Ansible 详解（四）：Ansible-vault 和 Py

ansible 是一款轻量级自动化运维工具，由的 Python 语言开发，结合了多种自动化运维工具的特性，实现了批量系统配置，批量程序部署，批量命令执行等功能; ansible 是基于模块化实现批量操作的。

Ansible-vault

对敏感数据进行加密保存

1.创建加密文件

ansible-vault create file

2.编辑加密文件

ansible-vault edit file

3.重置密码

ansible-vault rekey file

4.加密已有文件

ansible-vault encrypt file

5.解密文件

ansible-vault decrypt file

6.查看文件

ansible-vault view file

使用

1、users.yaml

---username：xxxpassword：xxxx

2、playbook_v21.yaml

---- hosts:myset var_files:  - users.yaml become:yes task:  - name:password  debug:    msg:"{{username}}:{{password}}

3、users.yaml 文件加密

ansible-vault encrypt users.yaml

4、测试

方法一：

ansible-playbook playbook_v21.yaml -i hosts --ask-vault-pass

方法二：

echo password > password.txt

ansible-playbook playbook_v21.yaml -i hosts --ask-password-file password.txt

Python api

hosts.py

#!/bin/env python3#encoding: utf-8inventory = {   '_meta' : {       'hostvars' : {           'localhost' : {               'ansible_connect' : 'local',           },           'mytest' : {               'ansible_host' : 'xxx.xxx.xxx.xxx',               'ansible_user' : 'silence',           }       }   },   'all' : {       'hosts' : [           'localhost'       ],   },   'webserver' : {       'hosts' : [           'mytest'       ],       'vars' : {           'ansible_connect' : 'smart',           'ansible_port' : 22,           'ansible_become_user' : 'root',           'ansible_python_interpreter' : '/bin/env python2.6'       }   }}if __name__ == '__main__':   import json, sys   print(json.dumps(inventory))   sys.exit(0)

playbook.py

#encoding: utf-8import jsonfrom collections import namedtuplefrom ansible.parsing.dataloader import DataLoaderfrom ansible.vars.manager import VariableManagerfrom ansible.inventory.manager import InventoryManagerfrom ansible.playbook.play import Playfrom ansible.executor.task_queue_manager import TaskQueueManagerfrom ansible.plugins.callback import CallbackBaseimport ansible.constants as Cclass ResultCallback(CallbackBase):   def v2_runner_on_ok(self, result, **kwargs):       print(json.dumps({result._host.name: result._result}))if __name__ == '__main__':   Options = namedtuple('Options', ['connection', 'module_path', 'forks', 'become', 'become_method', 'become_user', 'check', 'diff'])   options = Options(connection='smart', module_path=[], forks=6, become=None, become_method=None, become_user=None, check=False, diff=False)   loader = DataLoader()   passwords = {}   callback = ResultCallback()   inventory = InventoryManager(loader=loader, sources='hosts.py')   variable_manager = VariableManager(loader=loader, inventory=inventory)   source = {       'hosts' : 'mytest',       'gather_facts' : 'False',       'tasks' : [           {               'name' : 'shell',               'shell' : 'ls /',               'register' : 'result',           },           {               'debug' : {                   'msg' : ' {{ result.stdout }}',               }           }       ]   }   play = Play().load(source, variable_manager=variable_manager, loader=loader)   tqm = None   tqm = TaskQueueManager(inventory=inventory,           variable_manager=variable_manager,           loader=loader,           options=options,           passwords=passwords,           stdout_callback=callback       )   result = tqm.run(play)   if tqm:       tqm.cleanup()

测试

• chmod + x hosts.py

• python playbook.py

Ansible 系列就分享到这儿，完整的资料和图请加小助手微信领取。

公告通知

Python实战班、自动化运维班、区块链正在招生中

各位小伙伴们，欢迎试听和咨询：