about ansible version
check version.
# ansible --version ansible 2.6.1 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] #
use ansible-vault.
This is inventory file.
# cat hosts [test] node01 ansible_host=172.16.10.101 ansible_user=root #
I encrypt host vars file.
Before:
# cat host_vars/node01.yml --- ansible_ssh_pass: <pass> #
I use ansible-vault
command to encrypt this file for "Host Variables".
# ansible-vault encrypt host_vars/node01.yml New Vault password: Confirm New Vault password: Encryption successful #
After:
# cat host_vars/node01.yml $ANSIBLE_VAULT;1.1;AES256 *snip* #
After I encrypted inventory file by ansible-vault
, I execute ansible without --ask-vault-pass
option.
This result is ERROR.
# ansible-playbook -i hosts access.yml PLAY [test] **************************************************************************************** ERROR! Attempting to decrypt but no vault secrets found #
so I execute ansible without --ask-vault-pass
option
# ansible-playbook -i hosts access.yml --ask-vault-pass Vault password: PLAY [test] **************************************************************************************** TASK [Gathering Facts] ***************************************************************************** ok: [node01] TASK [Execute hostname] **************************************************************************** changed: [node01] TASK [Execute id] ********************************************************************************** changed: [node01] TASK [Execute date] ******************************************************************************** changed: [node01] PLAY RECAP ***************************************************************************************** node01 : ok=4 changed=3 unreachable=0 failed=0 #
and I can also use --vault-password-file
option.
# vi vault.txt # ansible-playbook -i hosts access.yml --vault-password-file=./vault.txt PLAY [test] **************************************************************************************** *snip* PLAY RECAP ***************************************************************************************** node01 : ok=4 changed=3 unreachable=0 failed=0 #
or use --vault-id
option.
# ansible-playbook -i hosts access.yml --vault-id vault.txt PLAY [test] **************************************************************************************** *snip* PLAY RECAP ***************************************************************************************** node01 : ok=4 changed=3 unreachable=0 failed=0 #