Manage secrets (certificates, SSH keys, ...) deployments.
This should be useful to remove duplicate tasks on other roles.
This role requires Ansible 2.0 or higher, and platform requirements are listed in the metadata file.
This role contains two tests methods :
- locally using Vagrant
- automatically with Travis
- install Vagrant
- install Vagrant serverspec plugin $ vagrant plugin install vagrant-serverspec
- install ruby dependencies $ bundle install
-
if Vagrant box not running $ vagrant up
-
if Vagrant box running $ vagrant provision
# CA certificates deployment
secrets_ca_certificates_dest_folder: '/etc/ssl/certs'
secrets_ca_certificates_dest_owner: 'root'
secrets_ca_certificates_dest_group: 'root'
secrets_ca_certificates_dest_mode: '0644'
secrets_ca_certificates_from_yaml: []
secrets_ca_certificates_from_file: []
# Private keys deployment
secrets_ssh_private_keys_mode: '0400'
secrets_ssh_private_keys_from_yaml: []
secrets_ssh_private_keys_from_file: []
Manage your vars files in your plays and simply use this syntax:
# From YAML
secrets_ca_certificates_from_yaml:
- filename: 'my_ca_cert.pem'
content: 'dqsdqsdqsdqsdqsd'
- "{{ ca_certs.foo }}"
# From files
secrets_ca_certificates_from_file:
- src: files/foo.pem
filename: 'foo.pem'
Manage your vars files in your plays and simply use the following syntax. If 'state' is not defined, it's same as 'present' value.
# From YAML
secrets_ssh_private_keys_from_yaml:
- dest: '/home/foo/.ssh/foo.rsa'
content: 'dqsdqsdqsdqsdqsd'
owner: 'foo'
group: 'foo'
- "{{ private_keys.foo }}"
# From files
secrets_ssh_private_keys_from_file:
- src: 'files/foo.pem'
dest: '/home/foo/.ssh/foo.rsa'
owner: 'foo'
group: 'foo'
None
- hosts: servers
roles:
- { role: Temelio.secrets }
MIT
Alexandre Chaussier (for Temelio company)
- http://temelio.com
- alexandre.chaussier [at] temelio.com