Updated docs
This commit is contained in:
parent
23417a9a01
commit
2081ea949b
@ -16,6 +16,25 @@ This will give you a quick way to see what flags are supported without having to
|
|||||||
|
|
||||||
## Vault
|
## Vault
|
||||||
|
|
||||||
Vaults are a great way to store secrets in your source code. Never store insecure secrets in a file other then for quick testing. Even then, don't put unencrypted secrets in public locations.
|
Vaults are a great way to store secrets in your source code. Never store insecure secrets in a file other then for quick testing. Even then, don't put un-encrypted secrets in public locations.
|
||||||
|
|
||||||
|
### Config changes
|
||||||
|
|
||||||
|
Before you use ansible-value you will want to update your ansible.cfg file. Uncomment ```#vault_password_file``` and update it to where you will store your secret file. This is a file that should be added to ```.gitignore``` so that the password is stored safely. For reference I use .ansible_vault as my file and you can see my .gitignore file to see how I ignore it.
|
||||||
|
|
||||||
|
### How to use Vault
|
||||||
|
|
||||||
|
Make sure you adjusted your ansible.cfg before doing this. That password is how vault decrypts values.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
echo 'secret' > .ansible_vault
|
||||||
|
ansible-value encrypt_string 'sshPassword'
|
||||||
|
```
|
||||||
|
|
||||||
|
With the value that was exported you would add that to the playbook that needs to be able to decrypt the secret to use it.
|
||||||
|
Something to note. When the password that is stored in .ansible_vault that is defined in ansible.cfg changes, the vault might start to fail to decrypt strings. I have not made it that far yet with vault to confirm how much this is true.
|
||||||
|
|
||||||
|
## Roles
|
||||||
|
|
||||||
|
Roles are very important when it comes to Ansible. If you need to define how say pip handles actions you would build a role for it. With that role you can define how pip would work. Do not treat roles as your playbook. They are meant to be used as a guide and the playbook passes variables to the role to tell it how something should be configured.
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ all:
|
|||||||
hosts:
|
hosts:
|
||||||
172.20.0.142:
|
172.20.0.142:
|
||||||
vars:
|
vars:
|
||||||
ansible_user: ansible
|
ansible_user:
|
||||||
ansible_connection: ssh
|
ansible_connection: ssh
|
||||||
ansible_password:
|
ansible_password:
|
||||||
ansible_become_method: sudo
|
ansible_become_method: sudo
|
||||||
@ -17,7 +17,7 @@ all:
|
|||||||
hosts:
|
hosts:
|
||||||
dev01:
|
dev01:
|
||||||
vars:
|
vars:
|
||||||
ansible_user: ansible
|
ansible_user:
|
||||||
ansible_password:
|
ansible_password:
|
||||||
ansible_connection: winrm
|
ansible_connection: winrm
|
||||||
ansible_port: 5985
|
ansible_port: 5985
|
||||||
|
Loading…
Reference in New Issue
Block a user