差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

兩邊的前次修訂版 前次修改
下次修改		 前次修改
tech:ansible [2023/09/03 22:33] – [參考網址] jonathantech:ansible [2023/12/29 17:40] (目前版本) jonathan
行 123: 行 123:
 </cli> </cli>
  
 +===== 常見問題 =====
 +==== 1. 如何對 ansible_ssh_pass 這類登入密碼進行加密 ====
 +  * 使用 ansible-vault encrypt_string 登入密碼 --ask-vault-pass 方式來對要保護的密碼 Exp. MyPassword 產生加密, 並以 KeyPass 當解密密碼<cli>
 +$ ansible-vault encrypt_string MyPassword --ask-vault-pass
 +New Vault password: KeyPass
 +Confirm New Vault password: KeyPass
 +!vault |
 +          $ANSIBLE_VAULT;1.1;AES256
 +          63613230353861653733633761663630643564323330613263343061656163383731386364666366
 +          3430303131616563616634386130613461636433383730360a663130653463313465623837373335
 +          61336333643663343535396339633165653334336236363032613130636537336664646535666666
 +          3863306137663763610a313034383233626563336365303431313564316338653363636432386438
 +          3736
 +Encryption successful
 +</cli>
 +  * 將這加密後的內容取代 ansible_ssh_pass 原本的明碼部分 Exp. <file>
 +:
 +  hosts:
 +    aac:
 +      ansible_host: 192.168.11.249
 +      ansible_ssh_pass: "MyPassword"
 +:
 +</file>改成<file>
 +:
 +  hosts:
 +    aac:
 +      ansible_host: 192.168.11.249
 +      ansible_ssh_pass: !vault |
 +          $ANSIBLE_VAULT;1.1;AES256
 +          63613230353861653733633761663630643564323330613263343061656163383731386364666366
 +          3430303131616563616634386130613461636433383730360a663130653463313465623837373335
 +          61336333643663343535396339633165653334336236363032613130636537336664646535666666
 +          3863306137663763610a313034383233626563336365303431313564316338653363636432386438
 +          3736
 +:
 +</file>
 +  * 然後執行 ansible-playbook 後面必須加上 **--ask-vault-pass** 才會彈出讓你輸入解密密碼 Exp. KeyPass<cli>
 +$ ansible-playbook -i inventory.yaml upgrade.yaml --ask-vault-pass
 +Vault password: KeyPass
 +
 +PLAY [servers] ******************************************************************************************************************************************************************************
 +
 +TASK [Gathering Facts] **********************************************************************************************************************************************************************
 +ok: [nuc]
 +:
 +</cli>
 +  * 也可以執行 ansible-playbook 後面加上 **--vault-password-file** 指定解密密碼檔案 Exp. .vault_pass<cli>
 +$ ansible-playbook -i inventory.yaml upgrade.yaml --vault-password-file ./.vault_pass
 +</cli>
 ===== 參考網址 ===== ===== 參考網址 =====
   * https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html   * https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html
行 131: 行 180:
   * https://stackoverflow.com/questions/51771994/how-do-i-use-an-encrypted-variable-ansible-ssh-pass-in-an-ini-file   * https://stackoverflow.com/questions/51771994/how-do-i-use-an-encrypted-variable-ansible-ssh-pass-in-an-ini-file
   * https://stackoverflow.com/questions/30209062/ansible-how-to-encrypt-some-variables-in-an-inventory-file-in-a-separate-vault   * https://stackoverflow.com/questions/30209062/ansible-how-to-encrypt-some-variables-in-an-inventory-file-in-a-separate-vault
 +  * https://www.digitalocean.com/community/tutorials/how-to-use-vault-to-protect-sensitive-ansible-data
  
-{{tag>自動化 大量部署}}+{{tag>ansible 自動化 大量部署}}
  • tech/ansible.1693751609.txt.gz
  • 上一次變更: 2023/09/03 22:33
  • jonathan