1

我想将密码传递给ansible.

该通行证使用 ansible vault 加密,我将其保存在一个文件中,并且我有可用于解密的 ansible vault pass。

我需要使用解密后的密码作为 ansible_password。

到目前为止,我有:

run.sh: sh 脚本来运行我需要运行的 ad_hoc 命令

#!/bin/sh 
ansible all -i 'somehost,' -m win_ping --extra-vars "ansible_port=5986 \
 ansible_connection=winrm ansible_winrm_server_cert_validation=ignore validate_certs=false \
 ansible_user=somedomain\s-someserviceaccount ansible_password=___need_decrypted_password___"`

someenv_vault.yaml带有 Vault 加密通行证的文件

$ANSIBLE_VAULT;1.1;AES256
0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678
9abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef01
23456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789a
bcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef01234567

~/.vault_pass

somevaultpassword

如何将解密的保管库密码获取到 ansible ad hoc 命令中?

4

1 回答 1

0

我用以下方法解决了

run.sh

#!/bin/bash
THEPASS=$(ansible-vault decrypt <<JOYPEFF
\$ANSIBLE_VAULT;1.1;AES256
0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678
9abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef01
23456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789a
bcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef01234567
JOYPEFF
)
echo "usage ./run.sh <servername(s)> ..."
echo "e.g. ./run.sh server1,server2"
ansible all -i "$1," -m win_ping --extra-vars "ansible_winrm_transport=credssp ansible_port=5986 ansible_connection=winrm ansible_winrm_server_cert_validation=ignore validate_certs=false ansible_user=somedomain\s-someserviceaccount ansible_password=$THEPASS"
于 2020-02-24T19:22:24.057 回答