问题
I'm trying to run an ansible playbook with the ansible_ssh_pass option to connect to the destination server.
ansible-playbook test-playbook.yml -i hosts -u daniel --extra-vars "{"ansible_ssh_pass":"u5!vuL!<35Lf?<>n'x"}"
The problem is that the password has special characters. I tried saving it using.
"password\'s"
"password"
"\"password\""
Any idea how can I save the password?
回答1:
Probably a little late but the exact solution to your specific problem is:
ansible-playbook test-playbook.yml -i hosts -u daniel --extra-vars ansible_ssh_pass=$'"u5!vuL!<35Lf?<>n\'x"'
The shell treats $'<string>' specially and escapes the single quote inside (see the backslash)
The outermost double quotes are necessary so that jinja2 template engine does not get confused inside ansible.
That being said, it is quite a bad idea to run the command like this for at least two reasons:
- It's not secure. Anyone with access to listing processes on the machine or to your shell history will be able to see the password.
- It's not flexible. Ansible extra variables provided on the command line have the highest precedence. If you add an other host in your inventory with a different ssh password, you won't be able to differentiate the two passwords.
For the first problem, and if you are sure you will only have one machine (or the same password everywhere), you could ask for the password interactively with vars_prompt for example (http://docs.ansible.com/ansible/latest/user_guide/playbooks_prompts.html)
The best approach solving both issues is to add the password using vault encryption to your inventory for the particular host. You then provide the overall vault password interactively (--ask-vault-pass) or through a well secured vault password file (--vault-password-file=) when you call the playbook.
回答2:
I know that for ansible-vault you can specify a password in a file, I am assuming that this would also work in this case, though I am not positive.
ansible-playbook test-playbook.yml -i hosts -u daniel --extra-vars ansible_ssh_pass=/path/to/file.txt
回答3:
If you remove the singe quote special char, you can do single quotes around the rest and it should work:
ansible-playbook test-playbook.yml -i hosts -u daniel -e ansible_ssh_pass='u5!vuL!<35Lf?<>nx'
来源:https://stackoverflow.com/questions/47101789/dealing-with-a-password-with-special-characters-in-ansible