The ansible files for the pains-perdus infra.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
histausse 22595d2a8d
add apt exporter for bullseye
1 year ago
books install grafana 1 year ago
group_vars/all put grafana behind a rp 1 year ago
host_vars update rossum networking config 1 year ago
roles add apt exporter for bullseye 1 year ago
utils add script to generate vpn keys 2 years ago
.gitignore add keys 2 years ago
LICENSE Initial commit 2 years ago user the user module's password parameter 2 years ago toto list 1 year ago
ansible.cfg working role (I hope) using debian network/interface config instead of wg-quick 1 year ago
hosts register nodes on the server 1 year ago
run_playbook centralize the declaration of the intranet ip plan 2 years ago


The ansible files for the pains-perdus infra.

Deploy a playbook

ansible-playbook playbook.yml

Add --check to do a dry run

Edit the vault

ansible-vault edit group_vars/all/vault

with the edditor defined in the env varible $EDITOR and the password of the vault in the file .vault_password (Carefull not to commit it!!!)

SSH key whith passphrase

To avoid entering the passphrase of the ssh key for each host, we have to use an ssh-agent. The ssh-agent with xonsh does not really works, so in my case I have to use ansible and the agent inside a sh process:

eval `ssh-agent -s`
ansible all -m ping # or whatever you want to do with ansible

Vault managment

To use multiple vaults with multiple password, we use vault id. The mapping vault-id@password-file is done in ansible.cfg under [defaults] in vault_identity_list: vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password

To create a new vault with an id and password registered in ansible.cfg: ansible-vault create --encrypt-vault-id user_vault group_vars/all/user_vault

User managment

The user managment role allows to manage user.

Especially, it generate the described users on each hosts.

The password are stored in the variables in there hash form. The script can give you the hash of a password.