Ansible Vault可以对文件进行加密。
可以将Vault密码通过命令行交互式保存,也可以将密码存储在文件中。
1. 首先定义一个users.yaml
--- - name: create user hosts: dev vars: users: - user01 - user02 - user03 tasks: - name: create user user: name: "{{ item }}" state: present loop: "{{ users }}" - name: set password shell: echo '12345678' | passwd --stdin "{{ item }}" loop: "{{ users }}"
2. 使用Vault进行加密
# ansible-vault encrypt users.yaml
New Vault password:
Confirm New Vault password:
3. 执行yaml时解密
# ansible-playbook --vault-id @prompt users.yaml Vault password (default): PLAY [create user] ********************************************************************************************* TASK [Gathering Facts] ***************************************************************************************** ok: [servera.lab.example.com] TASK [create user] ********************************************************************************************* ok: [servera.lab.example.com] => (item=user01) ok: [servera.lab.example.com] => (item=user02) ok: [servera.lab.example.com] => (item=user03)