使用Ansible Vault加密内容

Ansible 加密敏感数据

[root@ansible-server ~]# ansible-vault create secret.yml
newusers:
    - name: ansibleuser1
      pw: redhat
    - name: ansibleuser2
      pw: $Re4H1t@

[root@ansible-server ansible]# cat create_users.yml 
- name: create user accounts for all our servers
  hosts: client
  vars_files:
    - secret.yml
  tasks:
    - name: create users
      user:
        name: "{{ item.name }}"
        password: "{{ item.pw | password_hash('sha512') }}"
      with_items: "{{ newusers }}"
[root@ansible-server ansible]# ansible-playbook --syntax-check --ask-vault-pass create_users.yml 
Vault password: 

playbook: create_users.yml
[root@ansible-server ansible]# echo redhat > vault.pass
[root@ansible-server ansible]# chmod 0600 vault.pass 
[root@ansible-server ansible]# ansible-playbook --syntax-check --vault-password-file=vault.pass create_users.yml               

playbook: create_users.yml
[root@ansible-server ansible]# ansible-playbook --vault-password-file=vault.pass create_users.yml  

PLAY [create user accounts for all our servers] *********************************************************************************

TASK [Gathering Facts] **********************************************************************************************************
ok: [172.16.216.182]
ok: [172.16.216.181]

TASK [create users] *************************************************************************************************************
changed: [172.16.216.182] => (item={u'name': u'ansibleuser1', u'pw': u'redhat'})
changed: [172.16.216.181] => (item={u'name': u'ansibleuser1', u'pw': u'redhat'})
changed: [172.16.216.182] => (item={u'name': u'ansibleuser2', u'pw': u'$Re4H1t@'})
changed: [172.16.216.181] => (item={u'name': u'ansibleuser2', u'pw': u'$Re4H1t@'})

PLAY RECAP **********************************************************************************************************************
172.16.216.181             : ok=2    changed=1    unreachable=0    failed=0   
172.16.216.182             : ok=2    changed=1    unreachable=0    failed=0   

[root@ansible-server ansible]# ssh ansibleuser1@172.16.216.181
ansibleuser1@172.16.216.181's password: 
the hostname is ansible-client1.liuxplus.com
today's date is 2018-10-11
[ansibleuser1@ansible-client1 ~]$ exit
登出
Connection to 172.16.216.181 closed.
[root@ansible-server ansible]# ssh ansibleuser1@172.16.216.182
ansibleuser1@172.16.216.182's password: 
the hostname is ansible-client2.linuxplust.com
today's date is 2018-10-11
[ansibleuser1@ansible-client2 ~]$ exit
登出
Connection to 172.16.216.182 closed.
[root@ansible-server ansible]# ssh ansibleuser2@172.16.216.181
ansibleuser2@172.16.216.181's password: 
the hostname is ansible-client1.liuxplus.com
today's date is 2018-10-11
[ansibleuser2@ansible-client1 ~]$ exit
登出
Connection to 172.16.216.181 closed.
[root@ansible-server ansible]# ssh ansibleuser2@172.16.216.182
ansibleuser2@172.16.216.182's password: 
the hostname is ansible-client2.linuxplust.com
today's date is 2018-10-11
[ansibleuser2@ansible-client2 ~]$ exit
登出
Connection to 172.16.216.182 closed.