如何在ansible剧本中调用加密密码?

时间:2019-04-08 09:24:56

标签: ansible ansible-2.x

如何在Ansible中加密密码以执行Windows Playbook?

已启用Kerberos身份验证

编辑剧本时,其他人不会看到加密的密码

1 个答案:

答案 0 :(得分:1)

从Ansible 2.4开始,您可以使用ansible-vault加密字符串并放入剧本和角色中。您必须创建Vault密码并运行以下代码:

$ ansible-vault encrypt_string --ask-vault-pass --stdin-name 'password'
New Vault password: 
Confirm New Vault password: 
Reading plaintext input from stdin. (ctrl-d to end input)
SecretPassword123
password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65316563643063333532303262343166333232313034303333386330333635313433383236656337
          3634653534353630663131656531663162376161333030350a363434343961666535316366643135
          33326462393934633930336261373532666239653834316235666638613164616538306536396634
          6432343763336135320a386263663736396164343065323233656134656262653238643038633665
          39363631666630623062356238663165343737346535396237646461303938383230
Encryption successful

然后将加密的密码粘贴到变量中,如下所示:

username: "user01"
password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65316563643063333532303262343166333232313034303333386330333635313433383236656337
          3634653534353630663131656531663162376161333030350a363434343961666535316366643135
          33326462393934633930336261373532666239653834316235666638613164616538306536396634
          6432343763336135320a386263663736396164343065323233656134656262653238643038633665
          39363631666630623062356238663165343737346535396237646461303938383230
some_other_variable: "1234"
one_more_variable: "4444"

运行您的剧本。但是,在运行ansible-playbook时,请不要忘记使用保管库密码。它可以用作--ask-vault-pass的参数或在--vault-password-file

中描述的文件中
相关问题
最新问题