登录
当前位置: 首页 > 工具软件 > ansible-for-devops > 使用案例 >

红帽RHCE之Ansible-8-vault

昝光临
2023-12-01

Ansible-8-vault

  • 加密功能
//加密
[student@workstation data-variables]$ ansible-vault create test.yml
New Vault password: 
Confirm New Vault password: 

//查看文件,是乱码
[student@workstation data-variables]$ cat test.yml 
$ANSIBLE_VAULT;1.1;AES256
35613961396164333763656665643537303630343738623631363163613965363132656234653066
3064616361336565343036623264396266303031626335300a363232313730343539666234656465
38346363393030316664393732613233613836663733383637346638363732386164313762333861
6531363563386462330a343737616336386638326530396461656338646430643065326265633363
30316635613665326432333734626632633862326163653436346131626634393139

//编辑
[student@workstation data-variables]$ ansible-vault edit test.yml 
Vault password: 

//被vault加密的文件需要ansible-vault view命令查看,查看时候需要输入密码
[student@workstation data-variables]$ ansible-vault view test.yml 
Vault password: 

web_pkg: samba

//修改密码
[student@workstation data-variables]$ ansible-vault rekey test.yml 
Vault password: 
New Vault password: 
Confirm New Vault password: 
Rekey successful

//解密
[student@workstation data-variables]$ ansible-vault decrypt test.yml 
Vault password: 
Decryption successful
[student@workstation data-variables]$ cat test.yml 

web_pkg: samba

//加密
[student@workstation data-variables]$ ansible-vault encrypt test.yml
New Vault password: 
Confirm New Vault password: 
Encryption successful
[student@workstation data-variables]$ cat test.yml 
$ANSIBLE_VAULT;1.1;AES256
61663566383131393834643733336461396437613738376230333036663561363735366339326665
6638356639643565306632623530643766646239633465310a623765323130376130653532343766
66633365663939386131643832636261343239323339363731666539323836306137313239633365
3635623335646162640a303338613137373765393037373361303666393639643566663664626533
61623836376338343530376237383161373663623162633938393462373765313230

//解密输出到另一个文件,保留原加密文件
[student@workstation data-variables]$ ansible-vault decrypt test.yml --output=test-1.yml
Vault password: 
Decryption successful
[student@workstation data-variables]$ cat test-1.yml 

web_pkg: samba
[student@workstation data-variables]$ cat test.yml 
$ANSIBLE_VAULT;1.1;AES256
61663566383131393834643733336461396437613738376230333036663561363735366339326665
6638356639643565306632623530643766646239633465310a623765323130376130653532343766
66633365663939386131643832636261343239323339363731666539323836306137313239633365
3635623335646162640a303338613137373765393037373361303666393639643566663664626533
61623836376338343530376237383161373663623162633938393462373765313230

//使用mima.yml里面记录的密码进行test.yml解密
[student@workstation data-variables]$ vim mima.yml
[student@workstation data-variables]$ ansible-vault --vault-password-file=./mima.yml view test.yml

web_pkg: samba
[student@workstation data-variables]$ cat mima.yml 
1

//运行加密的文件(新版本)
[student@workstation data-variables]$ ansible-vault encrypt playbook.yml 
New Vault password: 
Confirm New Vault password: 
Encryption successful
[student@workstation data-variables]$ ansible-playbook playbook.yml 
ERROR! Attempting to decrypt but no vault secrets found
[student@workstation data-variables]$ ansible-playbook --vault-id @prompt playbook.yml 
Vault password (default): 

//运行加密的文件(老版本)
[student@workstation data-variables]$ ansible-playbook --ask-vault-pass playbook.yml 
Vault password:

valut练习

//开始练习
[student@workstation data-variables]$ lab data-secret start

Setting up workstation for lab exercise work:

 · Verifying Ansible installation..............................  SUCCESS
 · Creating working directory..................................  SUCCESS
 · Downloading secret.yml file.................................  SUCCESS
 . Creating inventory directory................................  SUCCESS
 . Creating Ansible configuration file.........................  SUCCESS
 . Creating host file..........................................  SUCCESS

[student@workstation data-secret]$ cat ansible.cfg 
[defaults]
inventory = /home/student/data-secret/inventory/hosts
[student@workstation data-secret]$ cat inventory/hosts 
[devservers]
servera.lab.example.com
[student@workstation data-secret]$ cat secret.yml 
$ANSIBLE_VAULT;1.1;AES256
65373530353139616233366166646564386539313665396638353966653532393235666165363839
6662303662616463653936663236346465336535353031380a356539333764383566376361383036
32346639616537303136353862636264646265616564333537623932343966656238323034633232
6438343037383834330a386235323432646331323335383432386338623731393239653533363662
61613532313834343763303738393662646564653634616661613065643764656363303564616130
37366234336563636662373530366531396532626362373536636633656230616639633936333639
63366536326264373761653563646331333532663665386533666134393831366335343462373861
34366538666266666232636530396634346430303066316163386339653261363237623430383939
31333734653637363365306638336161303365646134623239386566633139363437636131363136
32633634663466646265373030346462646534333338316161643733663865636462303238393039
633663316238333665373937626363663434
[student@workstation data-secret]$ ansible-vault view secret.yml 
Vault password: 
username: ansibleuser1
pwhash: $6$jfnHouVKUTFMM1pm$39OVTp0ZL8FX.QbD1GoUCP12pNrTC2XzX9Ec0UhzwAM76A.B.Yrk8S.8xiSSnAc.j1lqg4gIRpSPEw0YuuxhP1
[student@workstation data-secret]$ cat playbook.yml 
---
- name: create user accounts for all our servers
  hosts: devservers
  become: true
  remote_user: devops
  vars_files:
          secret.yml
  tasks:
          - name: Creating user from secret.yml
            user:
                    name: "{{ username }}"
                    password: "{{ pwhash }}"

[student@workstation data-secret]$ ansible-playbook --ask-vault-pass playbook.yml 
Vault password: 

PLAY [create user accounts for all our servers] *******************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************************
ok: [servera.lab.example.com]

TASK [Creating user from secret.yml] ******************************************************************************************************************************************************************************************
changed: [servera.lab.example.com]

PLAY RECAP ********************************************************************************************************************************************************************************************************************
servera.lab.example.com    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

//结束练习
[student@workstation data-secret]$ lab data-secret finish

Cleaning up the lab on workstation:

 . Undoing the playbook tasks..................................  SUCCESS
 类似资料:

相关阅读

ansible 如何正确配置Ansible连接到Amazon Web Servicesphp微信公众号开发之现金红包JavaScript面试题(指针、帽子和女朋友)Java 8 Stream:limit()和skip()之间的区别UTF-8和UTF-16之间的区别?

相关文章

一汽红旗北京 兄弟们,开门红!7.23小红书笔试小红书前端(OC)小红书|人工智能算法岗小红书笔试0423

相关问答

如何安装PyAudio 0.2.11软呢帽403Spring Boot-2-钥匙帽-适配器Spring开机键帽身份验证失败Spring AMQP-@RabbitListener轮询是否在兜帽下?Ansible:在Ansible中,我如何只从FQDN获得IP地址?

相关文档

灰帽 Python 之旅Ansible 入门米斯特白帽培训讲义Python 黑帽编程(未更新完)Ansible 中文权威指南
快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.