1、 创建 password vault
创建一个名为 locker.yml 的 ansible vault 文件存储用户密码:
-
Vault 文件中包含两个变量:
pw_developer: imadev
pw_manager: imamgr -
加密此文件的密码为redhat
-
此密码存放在: /home/devops/ansible/secret.txt
操作如下:
[devops@workstation ansible]$ echo redhat > /home/devops/ansible/secret.txt
[devops@workstation ansible]$ chmod 600 /home/devops/ansible/secret.txt
[devops@workstation ansible]$ vim ansible.cfg
以上密码文件准备完成
创建加密文件
[devops@workstation ansible]$ ansible-vault create locker.yml
写如下内容:
pw_developer: imadev
pw_manager: imamgr
2、为 Ansible vault 文件修改密码
请为 expense.yml 文件修改 vault 密码, 要求如下:
- 请将 files/15/expense.yml 文 件 保 存 到 /home/devops/anstble/expense.yml
- 此文件当前的 vault 密码是: veryimportant
- 新的 vault 密码足: notveryimportant
[devops@workstation ansible]$ logout
Connection to workstation closed.
[kiosk@foundation0 ~]$
进行解压:
[devops@workstation ~]$ unzip files.zip
Archive: files.zip
creating: files/
creating: files/12/
inflating: files/12/hwreport.empty
creating: files/14/
inflating: files/14/user_list.yml
creating: files/15/
inflating: files/15/expense.yml
creating: files/5/
inflating: files/5/haproxy.tar
inflating: files/5/phpinfo.tar
creating: files/9/
inflating: files/9/hosts.j2
拷贝:
[devops@workstation ansible]$ cp ~/files/15/expense.yml .
验证密码:
[devops@workstation ansible]$ ansible-vault view expense.yml --ask-vault-pass
Vault password:
Nothing at all, HeiHei.
修改密码:
[devops@workstation ansible]$ ansible-vault rekey expense.yml --ask-vault-pass
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful