| group_vars/all | ||
| roles | ||
| .gitignore | ||
| ansible.cfg | ||
| base.yml | ||
| dns.yml | ||
| gitea.yml | ||
| hosts | ||
| keycloak.yml | ||
| LICENSE | ||
| README.md | ||
| users.yml | ||
| web_services.yml | ||
ansible
The ansible files for the pains-perdus infra.
Deploy a playbook
ansible-playbook playbook.yml
Add --check to do a dry run
Edit the vault
ansible-vault edit group_vars/all/vault
with the edditor defined in the env varible $EDITOR and the password of the vault in the file .vault_password (Carefull not to commit it!!!)
SSH key whith passphrase
To avoid entering the passphrase of the ssh key for each host, we have to use an ssh-agent. The ssh-agent with xonsh does not really works, so in my case I have to use ansible and the agent inside a sh process:
sh
eval `ssh-agent -s`
ssh-add
ansible all -m ping # or whatever you want to do with ansible
exit
Vault managment
To use multiple vaults with multiple password, we use vault id.
The mapping vault-id@password-file is done in ansible.cfg under [defaults] in vault_identity_list:
vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password
To create a new vault with an id and password registered in ansible.cfg:
ansible-vault create --encrypt-vault-id user_vault group_vars/all/user_vault