# ansible

The ansible files for the pains-perdus infra.

## Deploy a playbook

`ansible-playbook playbook.yml`

Add `--check` to do a dry run

## Edit the vault

`ansible-vault edit group_vars/all/vault`

with the edditor defined in the env varible `$EDITOR` and the password of the vault in the file `.vault_password` (Carefull not to commit it!!!)

## SSH key whith passphrase

To avoid entering the passphrase of the ssh key for each host, we have to use an ssh-agent.
The ssh-agent with xonsh does not really works, so in my case I have to use ansible and the agent inside a sh process:

```
sh
eval `ssh-agent -s`
ssh-add
ansible all -m ping # or whatever you want to do with ansible
exit
```

## Vault managment

To use multiple vaults with multiple password, we use vault id.
The mapping vault-id@password-file is done in ansible.cfg under [defaults] in vault_identity_list:
`vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password`

To create a new vault with an id and password registered in ansible.cfg:
`ansible-vault create --encrypt-vault-id user_vault group_vars/all/user_vault`