怕playbooks中有敏感信息可以对yaml文件进行加密
这是我们httpd.yaml的信息
[root@ansible ~]# cat httpd.yml
- hosts: clienthosts
remote_user: root
tasks:
- name: yum install httpd
yum: name=httpd state=latest
- name: systemctl start httpd
systemd: name=httpd state=started
下面我们对他进行加密:
[root@ansible ~]# ansible-vault encrypt httpd.yml
New Vault password: #输入密码
Confirm New Vault password: #确认密码
Encryption successful
再次查看httpd.yaml的信息
[root@ansible ~]# cat httpd.yml
$ANSIBLE_VAULT;1.1;AES256
66623462646265623931646466386635633732313937316232336162346464303664663337636262
6231626536396234316334663735656266396536336239650a303035373762343965656562616264
62393535626635653734396637313464313336666131656362623461353132386138383134306438
3036653865333833620a613435356362363037303435623163653862326137353461646164346561
37313035653963303938656335356165373631613135666163303134313333393839666161366566
31316466353364666537333339613661383037626137303338396164656562623334363430373236
31353239393433323566396262623335323233313938663764353365636430313935356435623434
34306533333535626438313038336437326533393866333766383265326336666335396436633366
61623966653039643839623936393263653061623731613533306264373339393131353561363739
33643836663266393563333063626563313063616362376639336365376539366565623539666364
31636132333666316632383236616466623134393962616262663566623438656239323535326433
30616436383661316337363730366462663231366463313862343238336535666465383561626135
39303965333334323032313339306336333430313736383233376630346337366335
[root@ansible ~]#
加密后也无法执行yml文件
[root@ansible ~]# ansible-playbook httpd.yml
ERROR! Attempting to decrypt but no vault secrets found
解密文件
[root@ansible ~]# ansible-vault decrypt httpd.yml
Vault password:
Decryption successful
再次查看
[root@ansible ~]# cat httpd.yml
- hosts: clienthosts
remote_user: root
tasks:
- name: yum install httpd
yum: name=httpd state=latest
- name: systemctl start httpd
systemd: name=httpd state=started
在加密时查看和编辑httpd.yml文件
[root@ansible ~]# ansible-vault encrypt httpd.yml #加密
New Vault password:
Confirm New Vault password:
Encryption successful
[root@ansible ~]# cat httpd.yml #无法查看
$ANSIBLE_VAULT;1.1;AES256
37366135646238656536353666303439303866346335363737326133346462636435393230373464
3836303236316234366637623835623733363165373761370a366463376331653865343934386561
30666361373365306431383937393035353237656161393933643961313966666134646664646562
6232363465366164370a336137343461646563303762326235366331316462666162366165333836
30323162393130303136363137636661616364323766616136636633643733396338623461386131
31653535376430356235393333653362633261653564616539373864396630313036376339656238
62373863373139663165363630396562343565323737643530333462363433633538663565373332
38363861333031343839653034356361616462626635323463303566366666333032633631633766
65346437373333623136303030636232323965633132663133346262613835393262643166383361
64396131646639333336663231316632663364656364626239643137623864333766666364336138
63343230343639626537386166613239663231643636663131376264376566316433343465643565
38633230316662303237666634396633326163643330363663613865373563363331316139623131
64386136663932623538623136363331613330613139363831666632313539656633
[root@ansible ~]# ansible-vault view httpd.yml #加密时查看
Vault password: #输入密码
- hosts: clienthosts
remote_user: root
tasks:
- name: yum install httpd
yum: name=httpd state=latest
- name: systemctl start httpd
systemd: name=httpd state=started
[root@ansible ~]# ansible-vault edit httpd.yml #加密时编辑
Vault password: #输入密码
- hosts: clienthosts
remote_user: root
tasks:
- name: yum install httpd
yum: name=httpd state=latest
- name: systemctl start httpd
systemd: name=httpd state=started