Otu esi eji Vault enwere ike na akwụkwọ egwu echekwa data nwere mmetụta - akụkụ 10

Ka ị na-aga n'ihu na-eji ike, enwere ike ịchọ ka ị tinye ụfọdụ ozi nzuzo ma ọ bụ nzuzo n'ime akwụkwọ egwuregwu. Nke a gụnyere igodo nzuzo SSH na ọha, okwuntughe, na asambodo SSL iji kpọtụrụ naanị ole na ole. Dị ka anyị maraworị, omume ọjọọ ya ịchekwa ozi a dị nro na ederede doro anya maka ihe doro anya. Ozi a chọrọ ka edobe ya n'okpuru mkpọchi na igodo n'ihi na anyị nwere ike iche n'echiche ihe ga-eme ma ọ bụrụ na ndị na-egwu hackers ma ọ bụ ndị ọrụ na-enyeghị ikike ejide ya.

Obi dị m ụtọ na Ansible na-enye anyị njirimara aka mara dị ka Vault Ansible. Dị ka aha ahụ na-egosi, Vault nwere ike na-enyere aka chekwaa ozi nzuzo dị mkpa dịka anyị tụlere na mbụ. Vault nwere ike izochi mgbanwe mgbanwe, ma ọ bụ ọbụlagodi faịlụ na akwụkwọ egwu YAML ka anyị ga-emecha gosi. Ọ bụ ngwá ọrụ dị oke aka na enyi na enyi nke chọrọ otu paswọọdụ mgbe ị na-ezobe na decrypting faịlụ.

Ka anyị banye ugbu a ma nwee nkọwapụta nke ọrụ dị iche iche a ga-eji rụọ ya site na iji Oghere Nleba anya.

Otu esi emepụta faịlụ ezoro ezo n'ime ike

Ọ bụrụ na ịchọrọ ịmepụta faịlụ Playbook ezoro ezo, jiri naanị ike mepụta iwu ike-vault wee nye aha faịlụ dịka egosiri.

# ansible-vault create filename

Dịka ọmụmaatụ, iji mepụta faịlụ ezoro ezo mysecrets.yml mebie iwu ahụ.

# ansible-vault create mysecrets.yml

A ga-akpali gị ka ị nweta paswọọdụ, mgbe ị kwadoro ya, windo ọhụrụ ga-emeghe site na iji nchịkọta akụkọ vi ebe ị nwere ike ịmalite ide ihe nkiri gị.

N'okpuru bụ ihe atụ nke ozi ụfọdụ. Ozugbo ịmechara naanị chekwaa wee pụọ na akwụkwọ egwuregwu. Ma nke ahụ bụ naanị ya mgbe ị na-eke faịlụ ezoro ezo.

Iji nyochaa izo ya ezo faịlụ, jiri iwu pusi ka egosiri.

# cat mysecrets.yml

Otu esi ele faịlụ ezoro ezo n'ime ike

Ọ bụrụ n’ịchọrọ ịlele faịlụ ezoro ezo, gafere naanị iwu nlele-vault dị ka egosiri n'okpuru.

# ansible-vault view mysecrets.yml

Ọzọkwa, a ga-akpali gị maka paswọọdụ. Ọzọkwa, ị ga-enweta ozi gị.

Otu esi edezi faịlụ ezoro ezo na ike

Iji mee mgbanwe na faịlụ ezoro ezo, jiri iwu ndezi nwere ike-vault dị ka egosiri.

# ansible-vault edit mysecrets.yml

Dị ka oge niile, nye paswọọdụ wee gaa n'ihu na-edezi faịlụ ahụ.

Mgbe ịmechara ndezi, chekwaa wee pụọ na editọ vim.

Otu esi agbanwe paswọọdụ Vault enwere ike

Ọ bụrụ na ọ dị gị ka ọ dị mkpa ịgbanwe paswọọdụ vault nke enwere ike ime ya, ị nwere ike ime ya ngwa ngwa site na iji iwu rekey nwere ike ime nke a dị ka egosiri n'okpuru.

# ansible-vault rekey mysecrets.yml

Nke a na-akpali gị maka paswọọdụ vault ma emesia rịọ gị ka itinye paswọọdụ ọhụrụ wee mechaa kwado ya.

Otu esi ezochi faịlụ ezoro ezo n'ime ike

Ka e were ya na ịchọrọ izochi faịlụ ezoro ezo, ị nwere ike ime ya site n'ịgbaso iwu encrypt nke ansible-vault dị ka egosiri.

# ansible-vault encrypt classified.txt

Ị nwere ike mechaa lelee faịlụ ahụ site na iji iwu pusi dịka egosiri n'okpuru.

Otu esi ewepụ faịlụ ezoro ezo

Ka ilele ọdịnaya nke faịlụ ezoro ezo, naanị degharịa faịlụ ahụ site na iji ihe mkpuchi nwere ike ime ka egosiri na ihe atụ dị n'okpuru.

# ansible-vault decrypt classified.txt

Otu esi ezochi ụdị mgbanwe dị iche iche n'ime ike

Na mgbakwunye, Vault Ansible na-enye gị ike izochi ụfọdụ mgbanwe. A na-eme nke a site na iji iwu ike-vault encrypt_string dị ka egosiri.

# ansible-vault encrypt_string 

Vault nwere ike ime ga-akpali gị maka paswọọdụ ma emechaa chọọ ka ị kwado ya. Na-esote, pịnye uru eriri nke ịchọrọ izo ya ezo. N'ikpeazụ, pịa ctrl+d. Mgbe nke ahụ gasịrị, ịnwere ike ịmalite ịnye uru ezoro ezo na akwụkwọ egwuregwu.

Enwere ike ime nke a n'otu ahịrị dị ka egosiri n'okpuru.

# ansible-vault encrypt_string 'string' --name 'variable_name'

Otu esi ewepụ faịlụ Playbook n'oge ọ na-agba ọsọ

Ọ bụrụ na ị nwere faịlụ playbook ma chọọ imebi ya n'oge ọ na-agba ọsọ, jiri nhọrọ --ask-vault-pass dị ka e gosipụtara.

# ansible-playbook deploy.yml --ask-vault-pass

Nke a na-ewepụ faịlụ niile a na-eji na akwụkwọ egwuregwu ma ọ bụrụhaala na ejiri otu paswọọdụ ezoro ha.

Mkpesa okwuntughe nwere ike iwe iwe mgbe ụfọdụ. Ihe mkpali ndị a na-eme ka akpaaka ghara ịdịgide, ọkachasị mgbe akpaaka bụ isi. Ka iwelie usoro nke decrypting playbooks n'oge a na-agba ọsọ, a na-atụ aro ka ịnwe faịlụ paswọọdụ dị iche nke nwere paswọọdụ vault nwere ike. Enwere ike ịfefe faịlụ a n'oge ọsọ ọsọ dịka egosiri.

# ansible-playbook deploy.yml --vault-password-file  /home/tecmint/vault_pass.txt

Nke a na-ewetara anyị na nkwubi okwu nke isiokwu a na usoro akpaaka nwere ike ime. Anyị na-atụ anya na nkuzi ahụ ewepụtala ụfọdụ ihe ọmụma bara uru gbasara otu ị ga-esi rụọ ọrụ n'ofe ọtụtụ sava site na otu sistemụ etiti.