Create an Ansible vault to store user passwords as follows:
The name of the vault is /home/student/ansible/locker.yml
The vault contains two variables with names:
- pw_developer with value Imadev
- pw_manager with value Imamgr
The password to encrypt and decrypt the vault is retent
The password is stored in the file /home/student/ansible/secret.txt
【題前說明】
這題要是給喘口氣用的,因為前後兩題都是較難的題型。主要重點是先建立一個secret.txt檔,裡面放的是密碼是retent,再來建立個locker.yml檔,裡面內容是一對變數檔,目的是為了提供後面的另一個題目解題使用,所以看起來簡單,可是若做不出來或錯誤的話,另一題也就會跟著報銷。經過ansible-valut指令會將locker.yml加密,必須要用到secret.txt才能夠解密,雖然簡單但也考驗加密的觀念。
一.解題過程:
[student@workstation ansible]$ vim secret.txt
retent
pw_developer: Imadev
pw_manager: Imamgr
二.驗證結果
[student@workstation ansible]$ ansible-vault view locker.yml --vault-id secret.txt
 |
| 這題的驗證方式就僅是用加密檔檢視yml檔 |
三.恢復解題前的環境
[student@workstation ansible]$ vim 14-lab-secret-stop.yml
---
- name: remove secret.txt and locker.yml
hosts: 127.0.0.1
tasks:
- name: remove secret.txt and locker.yml
file:
path: "{{ item }}"
state: absent
loop:
- /home/student/ansible/secret.txt
- /home/student/ansible/locker.yml
[student@workstation ansible]$ ansible-playbook 14-lab-secret-stop.yml
沒有留言:
張貼留言