Updated docs

This commit is contained in:
James Tombleson 2019-10-20 15:46:43 -07:00
parent 23417a9a01
commit 2081ea949b
2 changed files with 22 additions and 3 deletions

View File

@ -16,6 +16,25 @@ This will give you a quick way to see what flags are supported without having to
## Vault ## Vault
Vaults are a great way to store secrets in your source code. Never store insecure secrets in a file other then for quick testing. Even then, don't put unencrypted secrets in public locations. Vaults are a great way to store secrets in your source code. Never store insecure secrets in a file other then for quick testing. Even then, don't put un-encrypted secrets in public locations.
### Config changes
Before you use ansible-value you will want to update your ansible.cfg file. Uncomment ```#vault_password_file``` and update it to where you will store your secret file. This is a file that should be added to ```.gitignore``` so that the password is stored safely. For reference I use .ansible_vault as my file and you can see my .gitignore file to see how I ignore it.
### How to use Vault
Make sure you adjusted your ansible.cfg before doing this. That password is how vault decrypts values.
```bash
echo 'secret' > .ansible_vault
ansible-value encrypt_string 'sshPassword'
```
With the value that was exported you would add that to the playbook that needs to be able to decrypt the secret to use it.
Something to note. When the password that is stored in .ansible_vault that is defined in ansible.cfg changes, the vault might start to fail to decrypt strings. I have not made it that far yet with vault to confirm how much this is true.
## Roles
Roles are very important when it comes to Ansible. If you need to define how say pip handles actions you would build a role for it. With that role you can define how pip would work. Do not treat roles as your playbook. They are meant to be used as a guide and the playbook passes variables to the role to tell it how something should be configured.

View File

@ -7,7 +7,7 @@ all:
hosts: hosts:
172.20.0.142: 172.20.0.142:
vars: vars:
ansible_user: ansible ansible_user:
ansible_connection: ssh ansible_connection: ssh
ansible_password: ansible_password:
ansible_become_method: sudo ansible_become_method: sudo
@ -17,7 +17,7 @@ all:
hosts: hosts:
dev01: dev01:
vars: vars:
ansible_user: ansible ansible_user:
ansible_password: ansible_password:
ansible_connection: winrm ansible_connection: winrm
ansible_port: 5985 ansible_port: 5985