroup_2]
xxx.xxx.com ansible_host=xx.xx.xx.xx ansible_user=root
Output:输出:
ansible-playbook -i inventory --ask-vault-pass test.yml
Vault password:
PLAY [valut test] *****************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************
ok: [xxx.xxx.com]
ok: [xxx.xxx.com]
TASK [command] ********************************************************************************************************************************************
changed: [xxx.xxx.com]
changed: [xxx.xxx.com]
TASK [debug] **********************************************************************************************************************************************
ok: [xxx.xxx.com] => {
"msg": "XXX XXX XX XX:XX:XX XXX XXXX"
}
ok: [xxx.xxx.com] => {
"msg": "XXX XXX XX XX:XX:XX XXX XXXX"
}
PLAY RECAP ************************************************************************************************************************************************
xxx.xxx.com : ok=3 changed=1 unreachable=0 failed=0
xxx.xxx.com : ok=3 changed=1 unreachable=0 failed=0
In the above code I used same ansible_ssh_pass for all the hosts, but want to use below inventory file which include different passoword for each hosts在上面的代码中,我对所有主机使用了相同的 ansible_ssh_pass,但想使用下面的清单文件,其中包含每个主机的不同密码
inventory file:库存文件:
[hostgroup_1]
xxx.xxx.com ansible_host=xx.xx.xx.xx ansible_user=root ansible_ssh_pass=abc123
xxx.xxx.com ansible_host=xx.xx.xx.xx ansible_user=root ansible_ssh_pass=123abc
[hostgroup_2]
xxx.xxx.com ansible_host=xx.xx.xx.xx ansible_user=root ansible_ssh_pass=xyz098
1 个解决方案
解决方案1
3 已采纳 2018-02-08 13:35:16
Save vault encrypted files in host_vars subdirectory under the inventory, for each host respectively.分别为每个主机在清单下的host_vars子目录中保存保险库加密文件。
See Splitting Out Host and Group Specific Data for details.有关详细信息,请参阅拆分主机和组特定数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.