Fatal编程技术网
  • ansible/
  • Ansible 如何解密';明文YAML文件';使用Vault变量?

Ansible 如何解密';明文YAML文件';使用Vault变量?

ansible

Ansible 如何解密';明文YAML文件';使用Vault变量?,ansible,ansible-vault,Ansible,Ansible Vault,我用的是ansible 2.7.16 ansible文件说: Single Encrypted Variable As of version 2.3, Ansible can now use a vaulted variable that lives in an otherwise ‘clear text’ YAML file: notsecret: myvalue mysecret: !vault | $ANSIBLE_VAULT;1.1;AES256

我用的是ansible 2.7.16

ansible文件说:

Single Encrypted Variable

As of version 2.3, Ansible can now use a vaulted variable that lives in an otherwise ‘clear text’ YAML file:

notsecret: myvalue
mysecret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          66386439653236336462626566653063336164663966303231363934653561363964363833313662
          6431626536303530376336343832656537303632313433360a626438346336353331386135323734
          62656361653630373231613662633962316233633936396165386439616533353965373339616234
          3430613539666330390a313736323265656432366236633330313963326365653937323833366536
          34623731376664623134383463316265643436343438623266623965636363326136
other_plain_text: othervalue
我有以下.yml文件:

user: dbuser
pass: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          33633131346338633461336438656463643539396535656432306564636466353338373135346166
          3838313236383739616239333265323131376231656633350a613333613239646263393330353930
          31303935646330643831396130343031613063393839353433646338343034386432656435623934
          6537356530643136310a373835323666393337346562613831613962323261346232323331343631
          3838
我想获得一个解密文件,然后我尝试了以下命令:

ansible playbook--vault密码文件pass.txt config.yml

但我得到了以下错误:

 [WARNING]: Unable to parse /etc/ansible/hosts as an inventory source

 [WARNING]: No inventory was parsed, only implicit localhost is available

 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

ERROR! playbooks must be a list of plays

The error appears to have been in '/tmp/config.yml': line 1, column 1, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


user: dbuser
^ here
我怎样才能得到解密了变量的.yml文件

问:“我怎样才能解密.yml文件?”

答:只需将该文件与任何其他带有变量的文件一样使用即可。比如说

shell> ansible-vault encrypt_string 'password' --name 'pass'
pass: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65303631663061316538623639316439366538386430656239383735353237343762346364653230
          3163643637333966643762383733633465353065333564310a303762343732613363313864646661
          66633539363865386362613362663238353664356439386431303065646530666562326662356439
          3032313564373364360a623830613763616635383633363631356535316162393138373336386534
          3835

shell> cat conf.yml 
user: dbuser

shell> ansible-vault encrypt conf.yml 
Encryption successful

shell> cat conf.yml 
$ANSIBLE_VAULT;1.1;AES256
63313762343630623364653737643462373034653762616333663330613039623534633030666135
6633343263666465356537316430623834386130626231310a376639356234336664386239336461
31313935613565656639653532613639396536326662346234373563663065643564373939316539
3430643635623339390a393139326337306363623565356439626430643161356266323832313461
3633

shell> ansible-vault decrypt conf.yml 
Decryption successful

shell> cat conf.yml 
user: dbuser
给予

答:可以选择
解密
文件,方法与
加密
相同。例如

shell> ansible-vault encrypt_string 'password' --name 'pass'
pass: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65303631663061316538623639316439366538386430656239383735353237343762346364653230
          3163643637333966643762383733633465353065333564310a303762343732613363313864646661
          66633539363865386362613362663238353664356439386431303065646530666562326662356439
          3032313564373364360a623830613763616635383633363631356535316162393138373336386534
          3835

shell> cat conf.yml 
user: dbuser

shell> ansible-vault encrypt conf.yml 
Encryption successful

shell> cat conf.yml 
$ANSIBLE_VAULT;1.1;AES256
63313762343630623364653737643462373034653762616333663330613039623534633030666135
6633343263666465356537316430623834386130626231310a376639356234336664386239336461
31313935613565656639653532613639396536326662346234373563663065643564373939316539
3430643635623339390a393139326337306363623565356439626430643161356266323832313461
3633

shell> ansible-vault decrypt conf.yml 
Decryption successful

shell> cat conf.yml 
user: dbuser
答:在剧本中,只需将其作为任何其他带有变量的文件使用即可。比如剧本

shell> cat playbook.yml
- hosts: localhost
  tasks:
    - include_vars: conf.yml
    - debug:
        var: user
给予

嗨,弗拉基米尔。我没有加密整个文件。我只加密变量值
ansible vault encrypt_string'string'--name'variable_name
那么,你为什么要问“如何解密文件”?我认为信息很清楚。我正在显示一个.yml文件,其中包含一些加密的变量。 
shell> cat playbook.yml
- hosts: localhost
  tasks:
    - include_vars: conf.yml
    - debug:
        var: user

shell> ansible-playbook playbook.yml
...
    "user": "dbuser"