我正在将密码传递给 ansible playbook 中的 sudo,如下所示:
echo <password> | sudo -S su - <username>
一切运行正常。但问题是,在我的输出中密码是可见的。
有什么方法可以隐藏密码或至少加密它吗?我的剧本是这样的:
- name: Weblogic Server control
hosts: "appserver"
tasks:
- name: Ansible copy file to remote server
shell:
cmd: |
echo "{{ansible_password}}" | sudo -S su - dmsc
echo "{{ansible_password}}" | sudo -S su - dmsc << EOF
id
cp /home/svc-rb_auto_non_prod/emc-dfs-demo.ear /local/apps/dmscsp/wls1213/user_projects/domains/scspqa_domain/servers/scspqa_admin/upload/emc-dfs-demo.ear
EOF
register: shell_out
- debug:
var: shell_out
------
输出:
TASK [debug] ******************************************************************************************************
ok: [appserver] => {
"shell_out": {
"changed": true,
"cmd": [
"echo",
"siva123",
"|",
"sudo",
"-S",
"su",
"-",
"ls",
"EOF"
],
"delta": "0:00:00.004095",
"end": "2018-10-31 02:42:40.627875",
"failed": false,
"rc": 0,
"start": "2018-10-31 02:42:40.623780",
"stderr": "",
"stderr_lines": [],
"stdout": "siva123 | sudo -S su - ls EOF",
"stdout_lines": [
"siva123 | sudo -S su - ls EOF"
]
答案1
您希望no_log: true将属性添加到任务中。这在Ansible 文档并先前回答过https://serverfault.com/questions/681832/how-can-i-stop-ansible-from-writing-passwords-to-the-logfiles#766095