Procedure
- create an inventory file (e.g. hosts or hosts.yaml) that holds the remote hosts that ansible will handle.
- run
ansible -m ping all
to check connectivity
- run testing environment
cd vagrant
vagrunt up
vagrant ssh-config >> ~/.ssh/config
- run a playbook
ansible-playbook -l database playbooks/database.yml
- create a file that holds the secret
touch playbooks/vars/api_key.yml
- encrypt the file
ansible-vault encrypt playbooks/vars/api_key.yml
- run task that needs this file
ansible-playbook playbooks/use-api-key.yaml --ask-vault-pass
and you will be asked to provide the password
- edit the encrypoted file with
ansible-vault edit playbooks/vars/api_key.ym
- use stored password to decrypt create a file that holds the password with 600 permissions
vim ~/.ansible/vault_pass.txt
chmod 600 ~/.ansible/vault_pass.txt
ansible-playbook playbooks/use-api-key.yaml --vault-password-file ~/.ansible/vault_pass.txt
cd files/certs
openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 --nodes -subj '/C=GR/O=myorganization/OU=it/CN=myorg.com'
notice that crt and key files are added to .gitignore
- postgres install postgresql role
ansible-galaxy install geerlingguy.postgresql
ansible-galaxy install geerlingguy.docker
ansible-galaxy install geerlingguy.pip
ansible-galaxy install geerlingguy.jenkins
ansible-galaxy install geerlingguy.java