Ansible 加密敏感数据
[root@ansible-server ~]# ansible-vault create secret.yml
newusers:
- name: ansibleuser1
pw: redhat
- name: ansibleuser2
pw: $Re4H1t@
[root@ansible-server ansible]# cat create_users.yml
- name: create user accounts for all our servers
hosts: client
vars_files:
- secret.yml
tasks:
- name: create users
user:
name: "{{ item.name }}"
password: "{{ item.pw | password_hash('sha512') }}"
with_items: "{{ newusers }}"
[root@ansible-server ansible]# ansible-playbook --syntax-check --ask-vault-pass create_users.yml
Vault password:
playbook: create_users.yml
[root@ansible-server ansible]# echo redhat > vault.pass
[root@ansible-server ansible]# chmod 0600 vault.pass
[root@ansible-server ansible]# ansible-playbook --syntax-check --vault-password-file=vault.pass create_users.yml
playbook: create_users.yml
[root@ansible-server ansible]# ansible-playbook --vault-password-file=vault.pass create_users.yml
PLAY [create user accounts for all our servers] *********************************************************************************
TASK [Gathering Facts] **********************************************************************************************************
ok: [172.16.216.182]
ok: [172.16.216.181]
TASK [create users] *************************************************************************************************************
changed: [172.16.216.182] => (item={u'name': u'ansibleuser1', u'pw': u'redhat'})
changed: [172.16.216.181] => (item={u'name': u'ansibleuser1', u'pw': u'redhat'})
changed: [172.16.216.182] => (item={u'name': u'ansibleuser2', u'pw': u'$Re4H1t@'})
changed: [172.16.216.181] => (item={u'name': u'ansibleuser2', u'pw': u'$Re4H1t@'})
PLAY RECAP **********************************************************************************************************************
172.16.216.181 : ok=2 changed=1 unreachable=0 failed=0
172.16.216.182 : ok=2 changed=1 unreachable=0 failed=0
[root@ansible-server ansible]# ssh ansibleuser1@172.16.216.181
ansibleuser1@172.16.216.181's password:
the hostname is ansible-client1.liuxplus.com
today's date is 2018-10-11
[ansibleuser1@ansible-client1 ~]$ exit
登出
Connection to 172.16.216.181 closed.
[root@ansible-server ansible]# ssh ansibleuser1@172.16.216.182
ansibleuser1@172.16.216.182's password:
the hostname is ansible-client2.linuxplust.com
today's date is 2018-10-11
[ansibleuser1@ansible-client2 ~]$ exit
登出
Connection to 172.16.216.182 closed.
[root@ansible-server ansible]# ssh ansibleuser2@172.16.216.181
ansibleuser2@172.16.216.181's password:
the hostname is ansible-client1.liuxplus.com
today's date is 2018-10-11
[ansibleuser2@ansible-client1 ~]$ exit
登出
Connection to 172.16.216.181 closed.
[root@ansible-server ansible]# ssh ansibleuser2@172.16.216.182
ansibleuser2@172.16.216.182's password:
the hostname is ansible-client2.linuxplust.com
today's date is 2018-10-11
[ansibleuser2@ansible-client2 ~]$ exit
登出
Connection to 172.16.216.182 closed.