我试图弄清楚如何确定 SSH 密钥文件是否加密。这已记录在here。 因此,我使用文档中的两个示例开发了一个简单的 Ansible playbook。
# site2.yml
- name: site playbook (dummy site)
hosts: localhost
gather_facts: no
vars:
thisisfalse: '{{ "any string" is ansible_vault }}'
thisistrue: '{{ "$ANSIBLE_VAULT;1.2;AES256;dev...." is ansible_vault }}'
tasks:
- name: show example1
ansible.builtin.debug:
var: thisisfalse
- name: show example2
ansible.builtin.debug:
var: thisistrue
# Results:
#
# fatal: [localhost]: FAILED! =>
# msg: 'An unhandled exception occurred while templating ''{{ "any string" is ansible_vault }}''.
# Error was a <class ''ansible.errors.AnsibleError''>, original message: template error while templating string:
# Could not load "ansible_vault": ''ansible_vault''.
# String: {{ "any string" is ansible_vault }}.
# Could not load "ansible_vault": ''ansible_vault'''
所以,正如你在上面看到的,它似乎不喜欢
ansible_vaultansible.builtin.vault_encryptedansible_vaultansible_vaultansible.builtin.vault_encrypted# site3.yml
- name: site playbook (dummy site)
hosts: localhost
gather_facts: no
vars:
thisisfalse: '{{ "any string" is ansible.builtin.vault_encrypted }}'
thisistrue: '{{ "$ANSIBLE_VAULT;1.2;AES256;dev...." is ansible.builtin.vault_encrypted }}'
tasks:
- name: show example1
ansible.builtin.debug:
var: thisisfalse
- name: show example2
ansible.builtin.debug:
var: thisistrue
# Results:
# PLAYBOOK: site3.yml ***********************************************************************************************************************************************************************************************************************
# 1 plays in site3.yml
# PLAY [site playbook (dummy site)] *********************************************************************************************************************************************************************************************************
# TASK [show example1] **********************************************************************************************************************************************************************************************************************
# task path: /home/sjf/tick/site3.yml:13
# Tuesday 30 July 2024 18:42:47 +0000 (0:00:00.005) 0:00:00.005 **********
# ok: [localhost] =>
# thisisfalse: false
# TASK [show example2] **********************************************************************************************************************************************************************************************************************
# task path: /home/sjf/tick/site3.yml:17
# Tuesday 30 July 2024 18:42:47 +0000 (0:00:00.019) 0:00:00.025 **********
# ok: [localhost] =>
# thisistrue: false
正如您在结果中看到的,它不再出错,但不幸的是,thisisfalse变量和
thisistrue有人看到我做错了什么吗?
$ANSIBLE_VAULT;1.2;AES256;dev....实际上并不是一个
valid的加密值,最后的省略号(
....)就是指向它的线索。如果我们确实采用了有效的保险库加密值,例如创建加密变量页面中的值,那么测试将按照您的预期做出反应:
- debug:
msg: "{{ the_secret is ansible.builtin.vault_encrypted }}"
vars:
the_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
623133653966623430613934643361633837643737646136336536343062313864336
264366233616134333665353966363534333632666535333761666131620a66353764
643664383961653164356163396265333966386166373632626539326166353965363
2626330303336303133386463353036303438626666666137650a3536386434356666
336339643663386330666232346164323732313333316564
产量:
ok: [localhost] =>
msg: true