API tools faq
paste
Guest User

Untitled

a guest
Aug 7th, 2018
308
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.13 KB | None | 0 0
raw download clone embed print report
  1. # Prerequisites
  2.  
  3. pip install cryptography
  4.  
  5. # Create the file
  6. The `EDITOR` const is optional, but I use to show how to force the use of
  7. an editor instead of another.
  8.  
  9. Before creating the vault you will be prompted 2 times for the password.
  10.  
  11. cd <where you will have the main yml playbook/role file>
  12. EDITOR=nano ansible-vault create vars/main.yml
  13.  
  14. # Example of the `vars/main.yml` file
  15.  
  16. This folders and the related file must be created under the root of the ansible project; so the `vars` folder must be in the same level of the playbook, or of the `roles` folder
  17.  
  18. --
  19. desktop_username="mymailisnotdifferent@yahoo.it"
  20. desktop_password="0hMyGoat!"
  21.  
  22. > Warning ! Copy/Pasting from previous snippet could bring the wrong quotes !! Manually check that you are using the standard double quote char and _not the typographic" version;_.
  23.  
  24. Usin `nano`, you must `Ctrl-O` + `Ctrl+X` to save; using `vi` you must write `:wq` aftter pressing `ESC` key.
  25. _The file will be automatically crypted when you end_
  26.  
  27. # Show the _encrypted_ content of the vault
  28.  
  29. cat ./vars/main.yml
  30.  
  31. This command show the file _in the actual crypted version_, for example:
  32.  
  33. $ansible_vault;1.1;aes256
  34. 35353531656635363966396361396632626435623935363337346438646534303735336633663966
  35. 6433313635306336643366346265323332393931313364300a313939306666396531303763313135
  36. 32323339333432653137623833333636383437303138316565363037336463393933386663353831
  37. 6633616530303535610a323130393462366430353263303733653961376333653435626263353533
  38. 30623535353932306233313963626339633561343865333337343064316635303962383730633763
  39. 39393331656436386538323065366464336261343961396135363561373935356136336166613535
  40. 31636561643462663461393261316663363431303439393036343861313332393165346538383262
  41. 34393138316162396361
  42.  
  43. # Show the _decrypted_ content of the vault
  44.  
  45. The following command shows you the file content, after you succesfully entered the password. _This command do not alter the file, it will remain encrypted_
  46.  
  47. ansible view ./vars/main.yml
  48.  
  49. For example ...
  50.  
  51. --
  52. desktop_username=”mymailisnotdifferent@yahoo.it”
  53. desktop_password=”0hMyGoat!”
  54.  
  55. # Example of how to use the vault's vars in a playbook
  56.  
  57. tasks:
  58. - name: 'Include some additional variables'
  59. tags: 'debug'
  60. include_vars: main.yml
  61. win_get_url:
  62. username: "{{ desktop_username }}"
  63. password: "{{ desktop_password }}"
  64. ....
  65.  
  66. **Please Note:** `include_vars` must be used on the task level; also the `include_vars` is assuming the existence of the folder `vars`at the same level of the playbook, and that the `main.yml` file is inside of it.
  67.  
  68. # Avoid to enter password every time
  69.  
  70. Create a plain text password file, but _please keep it deleted, ignored via .gitignore, and away from customer's or coworkers' eyes_.
  71.  
  72. See the directive `DEFAULT_VAULT_PASSWORD_FILE` in the `/etc/ansible/ansible.cfg`, actually is at row 130, but obiously this row number will change.
  73.  
  74. vault_password_file = /home/realtebo/.password
  75.  
  76. So you can run
  77.  
  78. ansible-playbook <host_pattern> <playbook_file.yml>
  79.  
  80. without entering the password at all!
  81.  
  82. :)
  83.  
  84. Comments are very appreciated!
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!