Ansible中变量与机密

1.使用项目清单文件里面配置控制主机的ip和密码执行ping命令

[root@ansible jay]# vi inventory 192.168.10.129 ansible_password=123456 [root@ansible jay]# ansible 192.168.10.129 -i inventory -m ping 192.168.10.129 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong"

2.将清单文件中的密码配置删除，在host_vars中ping通受控主机

[root@ansible jay]# cd host_vas/ [root@ansible host_vas]# vi 192.168.10.129 ansible_password=123456 [root@ansible jay]# ansible 192.168.10.129 -m ping 192.168.10.129 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }

3.将清单文件与主机变量host_vars中的密码配置删除，用-e覆盖变量

[root@ansible host_vas]# rm -f 192.168.10.129 [root@ansible host_vas]# ansible all -e ansible_password=123456 -m ping 192.168.10.129 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }

4.使用数组作为变量

[root@ansible jay]# vi passwd myhosts: 192.168.10.129: ansible_password=123456 192.168.10.130: ansible_password=231255 root@ansible jay]# ansible all -i inventory -e @password -m ping ERROR! Unable to retrieve file contents Could not find or access '/opt/jay/password' on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option

5.使用已经注册的变量捕获命令输出

[root@ansible jay]# vi playbook.yml --- - host: all tasks: - name: 安装httpd并显示结果 yum: name: httpd state:present register: result - debug: var=result [root@ansible jay]# ansible-playbook -C playbook.yml PLAY [all] *********************************************************************** TASK [Gathering Facts] *********************************************************** ok: [192.168.10.129] TASK [安装httpd并显示结果] ************************************************************** changed: [192.168.10.129] TASK [debug] ********************************************************************* ok: [192.168.10.129] => { "result": { "changed": true, "failed": false, "msg": "Check mode: No changes made, but would have if not in check mode", "rc": 0, "results": [] } } PLAY RECAP *********************************************************************** 192.168.10.129 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

6.创建加密文件

[root@ansible webservers]# ansible-vault create vault New Vault password: Confirm New Vault password: [root@ansible webservers]# cat vault $ANSIBLE_VAULT;1.1;AES256 37353162376339376339393361386432306535646166333363396563396638366536653961613564 3461393361646432663839346637343032613531316533350a323362396337633437666566643532 31613839303730633939613563646131653931656161336266333038666361623761616134653234 6631303633656633300a653239666365643231613939303764663832396530363464373230313430 6433

7.查看加密文件的方式

[root@ansible webservers]# ansible-vault view vault Vault password:

8.重新编辑现有的加密文件

[root@ansible webservers]# ansible-vault edit vault Vault password: ~ ~

9.更改现有的加密文件的密码

[root@ansible webservers]# ansible-vault rekey vault Vault password: New Vault password: Confirm New Vault password: Rekey successful