我正在尝试使用ansible_ssh_pass选项运行ansible剧本,以连接到目标服务器.
I'm trying to run an ansible playbook with the ansible_ssh_pass option to connect to the destination server.
ansible-playbook test-playbook.yml -i hosts -u daniel --extra-vars "{"ansible_ssh_pass":"u5!vuL!<35Lf?<>n'x"}"问题是密码具有特殊字符. 我尝试使用保存它.
The problem is that the password has special characters. I tried saving it using.
"password\'s" "password" "\"password\""知道如何保存密码吗?
推荐答案可能要迟一些,但是针对您的特定问题的确切解决方案是:
Probably a little late but the exact solution to your specific problem is:
ansible-playbook test-playbook.yml -i hosts -u daniel --extra-vars ansible_ssh_pass=$'"u5!vuL!<35Lf?<>n\'x"'shell特别对待$'<string>'并在其中转义单引号(请参见反斜杠)
The shell treats $'<string>' specially and escapes the single quote inside (see the backslash)
最外面的双引号是必需的,以便jinja2模板引擎不会在ansible中引起混淆.
The outermost double quotes are necessary so that jinja2 template engine does not get confused inside ansible.
话虽如此,至少有两个原因运行这样的命令是一个非常糟糕的主意:
That being said, it is quite a bad idea to run the command like this for at least two reasons:
- 这不安全.有权访问计算机上的列出进程或您的Shell历史记录的任何人都可以看到密码.
- 它不灵活.命令行上提供的其他额外变量具有最高优先级.如果您在清单中添加其他主机并使用不同的ssh密码,则将无法区分这两个密码.
对于第一个问题,如果您确定只有一台机器(或到处都使用相同的密码),则可以使用vars_prompt交互地要求输入密码(例如, docs.ansible/ansible/latest/user_guide/playbooks_prompts.html )
For the first problem, and if you are sure you will only have one machine (or the same password everywhere), you could ask for the password interactively with vars_prompt for example (docs.ansible/ansible/latest/user_guide/playbooks_prompts.html)
解决这两个问题的最佳方法是使用库加密将密码添加到特定主机的清单中.然后,当您调用该剧本时,可以交互方式(--ask-vault-pass)或通过安全性较高的保险库密码文件(--vault-password-file =)提供整个保险库密码.
The best approach solving both issues is to add the password using vault encryption to your inventory for the particular host. You then provide the overall vault password interactively (--ask-vault-pass) or through a well secured vault password file (--vault-password-file=) when you call the playbook.
更多推荐
在Ansible中处理带有特殊字符的密码
发布评论