[root@pp ~]# mkdir demo6
[root@pp ~]# cp ansible.cfg hosts demo6/
[root@pp ~]# cd demo6/
[root@pp demo6]#
[root@pp demo6]# cat test1.yaml
---
- hosts: up
gather_facts: false
vars:
aa: haha001
tasks:
- name: 打印一个变量
debug: msg="{{aa}}"
[root@pp demo6]#
1 ansible‐vault encrypt file
[root@pp demo6]# ansible-vault encrypt test1.yaml
New Vault password:
Confirm New Vault password:
Encryption successful
[root@pp demo6]#
[root@pp demo6]# cat test1.yaml
$ANSIBLE_VAULT;1.1;AES256
64396437306633393735313832303232306165656463363639376165626236346465666136366162
3333303437376263333235656530396437386132633363650a306366306162396338626633303237
37376137383237323262643839323530386637616536663862356231653564303931623731656232
6662333735353633300a353263663262353864356565306562663466666435393839333939323163
30663733623536303936623663623961356438646531643866353962616530363431353436363266
32303739343264633964383935646532383061653936333637613562353130616162353432313161
65396161303366623264346664306631383337303732303466643537363566386237656234323666
64616537653334623633343235316361333661373263636434346664333337306461613937393961
30386436626461326562393735323065653864306136323237356431633661396633393635353965
3536646637323532386139326337666438663465363834386635
[root@pp demo6]#
[root@pp demo6]# ansible-vault view test1.yaml
Vault password:
---
- hosts: up
gather_facts: false
vars:
aa: haha001
tasks:
- name: 打印一个变量
debug: msg="{{aa}}"
[root@pp demo6]#
[root@pp demo6]# ansible-vault view test1.yaml
Vault password:
ERROR! Decryption failed (no vault secrets were found that could decrypt) on test1.yaml for test1.yaml
[root@pp demo6]#
[root@pp demo6]# ansible-playbook test1.yaml
ERROR! Attempting to decrypt but no vault secrets found
[root@pp demo6]#
[root@pp demo6]# ansible-playbook --ask-vault-pass test1.yaml
Vault password:
PLAY [up] ********************************************************************************
TASK [打印一个变量] ****************************************************************************
ok: [up] => {
"msg": "haha001"
}
PLAY RECAP *******************************************************************************
up : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@pp demo6]#
[root@pp demo6]# ansible-vault rekey test1.yaml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful
[root@pp demo6]#
[root@pp demo6]# ansible-vault decrypt test1.yaml
Vault password:
Decryption successful
[root@pp demo6]#
[root@pp demo6]# cat test1.yaml
---
- hosts: up
gather_facts: false
vars:
aa: haha001
tasks:
- name: 打印一个变量
debug: msg="{{aa}}"
[root@pp demo6]#
[root@pp demo6]# echo haha001 > aa.txt
[root@pp demo6]# cat aa.txt
haha001
[root@pp demo6]#
[root@pp demo6]# ansible-vault encrypt --vault-id aa.txt test1.yaml
Encryption successful
[root@pp demo6]#
[root@pp demo6]# cat test1.yaml
$ANSIBLE_VAULT;1.1;AES256
31623936343832626133663131343835316439373331666632663539376532356134363633653362
3537306130383330666166643531376335343931323139630a333839383964366363393332356231
33353365383234663564663531346636646130643861653330653335363361376563376463626564
6463393736373866380a306236396539313266353739363639343739653862303232346233313264
64646233383466363736363531333063343166306365313335306138373534613135366238623666
38363165363463666331393331323562303761353031343432396262313666323538653233366437
36613033313533303766323164316337373061393631666531303138343230613135623264306630
37643035333732663833613161386431633937363962623331663834363163646461363633386538
63663231633436306464393236653130393031366230383931646539306661323663616536633565
3734333531663134646332333137343532383539326134396634
[root@pp demo6]#
[root@pp demo6]# ansible-vault view --vault-id aa.txt test1.yaml
---
- hosts: up
gather_facts: false
vars:
aa: haha001
tasks:
- name: 打印一个变量
debug: msg="{{aa}}"
[root@pp demo6]#
[root@pp demo6]# ansible-playbook --vault-id aa.txt test1.yaml
PLAY [up] ********************************************************************************
TASK [打印一个变量] ****************************************************************************
ok: [up] => {
"msg": "haha001"
}
PLAY RECAP *******************************************************************************
up : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@pp demo6]#
[root@pp demo6]# cat test2.yaml
---
- hosts: up
gather_facts: false
vars:
aa: haha001
tasks:
- name: 打印一个变量
debug: msg="{{aa}}"
[root@pp demo6]#
[root@pp demo6]# ansible-vault encrypt_string --vault-id aa.txt haha001
!vault |
$ANSIBLE_VAULT;1.1;AES256
36303964313233363064303536373965643334393764383239633732383138353266643138366261
6130313833613236333632373934383137643164623137340a633739646261653938646438626366
31313966383863353139316432653530303036626537613530323739383161323132343862303134
3335343032663464620a636635316464373265613365346134613139353034303639666663366538
3731
Encryption successful
[root@pp demo6]#
[root@pp demo6]# cat test2.yaml
---
- hosts: up
gather_facts: false
vars:
aa: !vault |
$ANSIBLE_VAULT;1.1;AES256
36303964313233363064303536373965643334393764383239633732383138353266643138366261
6130313833613236333632373934383137643164623137340a633739646261653938646438626366
31313966383863353139316432653530303036626537613530323739383161323132343862303134
3335343032663464620a636635316464373265613365346134613139353034303639666663366538
3731
tasks:
- name: 打印一个变量
debug: msg="{{aa}}"
[root@pp demo6]#
[root@pp demo6]# ansible-playbook --vault-id aa.txt test2.yaml
PLAY [up] ********************************************************************************
TASK [打印一个变量] ****************************************************************************
ok: [up] => {
"msg": "haha001"
}
PLAY RECAP *******************************************************************************
up : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@pp demo6]#