Dummy Credentials repository to demonstrate how to bootstrap a tower instance with CI/CD jobs.
This project serves as the inventory source for the Ansible Tower Configuration project.
The projects CREDENTIAL_CONFIG.yml
file contains a list of variables which need to be changed to suit your own tower environment. Once these variables have been changed,the bootstrap.yml
playbook consumes the CREDENTIAL_CONFIG.yml
file, encrypts any variables containing sensitive information using the supplied Ansible vault password, and then places each of the variables into the relevant group_vars file. The CREDENTIAL_CONFIG.yml
file itself is then encrypted using the same Ansible vault password.
NOTE: This project should be forked and made private before proceeding with the following setup steps.
- Clone this project.
git clone https://github.com/<forked_repository_org>/tower_dummy_credentials
-
Change the variable values in the
CREDENTIALS_CONFIG.yml
file. A list of all variables that need to be changed along with their usage can be found HERE. -
From the projects root directory, run the
bootstrap.yml
playbook, specifying the path to theCREDENTIALS_CONFIG.yml
file.
ansible-playbook -i ./inventories/hosts bootstrap.yml --extra-vars='@CREDENTIALS_CONFIG.yml'
The following steps outline the process of adding new variables to the project. Please ensure that all new variables are also added to the VARIABLES.md file.
-
Add the variable to the
CREDENTIAL_CONFIG.yml
file with a default value of<CHANGEME>
. -
Add an entry within the
with_items
section of the bootstrap_credentials.yml file, replacingnew_variable
in the both the name and value fields with the name of the new variable.
- { name: 'new_variable', value: '{{ new_variable }}' }
- Add the new variable to the relevant file template located in
roles/credentials/templates
using the below format, ensuring that the variable to substitute in the template has_enc
appended to the end of the variable name.
new_variable: !vault
|
{{ new_variable_enc }}
-
Add the variable to the
CREDENTIAL_CONFIG.yml
file with a value of<CHANGEME>
. -
Add the new variable to the relevant file template located in
roles/credentials/templates
, ensuring that the variables value is the name of the variable, placed within brackets.
new_variable: {{ new_variable }}
Encrypted files and variables can be decrypted using the commands below, where the password is the vault-password
variable value specified in your local copy of the CREDENTIAL_CONFIG.yml
file.
ansible-vault decrypt '<path-to-file-to-decrypt>'
ansible localhost -m debug -a var='<variable-name>' -e '@<path-to-file>' --ask-vault-pass
The bootstrap.yml
playbook can be re-run to update variable values.
-
Decrypt the
CREDENTIALS_CONFIG.yml
file as per here. -
Make the required update/s
-
Re-run the
bootstrap.yml
playbook