Handy scripts for using Ansible
Name | Purpose |
---|---|
ct-avds.sh | mimics what ansible-vault decrypt_string could be |
ct-combine-ssh-fragments.sh | combines ~/.ssh/cfg.d/*cfg into ~/.ssh/config |
ct-play.sh | wrapper around ansible-playbook |
ct-vault.sh | wrapper around ansible-vault |
ct-avds.sh [-Pv] [-p vault_file] -f file
Ansible Vault Decrypt String. Parses a file with a single string that was encrypted with ansible-vault encrypt_string
and passes it to ansible-vault decrypt
.
Flag | Required? | Purpose |
---|---|---|
-P | no | prompts you for the ansible-vault password |
-f | yes | name of the file containing the encrypted string |
-p | no | name of the vault password file (default = ./.vault ) |
-v | no | produces extra out for testing (only use interactively) |
ct-combine-ssh-frgaments.sh [-ds]
Rather than try and manipulate ~/.ssh/config
directly, create files in ~/.ssh/cfg.d
and use this to combine them.
Flag | Required? | Purpose |
---|---|---|
-d | no | display diffs |
-s | no | soft mode: don't replace ~/.ssh/config and show intended diffs |
ct-play.sh [-adx] [OTHER_ARGS] -l limit -p playbook [-t tag1,,,tagN] [-s skiptag1,,,skiptagN]
The key thing about this script is that chech mode is the default.
Flag | Required? | Purpose |
---|---|---|
-a | no | required with -l all to confirm you mean it |
-d | no | diff mode |
-l limit | yes | limit to operate on |
-p playbook | yes | playbook to run |
-s tag1,,,tagN | no | tags to skip |
-t tag1,,,tagN | no | tags to choose |
-x | no | switches to live mode (default is check-mode) |
others | no | to be added |
Based on StackOverflow
ct-strip-escape-codes.sh filename
or
someProcess | ct-strip-escape-codes.sh
ct-vault.sh [-SVdehnsv] [-F vault_file] [-a <decrypt|encrypt|view>] [-g grep_string] -f file
The script will detect whether a file is vaulted or not and factor that in.
Flag | Required? | Purpose |
---|---|---|
-F path | no | location of the vault file (default= ./.vault ) |
-S | no | do not save a copy of the decrypted file |
-V | no | set vault file to empty string |
-a action | no | valid actions are [decrypt, encrypt, view] (default=view) |
-d | no | same as -a decrypt |
-e | no | same as -a encrypt |
-f filename | yes | filename to operate on |
-g string | no | combines view and grep |
-h | no | echo usage string and exit |
-n | no | soft mode, echoes command that would have been run and exits |
-s | no | save a copy of the decrypted file so that you can diff for changes (default) |
-v | no | verbose mode |