我试图弄清楚如何确定 ssh 密钥文件是否已加密。这已记录在here。 所以我使用文档中的两个示例开发了一个简单的 ansible-playbook。
# site2.yml
- name: site playbook (dummy site)
hosts: localhost
gather_facts: no
vars:
thisisfalse: '{{ "any string" is ansible_vault }}'
thisistrue: '{{ "$ANSIBLE_VAULT;1.2;AES256;dev...." is ansible_vault }}'
tasks:
- name: show example1
ansible.builtin.debug:
var: thisisfalse
- name: show example2
ansible.builtin.debug:
var: thisistrue
# Results:
#
# fatal: [localhost]: FAILED! =>
# msg: 'An unhandled exception occurred while templating ''{{ "any string" is ansible_vault }}''.
# Error was a <class ''ansible.errors.AnsibleError''>, original message: template error while templating string:
# Could not load "ansible_vault": ''ansible_vault''.
# String: {{ "any string" is ansible_vault }}.
# Could not load "ansible_vault": ''ansible_vault'''
所以,从上面可以看出,它似乎不喜欢“ansible_vault”。 我认为内容引用“ansible.builtin.vault_encrypted”很奇怪,但示例使用“ansible_vault”。所以我将“ansible_vault”引用更改为“ansible.builtin.vault_encrypted”,这是新的剧本。
# site3.yml
- name: site playbook (dummy site)
hosts: localhost
gather_facts: no
vars:
thisisfalse: '{{ "any string" is ansible.builtin.vault_encrypted }}'
thisistrue: '{{ "$ANSIBLE_VAULT;1.2;AES256;dev...." is ansible.builtin.vault_encrypted }}'
tasks:
- name: show example1
ansible.builtin.debug:
var: thisisfalse
- name: show example2
ansible.builtin.debug:
var: thisistrue
# Results:
# PLAYBOOK: site3.yml ***********************************************************************************************************************************************************************************************************************
# 1 plays in site3.yml
# PLAY [site playbook (dummy site)] *********************************************************************************************************************************************************************************************************
# TASK [show example1] **********************************************************************************************************************************************************************************************************************
# task path: /home/sjf/tick/site3.yml:13
# Tuesday 30 July 2024 18:42:47 +0000 (0:00:00.005) 0:00:00.005 **********
# ok: [localhost] =>
# thisisfalse: false
# TASK [show example2] **********************************************************************************************************************************************************************************************************************
# task path: /home/sjf/tick/site3.yml:17
# Tuesday 30 July 2024 18:42:47 +0000 (0:00:00.019) 0:00:00.025 **********
# ok: [localhost] =>
# thisistrue: false
从结果中可以看出,它不再出错,但不幸的是“thisisfalse”变量和“thisistrue”变量都是假的。所以它仍然不起作用。 有人看到我做错了什么吗?
感谢您的帮助。
$ANSIBLE_VAULT;1.2;AES256;dev........如果我们确实采用了有效的保险库加密值,例如创建加密变量页面中的值,则测试将按照您的预期做出反应:
- debug:
msg: "{{ the_secret is ansible.builtin.vault_encrypted }}"
vars:
the_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
62313365396662343061393464336163383764373764613633653634306231386433626436623361
6134333665353966363534333632666535333761666131620a663537646436643839616531643561
63396265333966386166373632626539326166353965363262633030333630313338646335303630
3438626666666137650a353638643435666633633964366338633066623234616432373231333331
6564
产量:
ok: [localhost] =>
msg: true