2020-10-05 09:38:11 +02:00
|
|
|
# ansible
|
|
|
|
|
|
2021-01-22 22:21:08 +01:00
|
|
|
The ansible files for the pains-perdus infra.
|
|
|
|
|
|
|
|
|
|
## Deploy a playbook
|
|
|
|
|
|
|
|
|
|
`ansible-playbook playbook.yml`
|
|
|
|
|
|
|
|
|
|
Add `--check` to do a dry run
|
2021-01-22 22:52:57 +01:00
|
|
|
|
|
|
|
|
## Edit the vault
|
|
|
|
|
|
|
|
|
|
`ansible-vault edit group_vars/all/vault`
|
|
|
|
|
|
|
|
|
|
with the edditor defined in the env varible `$EDITOR` and the password of the vault in the file `.vault_password` (Carefull not to commit it!!!)
|
2021-01-22 23:11:38 +01:00
|
|
|
|
|
|
|
|
## SSH key whith passphrase
|
|
|
|
|
|
|
|
|
|
To avoid entering the passphrase of the ssh key for each host, we have to use an ssh-agent.
|
|
|
|
|
The ssh-agent with xonsh does not really works, so in my case I have to use ansible and the agent inside a sh process:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
sh
|
|
|
|
|
eval `ssh-agent -s`
|
|
|
|
|
ssh-add
|
|
|
|
|
ansible all -m ping # or whatever you want to do with ansible
|
|
|
|
|
exit
|
|
|
|
|
```
|
2021-01-29 22:27:04 +01:00
|
|
|
|
|
|
|
|
## Vault managment
|
|
|
|
|
|
|
|
|
|
To use multiple vaults with multiple password, we use vault id.
|
|
|
|
|
The mapping vault-id@password-file is done in ansible.cfg under [defaults] in vault_identity_list:
|
|
|
|
|
`vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password`
|
|
|
|
|
|
|
|
|
|
To create a new vault with an id and password registered in ansible.cfg:
|
|
|
|
|
`ansible-vault create --encrypt-vault-id user_vault group_vars/all/user_vault`
|
2021-01-30 16:21:27 +01:00
|
|
|
|
|
|
|
|
## User managment
|
|
|
|
|
|
|
|
|
|
The user managment role allows to manage user.
|
|
|
|
|
|
|
|
|
|
Especially, it generate the described users on each hosts.
|
|
|
|
|
|
|
|
|
|
The password are stored in the variables in there hash form. The script `hash_passwd.py` can give you the hash of a password.
|
