Ansible/Network-20180606-ansible for cisco-ansible-vault加密登录密钥,
Ansible/Network-20180606-ansible for cisco-ansible-vault加密登录密钥,
Problem
隐藏登陆密码
Solution
# 创建 vault.yml
ansible-vault create vault.yml
New Vault password:
Confirm New Vault password:
# vault.yml
---
username: cisco
password: cisco
# backup_conf.yml
---
- hosts: ios_devices
gather_facts: no
connection: local
vars_files:
- vault.yml
tasks:
- name: SYS | Define provider
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ mgmt_username }}"
password: "{{ mgmt_password }}"
auth_pass: "{{ mgmt_enable }}"
authorize: yes
- name: IOS | Show Run
ios_command:
provider: "{{ provider }}"
commands:
- show configuration
register: config
- debug: msg="{{ config }}"
- name: SYS | copy config to local
copy:
content: "{{ config.stdout[0] }}"
dest: "/tmp/config"
# 调用命令
# 命令行获取密钥
ansible-playbook -i inventory/ --ask-vault-pass backup_conf.yml
# 文件获取密钥
ansible-playbook -i inventory/ --vault-password-file VAULT_PASSWORD_FILENAME backup_conf.yml
# 多个文件,2.4新加特性,用于一个配置文件中含有多个不同密钥加密字段的情况
ansible-playbook -i inventory/ --vault-id VAULT_PASSWORD_FILENAME_1,VAULT_PASSWORD_FILENAME_2 backup_conf.yml
Reference
Ansible credentials management
There are at least 4 possible methods on howto handle secret data within ansible playbooks.
http://www.uni-koeln.de/~pbogusze/posts/Ansible_credentials_management.html
评论暂时关闭