管理机密文件 之 实践应用
一、创建密码文件
- 保险库的名称是/ansible/locker.yml
- 保险库包含以下一个变量: pwd的值是Imadev
- 加密和解密的密码是:whenyouwishuponastar
- 密码存储在/ansible/secret.txt文件中
参考答案:
[root@ansible-server ansible]# echo whenyouwishuponastar > /ansible/secret.txt
[root@ansible-server ansible]# ansible-vault create locker.yml --vault-password-file secret.txt
pwd: Imadev
二、编写剧本
用户变量文件:users.yml
user_name: bosscreate_users.yaml
要使用变量文件和密码文件
密码使用password_hash(‘sha512’)
参考答案:
[root@ansible-server ansible]# echo user_name: boss > users.yml
[root@ansible-server ansible]# vim create_user.yaml
---
- hosts: dev
vars_files:
- users.yml
- locker.yml
tasks:
- name: Create user
user:
name: "{{ user_name }}"
password: "{{ pwd | password_hash('sha512') }}"
[root@ansible-server ansible]# ansible-playbook create_user.yaml --vault-password-file secret.txt
PLAY [dev] ****************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************
ok: [node02]
TASK [Create user] ********************************************************************************************
changed: [node02]
PLAY RECAP ****************************************************************************************************
node02 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
三、更改密码文件locker.yml的保护密码
更改密码文件locker.yml的保护密码
old:whenyouwishuponastar
new:thankyou
参考答案:
[root@ansible-server ansible]# ansible-vault rekey --vault-password-file secret.txt --new-vault-password-file newfile locker.yml
Rekey successful
四、登录测试
[E:\~]$ ssh boss@192.168.5.5
Connecting to 192.168.5.5:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Mon Oct 5 20:56:38 2020 from 192.168.5.1
[boss@node02 ~]$
[boss@node02 ~]$
[boss@node02 ~]$