使用Ansible Vault加密内容
Ansible 加密敏感数据
[root@ansible-server ~]# ansible-vault create secret.yml
newusers:
- name: ansibleuser1
pw: redhat
- name: ansibleuser2
pw: $Re4H1t@
[root@ansible-server ansible]# cat create_users.yml
- name: create user accounts for all our servers
hosts: client
vars_files:
- secret.yml
tasks:
- name: create users
user:
name: "{{ item.name }}"
password: "{{ item.pw | password_hash('sha512') }}"
with_items: "{{ newusers }}"
[root@ansible-server ansible]# ansible-playbook --syntax-check --ask-vault-pass create_users.yml
Vault password:
playbook: create_users.yml
[root@ansible-server ansible]# echo redhat > vault.pass
[root@ansible-server ansible]# chmod 0600 vault.pass
[root@ansible-server ansible]# ansible-playbook --syntax-check --vault-password-file=vault.pass create_users.yml
playbook: create_users.yml
[root@ansible-server ansible]# ansible-playbook --vault-password-file=vault.pass create_users.yml
PLAY [create user accounts for all our servers] *********************************************************************************
TASK [Gathering Facts] **********************************************************************************************************
ok: [172.16.216.182]
ok: [172.16.216.181]
TASK [create users] *************************************************************************************************************
changed: [172.16.216.182] => (item={u'name': u'ansibleuser1', u'pw': u'redhat'})
changed: [172.16.216.181] => (item={u'name': u'ansibleuser1', u'pw': u'redhat'})
changed: [172.16.216.182] => (item={u'name': u'ansibleuser2', u'pw': u'$Re4H1t@'})
changed: [172.16.216.181] => (item={u'name': u'ansibleuser2', u'pw': u'$Re4H1t@'})
PLAY RECAP **********************************************************************************************************************
172.16.216.181 : ok=2 changed=1 unreachable=0 failed=0
172.16.216.182 : ok=2 changed=1 unreachable=0 failed=0
[root@ansible-server ansible]# ssh ansibleuser1@172.16.216.181
ansibleuser1@172.16.216.181's password:
the hostname is ansible-client1.liuxplus.com
today's date is 2018-10-11
[ansibleuser1@ansible-client1 ~]$ exit
登出
Connection to 172.16.216.181 closed.
[root@ansible-server ansible]# ssh ansibleuser1@172.16.216.182
ansibleuser1@172.16.216.182's password:
the hostname is ansible-client2.linuxplust.com
today's date is 2018-10-11
[ansibleuser1@ansible-client2 ~]$ exit
登出
Connection to 172.16.216.182 closed.
[root@ansible-server ansible]# ssh ansibleuser2@172.16.216.181
ansibleuser2@172.16.216.181's password:
the hostname is ansible-client1.liuxplus.com
today's date is 2018-10-11
[ansibleuser2@ansible-client1 ~]$ exit
登出
Connection to 172.16.216.181 closed.
[root@ansible-server ansible]# ssh ansibleuser2@172.16.216.182
ansibleuser2@172.16.216.182's password:
the hostname is ansible-client2.linuxplust.com
today's date is 2018-10-11
[ansibleuser2@ansible-client2 ~]$ exit
登出
Connection to 172.16.216.182 closed.
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了