Yadda ake Amfani da Tattalin Arziƙi a cikin Littattafan Wasa don Kare bayanan Sirri - Kashi na 10

Yayin da kake ci gaba da amfani da Ansible, ƙila a buƙace ka da maballin wasu bayanan sirri ko na sirri a cikin littattafan wasan kwaikwayo. Wannan ya haɗa da maɓallan sirri na SSH da na jama'a, kalmomin shiga, da takaddun shaida na SSL don ambaci kaɗan. Kamar yadda muka riga muka sani, mummunan aikinsa don adana wannan bayanan mai mahimmanci a cikin rubutu bayyananne don dalilai bayyananne. Wannan bayanin yana buƙatar kiyaye shi a kulle da maɓalli saboda kawai zamu iya tunanin abin da zai faru idan masu fashin baki ko masu amfani da izini suka riƙe shi.

Abin godiya, Ansible yana ba mu fasali mai amfani wanda aka sani da Ansible Vault. Kamar yadda sunan ya nuna, Ansible Vault yana taimakawa amintaccen mahimman bayanan sirri kamar yadda muka tattauna a baya. Ansult Vault na iya ɓoye masu canji, ko ma gaba dayan fayiloli da YAML littattafan waƙa kamar yadda za mu nuna daga baya Yana da matukar amfani da kayan aiki mai amfani wanda ke buƙatar kalmar wucewa iri ɗaya yayin ɓoyewa da kuma share fayiloli.

Bari yanzu mu nitse a ciki kuma mu sami bayyani kan ayyuka daban-daban da za a iya aiwatar da su ta amfani da Ansible vault.

Yadda Ake Kirkirar Sirrin Sirri Cikin Sauti

Idan kuna son ƙirƙirar ɓoyayyen fayil na Playbook kawai kuyi amfani da amintaccen-vault ƙirƙirar umarni kuma ku samar da sunan fayil kamar yadda aka nuna.

# ansible-vault create filename

Misali, don ƙirƙirar ɓoyayyen fayil mysecrets.yml aiwatar da umurnin.

# ansible-vault create mysecrets.yml

Daga nan za a sa ku kalmar sirri, kuma bayan tabbatar da shi, sabon taga zai buɗe ta amfani da editan vi inda za ku fara rubuta wasanninku.

Da ke ƙasa akwai samfurin wasu bayanai. Da zarar an gama kawai ajiyewa da fita daga littafin wasan. Kuma wannan kawai game da shi lokacin ƙirƙirar ɓoyayyen fayil.

Don tabbatar da ɓoye fayil, yi amfani da umarnin cat kamar yadda aka nuna.

# cat mysecrets.yml

Yadda ake Duba Fayil ɗin Sirri cikin Sahihi

Idan kana son duba rufaffen fayil, kawai shigar da umarnin duba ansible-vault kamar yadda aka nuna a ƙasa.

# ansible-vault view mysecrets.yml

Har yanzu, za a sa ku kalmar sirri. Har yanzu kuma, zaku sami damar samun bayananka.

Yadda Ake Shirya Fayil ɗin Sirri cikin Sahihi

Don yin canje-canje ga rufaffen fayil yi amfani da umarnin gyara ikon amsa tambayoyin-kamar yadda aka nuna.

# ansible-vault edit mysecrets.yml

Kamar koyaushe, samar da kalmar sirri sannan daga baya a ci gaba da shirya fayil ɗin.

Bayan kun gama gyara, adana da fita daga editan vim.

Yadda Ake Canza Sahibin Kalmar sirri

Idan ka ji buƙatar canza kalmar sirri ta Ansible vault, zaka iya yin hakan ta amfani da umarnin rekey na ansible-vault rekey kamar yadda aka nuna a ƙasa.

# ansible-vault rekey mysecrets.yml

Wannan yana sa ku ga kalmar sirri ta sirri kuma daga baya ya buƙaci ku shigar da sabon kalmar sirri kuma daga baya ku tabbatar da ita.

Yadda Ake Shigar da Fayil din da ba a Sake cikin Sahihi ba

A ce kana son ɓoyayyen fayil da ba a ɓoye ba, za ka iya yin hakan ta hanyar tafiyar da umarnin ɓoye-ɓoyayyen bayanan sirri kamar yadda aka nuna.

# ansible-vault encrypt classified.txt

Daga baya zaku iya duba fayil ɗin ta amfani da umarnin cat kamar yadda aka nuna a ƙasa.

Yadda zaka warware Sirrin da aka rufa

Don duba abin da ke cikin ɓoyayyen fayil, sauƙaƙe cire fayil ɗin ta amfani da ɓoyayyen ɓoye kamar yadda aka nuna a misalin da ke ƙasa.

# ansible-vault decrypt classified.txt

Yadda ake ɓoye keɓaɓɓun canje-canje cikin Sahihi

Allyari, Ansible vault yana ba ku ikon ɓoye wasu masu canji. Ana yin wannan ta amfani da umarnin ansible-vault encrypt_string kamar yadda aka nuna.

# ansible-vault encrypt_string 

Hanyar ajiya zata iya nemo maka kalmar shiga kuma daga baya ta bukaci ka tabbatar da ita. Na gaba, rubuta lambar ƙirar da kake son ɓoyewa. A ƙarshe, danna ctrl+d . Bayan haka, zaku iya fara ba da ƙimar ɓoyayyen a cikin littafin ɗan wasa.

Ana iya cimma wannan a layi ɗaya kamar yadda aka nuna a ƙasa.

# ansible-vault encrypt_string 'string' --name 'variable_name'

Yadda Ake Rage Fayil din Littafin Littafin Cikin Lokaci

Idan kana da fayil din littafin kunne kuma kana son yanke shi lokacin gudu, yi amfani da --ask-vault-pass kamar yadda aka nuna.

# ansible-playbook deploy.yml --ask-vault-pass

Wannan yana warware duk fayilolin da ake amfani da su a cikin littafin kunne idan har an ɓoye su ta amfani da kalmar wucewa iri ɗaya.

Bayanin kalmar sirri na iya zama m a wasu lokuta. Waɗannan faɗakarwa suna sa ikon sarrafawa ya zama ba zai yiwu ba, musamman ma lokacin da sarrafa kansa ke mabuɗin. Don daidaita ayyukan warware littattafan wasan kwaikwayo yayin aiki, ana ba da shawarar samun fayil na kalmar sirri daban wanda ya ƙunshi kalmar shiga ta Ansible vault. Ana iya wuce wannan fayil ɗin a lokacin gudu kamar yadda aka nuna.

# ansible-playbook deploy.yml --vault-password-file  /home/tecmint/vault_pass.txt

Wannan ya kawo mu ga ƙarshen wannan batun da kuma Ansible automation series. Muna fatan cewa koyarwar sun ba da wani ilimi mai amfani kan yadda zaku iya sarrafa kansa ayyuka a ƙetaren sabobin da yawa daga tsarin tsakiya ɗaya.