vault

84fe227d · Ing. Matej Madeja · 9404318e · 84fe227d · 84fe227d · 84fe227d
Commit 84fe227d authored Jun 16, 2020 by Ing. Matej Madeja
--- a/003 vault/.vault_pass
+++ b/003 vault/.vault_pass
+test
--- a/003 vault/ansible.cfg
+++ b/003 vault/ansible.cfg
+[defaults]
+
+inventory = ./hosts
+vault_password_file = .vault_pass
\ No newline at end of file
--- a/003 vault/common.yml
+++ b/003 vault/common.yml
+---
+- name: "Install base pkg"
+  hosts: 
+    - devices
+  
+
+  vars:
+    companyBg: "company-bg.jpg"
+    servers:
+      - galaxy
+      - vulcan
+      - ameros
+
+  vars_files:
+    - vars.yml
+
+  tasks:
+    - name: "Print var"
+      debug:
+        var: moja_premenna
+
+    - name: "Template"
+      template:
+        src: template.j2
+        dest: "/tmp/{{ item }}.txt"
+      with_items: "{{ servers }}"
+      tags: 
+        - temp
+
+    - name: "Install packages"
+      become: yes
+      apt:
+        pkg:
+          - htop
+          - vim
+          - kazam
+          - filezilla
+          - bluefish
+          - software-properties-common
+      tags: packages
+
+    - name: "Add ppa:ondrej/php repo"
+      become: yes
+      apt_repository:
+        repo: "ppa:ondrej/php"
+      tags: packages
+
+    - name: "Install php 7.3"
+      become: yes
+      apt:
+        name: php7.3
+      tags: packages
+
+    - name: Download
+      get_url:
+        url: https://cdn.wallpapersafari.com/55/73/ghY4rc.jpg
+        dest: "{{ ansible_user_dir }}/Pictures/{{ companyBg }}"
+      tags:
+        - bg
+
+
+
--- a/003 vault/hosts
+++ b/003 vault/hosts
+[devices]
+device1		ansible_port=10022 ansible_host=127.0.0.1 ansible_user=vagrant ansible_become_pass='{{ mojeheslo }}'
+
+[locals]
+# localhost	ansible_user=matt ansible_connection=local
\ No newline at end of file
--- a/003 vault/passwds.yml
+++ b/003 vault/passwds.yml
+$ANSIBLE_VAULT;1.1;AES256
+37643964383733333263653862363135636465336563663666356630373232643232343531313135
+3062653364323632386138393436656432363761313931620a393366313339616332373935313239
+63333265383938323661323833353265656637653665613864643832353736323132336236396230
+6163336163393737620a313335326465626638313630613639396238333633316530613466393661
+32396434303066386639343065303338376632643232653663666464643638663962
--- a/003 vault/readme.md
+++ b/003 vault/readme.md
+Add to invertory file `ansible_become_pass='{{ sudo_pass }}'` for a node.
+
+Then generate a new vault file.
+```
+ansible-vault create passwds.yml
+```
+
+Set the password to `test`. Content of the file will be following:
+```
+sudo_pass: my_big_secret
+```
+
+Run ansible reboot module and test the implementation.
+```
+ansible all -m reboot -b --ask-vault-pass --extra-vars '@passwds.yml'
+```
\ No newline at end of file
--- a/003 vault/template.j2
+++ b/003 vault/template.j2
+This is my name: {{ item }}
\ No newline at end of file
--- a/003 vault/vars.yml
+++ b/003 vault/vars.yml
+moja_premenna: "toto je test"
\ No newline at end of file