首页 文章

如何在Ansible清单中的加密变量文件(文件库)中使用密码?

提问于
浏览
0

我是Ansible的新手,与Ansible金库结合库存文件一起努力 .

我想要实现的是一个更新三台机器的剧本 . 其中两台机器需要密码(对于 sudo ),所以我可以成为root用户 .

所以这是我的剧本......

---
- name: update all hosts, make sure default software is installed

  hosts:
    - vhosts
    - physical

  vars_files:
    - 'vars/main.yml'

  tasks:

    - name: Update apt cache
      apt: update_cache=yes

    - name: Upgrade packages
      apt: upgrade=dist

...这是我的库存(文件名 inventory ),密码仍然是纯文本:

[vhosts]
10.0.0.1    ansible_user=root

[physical]
10.0.0.200  ansible_user=xxx  ansible_become=yes  ansible_become_method=sudo  ansible_become_pass=secretpassword1
10.0.0.201  ansible_user=yyy  ansible_become=yes  ansible_become_method=sudo  ansible_become_pass=secretpassword2

这工作正常 .

因为我不想在库存中使用 secretpassword1secretpassword2 . 所以我创建了一个保险库(存储在文件_2658369中,看起来像这样:

---
- vars:
    pass1:secretpassword1
    pass2:secretpassword2

我将库存文件更改为:

[vhosts]
10.0.0.1    ansible_user=root

[physical]
10.0.0.200  ansible_user=xxx  ansible_become=yes  ansible_become_method=sudo  ansible_become_pass="{{ pass1 }}"
10.0.0.201  ansible_user=yyy  ansible_become=yes  ansible_become_method=sudo  ansible_become_pass="{{ pass2 }}"

现在,当我尝试用 ansible-playbook update.yml -i inventory --ask-vault-pass 执行善意时,我收到以下错误:

fatal: [10.0.0.200]: FAILED! => {"msg": "The field 'become_pass' has an invalid value, which includes an undefined variable. The error was: 'pass1' is undefined\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'pass1' is undefined"}
fatal: [10.0.0.201]: FAILED! => {"msg": "The field 'become_pass' has an invalid value, which includes an undefined variable. The error was: 'pass2' is undefined\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'pass2' is undefined"}

好像我无法正确定义我的变量 . 但我完全不知道如何这样做 . 如果有人能帮助我,我会非常高兴 . 谢谢 .

ansible ansible-inventory

1 回答

  • 2

    使您的保管库文件如下所示:

    ---
pass1: secretpassword1
pass2: secretpassword2

    你的错误:

    • 您在YAML文件中以不正确的格式定义变量 .
    回复于

相关问题