如何在Ansible清单中的加密变量文件(文件库)中使用密码?

时间:2017-12-15 15:33:45

标签: ansible ansible-inventory

我是Ansible的新手,并且在与库存文件相结合的情况下与Ansible保险库斗争。

我想要实现的是更新三台机器的剧本。其中两台机器需要密码(sudo),所以我可以成为root。

所以这是我的剧本......

---
- name: update all hosts, make sure default software is installed

  hosts:
    - vhosts
    - physical

  vars_files:
    - 'vars/main.yml'

  tasks:

    - name: Update apt cache
      apt: update_cache=yes

    - name: Upgrade packages
      apt: upgrade=dist

...这是我的库存(文件名inventory),密码仍然是纯文本:

[vhosts]
10.0.0.1    ansible_user=root

[physical]
10.0.0.200  ansible_user=xxx  ansible_become=yes  ansible_become_method=sudo  ansible_become_pass=secretpassword1
10.0.0.201  ansible_user=yyy  ansible_become=yes  ansible_become_method=sudo  ansible_become_pass=secretpassword2

这很好。

原因我不想在广告资源中使用secretpassword1secretpassword2。所以我创建了一个保管库(存储在文件vars/main.yml中,看起来像这样:

---
- vars:
    pass1:secretpassword1
    pass2:secretpassword2

我将库存文件更改为:

[vhosts]
10.0.0.1    ansible_user=root

[physical]
10.0.0.200  ansible_user=xxx  ansible_become=yes  ansible_become_method=sudo  ansible_become_pass="{{ pass1 }}"
10.0.0.201  ansible_user=yyy  ansible_become=yes  ansible_become_method=sudo  ansible_become_pass="{{ pass2 }}"

现在当我尝试用ansible-playbook update.yml -i inventory --ask-vault-pass执行善意时,我收到以下错误:

fatal: [10.0.0.200]: FAILED! => {"msg": "The field 'become_pass' has an invalid value, which includes an undefined variable. The error was: 'pass1' is undefined\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'pass1' is undefined"}
fatal: [10.0.0.201]: FAILED! => {"msg": "The field 'become_pass' has an invalid value, which includes an undefined variable. The error was: 'pass2' is undefined\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'pass2' is undefined"}

好像我无法正确定义变量。但我完全不知道如何这样做。如果有人能帮助我,我会非常高兴。感谢。

1 个答案:

答案 0 :(得分:2)

使您的保管库文件如下所示:

---
pass1: secretpassword1
pass2: secretpassword2

您的错误:

  1. 您在YAML文件中以不正确的格式定义变量。