Zoplos/ansible-example

Procedure

• create an inventory file (e.g. hosts or hosts.yaml) that holds the remote hosts that ansible will handle.
• run

ansible -m ping all

to check connectivity

• run testing environment

cd vagrant
vagrunt up
vagrant ssh-config >> ~/.ssh/config

• run a playbook

ansible-playbook -l database playbooks/database.yml

Vault

• create a file that holds the secret

touch playbooks/vars/api_key.yml

• encrypt the file

ansible-vault encrypt playbooks/vars/api_key.yml

• run task that needs this file

ansible-playbook playbooks/use-api-key.yaml --ask-vault-pass

and you will be asked to provide the password

• edit the encrypoted file with

ansible-vault edit playbooks/vars/api_key.ym

• use stored password to decrypt create a file that holds the password with 600 permissions

vim ~/.ansible/vault_pass.txt
chmod 600 ~/.ansible/vault_pass.txt

ansible-playbook playbooks/use-api-key.yaml --vault-password-file  ~/.ansible/vault_pass.txt

Create self-signed certificates

cd files/certs
openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 --nodes -subj '/C=GR/O=myorganization/OU=it/CN=myorg.com'

notice that crt and key files are added to .gitignore

• postgres install postgresql role

ansible-galaxy install geerlingguy.postgresql

Docker

ansible-galaxy install geerlingguy.docker
ansible-galaxy install geerlingguy.pip

Jenkins

ansible-galaxy install geerlingguy.jenkins
ansible-galaxy install geerlingguy.java

Links

• apt module

• file module

• copy module

• service module

• debconf module

• ansible postgres role