synchronization

2025-08-25 17:53:08 +08:00
commit c201eb5ef9
318 changed files with 23092 additions and 0 deletions
--- a/CICD/Ansible/Docs/Ansible加密.md
+++ b/CICD/Ansible/Docs/Ansible加密.md
@@ -0,0 +1,164 @@
+> 本文作者：丁辉
+
+# Ansible 加密
+
+- 创建加密文件
+
+  ```bash
+  ansible-vault create password.yml
+  ```
+
+  > 示例
+  >
+  > ```bash
+  > [root@offends]# ansible-vault create password.yml
+  > New Vault password: # 输入加密密码
+  > Confirm New Vault password: # 二次输入加密密码
+  > ```
+
+- 指定文件加密
+
+  ```bash
+  ansible-vault encrypt /etc/ansible/hosts
+  ```
+
+- 加密字符串
+
+  ```bash
+  ansible-vault encrypt_string 123456
+  ```
+
+- 编辑加密文件
+
+  ```bash
+  ansible-vault edit password.yml
+  ```
+
+- 重新加密文件
+
+  ```bash
+  ansible-vault rekey password.yml
+  ```
+
+- 文件解密
+
+  ```bash
+  ansible-vault decrypt password.yml
+  ```
+
+- 查看加密数据文件原文
+
+  ```bash
+  ansible-vault view password.yml
+  ```
+
+# 剧本的使用
+
+- 编写一份 `demo.yml` 剧本文件
+
+  ```bash
+  vi demo.yml
+  ```
+
+  ```yml
+  ---
+  - hosts: node1
+    # 定义变量
+    vars:
+      - user_password: !vault |
+            $ANSIBLE_VAULT;1.1;AES256
+            36616162626462323130626563393433663637383166613262333433313534386561666531633837
+            3663636662663363303463313662333064326537343563340a653566346636333633383163623662
+            37386432626437636464386339316366346665383935336564623630333238353661666566343036
+            3338613861393061320a626464306230626265656163613730303035613161616235373539613333
+            6164
+  
+    tasks:
+      - name: display variable from encryption variable 
+        ansible.builtin.debug:
+          msg: The user password is {{ user_password }}
+  ```
+
+- 通过询问口令执行剧本
+
+  ```bash
+  ansible-playbook demo.yml -v --ask-vault-pass
+  ```
+
+- 从密码文件中读取口令执行剧本
+
+  ```bash
+  echo '密钥密码' > .pwdfile && chmod 600 .pwdfile
+  ```
+
+  ```bash
+  ansible-playbook demo.yml -v --vault-id .pwdfile
+  ```
+
+# 加密用户密码
+
+- 创建变量文件
+
+  ```bash
+  mkdir vars -p
+  vi vars/user_list.yml
+  ```
+
+  ```yml
+  user_hosts:
+    - all
+  user_info:
+    - user: demo
+      # 密码需要用引号括起来,避免纯数字密码被解析成int类型数字
+      password: "123456"
+      # 备注信息可以使用中文，但尽量不用中文
+      comment: "hello"
+  ```
+
+- 创建剧本文件
+
+  ```bash
+  vi user.yml
+  ```
+
+  ```yml
+  - hosts: "{{ user_hosts }}"
+    vars_files:
+      - demo.yml
+    tasks:
+      - name: display variable from variable list
+        ansible.builtin.debug:
+          msg: |
+            The username is "{{ item.user }}",
+            the password is "{{ item.password }}",
+            the comment is "{{ item.comment }}".
+        loop: "{{ user_info }}"
+      - name: create users
+        ansible.builtin.user:
+          name:  "{{ item.user }}"
+          password: "{{ item.password|password_hash('sha512') }}"
+          comment: "{{ item.comment }}"
+          state: present
+        loop: "{{ user_info }}"
+        become: yes
+  ```
+
+- 加密变量文件
+
+  ```bash
+  ansible-vault encrypt vars/user_list.yml
+  ```
+
+- 执行剧本
+
+  ```bash
+  ansible-playbook user.yml -v --ask-vault-pass
+  ```
+
+- 查看是否创建用户
+
+  ```bash
+  tail -n 1 /etc/passwd
+  ```
+
+