e2f64666f6
|
3 years ago | |
|---|---|---|
| group_vars/all | 3 years ago | |
| roles | 3 years ago | |
| .gitignore | 3 years ago | |
| LICENSE | 4 years ago | |
| README.md | 3 years ago | |
| ansible.cfg | 3 years ago | |
| base.yml | 4 years ago | |
| dns.yml | 3 years ago | |
| gitea.yml | 3 years ago | |
| hosts | 3 years ago | |
| keycloak.yml | 3 years ago | |
| users.yml | 3 years ago | |
| web_services.yml | 3 years ago | |
README.md
ansible
The ansible files for the pains-perdus infra.
Deploy a playbook
ansible-playbook playbook.yml
Add --check to do a dry run
Edit the vault
ansible-vault edit group_vars/all/vault
with the edditor defined in the env varible $EDITOR and the password of the vault in the file .vault_password (Carefull not to commit it!!!)
SSH key whith passphrase
To avoid entering the passphrase of the ssh key for each host, we have to use an ssh-agent. The ssh-agent with xonsh does not really works, so in my case I have to use ansible and the agent inside a sh process:
sh
eval `ssh-agent -s`
ssh-add
ansible all -m ping # or whatever you want to do with ansible
exit
Vault managment
To use multiple vaults with multiple password, we use vault id.
The mapping vault-id@password-file is done in ansible.cfg under [defaults] in vault_identity_list:
vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password
To create a new vault with an id and password registered in ansible.cfg:
ansible-vault create --encrypt-vault-id user_vault group_vars/all/user_vault