Ansible 安全 之【加密主机清单】

本文详细介绍了如何使用Ansible的ansible-vault工具对主机清单进行AES256加密,并演示了在执行ansible命令和脚本时如何通过--ask-vault-pass选项输入密码。讨论了加密后的清单无法直接访问的问题以及解决方法。
摘要由CSDN通过智能技术生成

Ansible 安全 之【加密主机清单】

创建ansible-vault加密工具

ln -s /usr/local/python3/bin/ansible-vault /usr/bin/ansible-vault

设置主机清单配置文件密码

ansible-vault encrypt /etc/ansible/hosts
# New Vault password: 
# Confirm New Vault password: 
# Encryption successful

加密后查看主机清单配置文件,无法查看

cat /etc/ansible/hosts 
# $ANSIBLE_VAULT;1.1;AES256
# 37333832643234663939653731373066323563313433316363326561656637633632333861393665
# 3165376463633262393935343831633131303831363733310a653865346365323137303661366536
# 35646135323865636138343365623464653032353164336335626263356266633038353134626663
# 6464633132313432300a646333333962663434633362373563386165363737653261313332646663
# 64316164333834303830306435343635376236666161623439623462326165663761356330623436
# 3561663564643235656165343464623939373862363735643162

命令行测试

# 测试(无法运行命令,无法访问主机清单配置文件)
ansible all -a hostname
# [WARNING]:  * Failed to parse /etc/ansible/hosts with yaml plugin: Attempting to decrypt but no vault secrets found
# [WARNING]:  * Failed to parse /etc/ansible/hosts with ini plugin: Attempting to decrypt but no vault secrets found
# [WARNING]: Unable to parse /etc/ansible/hosts as an inventory source
# [WARNING]: No inventory was parsed, only implicit localhost is available
# [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

# 正常在命令行运行命令,需要加参数--ask-vault-pass,并且输入密码
ansible all -a hostname --ask-vault-pass 
# Vault password: 
# 192.168.15.13 | CHANGED | rc=0 >>
# k8s-node-02
# 192.168.15.12 | CHANGED | rc=0 >>
# k8s-node-01

剧本测试

# 编写剧本
vim abc.yml 
- hosts: all
  tasks:
  - name: hostname
    shell: hostname

# 测试剧本(无法执行剧本,无法访问主机清单配置文件)
ansible-playbook abc.yml
# [WARNING]:  * Failed to parse /etc/ansible/hosts with yaml plugin: Attempting to decrypt but no vault secrets found
# [WARNING]:  * Failed to parse /etc/ansible/hosts with ini plugin: Attempting to decrypt but no vault secrets found
# [WARNING]: Unable to parse /etc/ansible/hosts as an inventory source
# [WARNING]: No inventory was parsed, only implicit localhost is available
# [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

# PLAY [all] ******************************************************************************************************************************************************************************
# skipping: no hosts matched

# PLAY RECAP ******************************************************************************************************************************************************************************

# 正常运行剧本,需要加参数--ask-vault-pass,并且输入密码
ansible-playbook abc.yml --ask-vault-pass
# Vault password: 

# PLAY [all] ******************************************************************************************************************************************************************************

# TASK [Gathering Facts] ******************************************************************************************************************************************************************
# ok: [192.168.15.13]
# ok: [192.168.15.12]

# TASK [hostname] *************************************************************************************************************************************************************************
# changed: [192.168.15.13]
# changed: [192.168.15.12]

# PLAY RECAP ******************************************************************************************************************************************************************************
# 192.168.15.12              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
# 192.168.15.13              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值