setup new vault
This commit is contained in:
parent
22c4727107
commit
1683482dd3
6 changed files with 43 additions and 2 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -1,3 +1,4 @@
|
||||||
# ---> Ansible
|
# ---> Ansible
|
||||||
*.retry
|
*.retry
|
||||||
.vault_password
|
.main_vault_password
|
||||||
|
.user_vault_password
|
||||||
|
|
|
@ -26,3 +26,12 @@ ssh-add
|
||||||
ansible all -m ping # or whatever you want to do with ansible
|
ansible all -m ping # or whatever you want to do with ansible
|
||||||
exit
|
exit
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Vault managment
|
||||||
|
|
||||||
|
To use multiple vaults with multiple password, we use vault id.
|
||||||
|
The mapping vault-id@password-file is done in ansible.cfg under [defaults] in vault_identity_list:
|
||||||
|
`vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password`
|
||||||
|
|
||||||
|
To create a new vault with an id and password registered in ansible.cfg:
|
||||||
|
`ansible-vault create --encrypt-vault-id user_vault group_vars/all/user_vault`
|
||||||
|
|
|
@ -20,7 +20,8 @@ forks = 15
|
||||||
# Some SSH connection will take time
|
# Some SSH connection will take time
|
||||||
timeout = 60
|
timeout = 60
|
||||||
|
|
||||||
vault_password_file = .vault_password
|
vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password
|
||||||
|
#vault_password_file = .vault_password
|
||||||
|
|
||||||
[privilege_escalation]
|
[privilege_escalation]
|
||||||
|
|
||||||
|
|
8
group_vars/all/user_vault
Normal file
8
group_vars/all/user_vault
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
$ANSIBLE_VAULT;1.2;AES256;user_vault
|
||||||
|
37313030326130633030646433616330333664343237343231353463376434343938353766356464
|
||||||
|
3731313633666539353130376139306663653336356363640a643465666563366635343763643931
|
||||||
|
61383664353531643035333033623865396562613562353438666264343334613461626130386566
|
||||||
|
3637656132353236660a366562633064333034633464343661663538353263643237313735366435
|
||||||
|
38393639326233333938636636396363666536366139623666653434316537326430333333376638
|
||||||
|
37663734653162633462653864353663323564623639313639326435313939336162643935383831
|
||||||
|
303931333131396565393336653732626134
|
16
roles/create_users/tasks/main.yml
Normal file
16
roles/create_users/tasks/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
#- name: Generate user
|
||||||
|
# user:
|
||||||
|
# name: "{{ item.name }}"
|
||||||
|
# group: "{{ item.groups }}"
|
||||||
|
# loop: "{{ uservault_users }}"
|
||||||
|
#
|
||||||
|
- name: Test
|
||||||
|
debug:
|
||||||
|
msg: "{{ item.name }}"
|
||||||
|
loop: "{{ uservault_users }}"
|
||||||
|
|
||||||
|
- name: Test name
|
||||||
|
debug:
|
||||||
|
msg: "{{ vault_email }}"
|
6
users.yml
Normal file
6
users.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- create_users
|
Loading…
Reference in a new issue