Linux高级运维-变量与机密

最新推荐文章于 2023-01-12 10:00:00 发布

feige_linux

最新推荐文章于 2023-01-12 10:00:00 发布

阅读量1k

点赞数

文章标签：运维 linux

本文链接：https://blog.csdn.net/feige_linux/article/details/108357187

版权

Linux高级运维-变量与机密

1.使用目录填充主机和组变量

[root@afei ~]# mkdir /opt/weixin
[root@afei ~]# cd /opt/weixin/
[root@afei weixin]# touch playbook.yml
[root@afei weixin]# touch inventory
[root@afei weixin]# ls
inventory  playbook.yml
[root@afei weixin]# mkdir files
[root@afei weixin]# mkdir group_vars
[root@afei weixin]# mkdir host_vars
[root@afei weixin]# cd
[root@afei ~]# tree /opt/weixin/
/opt/weixin/
├── files
├── group_vars
├── host_vars
├── inventory
└── playbook.yml

3 directories, 2 files

2.在自主创建的项目清单文件里面配置控制主机的ip和密码，并执行ping

[root@afei ~]# vim inventory
192.168.240.134 ansible_password=199127
[root@afei ~]# ansible 192.168.240.134 -i inventory -m ping
192.168.240.134 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

3.去掉清单文件inventory的密码，使用主机变量host_vars来ping通受控主机

[root@afei ~]# vim inventory
192.168.240.134 
[root@afei ~]# cd /opt/weixin/host_vars/
[root@afei host_vars]# vim 192.168.240.134
ansible_password:199127
[root@afei weixin]# ansible 192.168.240.134 -i inventory -m ping
192.168.240.134 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

4.从命令行覆盖变量 -e

[root@afei weixin]# ansible all -i inventory -e ansible_password=199127 -m ping
192.168.240.134 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
[root@afei weixin]# vim password
[root@afei weixin]# ansible all -i inventory -e @password -m ping
192.168.240.134 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

5.使用数组作为变量

[root@afei weixin]# vim password 
myhosts:
  192.168.240.134
    ansible_password: 199127
  192.168.240.135
    ansible_password: 123456
    
*[注]:  此时再用同样的方式ping发现不通

[root@afei weixin]# ansible all -i inventory -e @password -m ping
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

*[注：]: 使用正确的变量方式

6.使用已经注册的变量捕获命令输出

[root@afei weixin]# vim playbook.yml
---
- host: all
  tasks:
    - name: install httpd and print result
      yum:
        name: httpd
        state: present
      register: result
      
    - debug: var=result
~   
[root@afei weixin]# ansible-playbook -C playbook.yml 

PLAY [all] ****************************************************************************

TASK [Gathering Facts] ****************************************************************
ok: [192.168.240.134]

TASK [install httpd and print result] *************************************************
ok: [192.168.240.134]

TASK [debug] **************************************************************************
ok: [192.168.240.134] => {
    "result": {
        "changed": false,
        "failed": false,
        "msg": "Nothing to do",
        "rc": 0,
        "results": []
    }
}

PLAY RECAP ****************************************************************************
192.168.240.134            : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

7.创建加密文件

[root@afei weixin]# cd group_vars/
[root@afei group_vars]# ls
[root@afei group_vars]# ansible-vault create wbservers
New Vault password: 
Confirm New Vault password: 
ansible_password: 199127

*[注：]此时直接看wbserers文件时看不了的
[root@afei group_vars]# cat wbservers 
$ANSIBLE_VAULT;1.1;AES256
31633966643538636439396164316533623230356531643638633339636161353236636361633636
3932613738316462363661373032616162656663356464330a313865376262376130336263376464
63383639623638646666333932656161306433643139356532626562633361656231363537613838
3530383936356265350a386235626633356363386335656531373733353930613330303537623465
63653265366537633039353164623939333333333731626664333131343033333866

8.正确查看加密文件的方式

[root@afei group_vars]# ansible-vault view wbservers 
Vault password: 
ansible_password: 199127

9.重新编辑现有的加密文件

[root@afei group_vars]# ansible-vault edit wbservers 
Vault password: 

ansible_password: 199127

10.更改现有的加密文件的密码

[root@afei group_vars]# ansible-vault rekey wbservers 
Vault password: 
New Vault password: 
Confirm New Vault password:

feige_linux

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Linux高级运维-变量与机密

Linux高级运维-变量与机密1.使用目录填充主机和组变量[root@afei ~]# mkdir /opt/weixin[root@afei ~]# cd /opt/weixin/[root@afei weixin]# touch playbook.yml[root@afei weixin]# touch inventory[root@afei weixin]# lsinventory playbook.yml[root@afei weixin]# mkdir files[root@a
复制链接

扫一扫