Last change
on this file since 14790 was
14773,
checked in by uli, 7 years ago
|
Tell about ansible-vault in README.
Just encrypted all sensitive ansible files on my
laptop and could ping all hosts nevertheless.
Tell, how I did it.
|
File size:
954 bytes
|
Rev | Line | |
---|
[14752] | 1 | host_vars |
---|
| 2 | |
---|
| 3 | This directory serves for per-host configuration values, especially passwords. |
---|
| 4 | |
---|
| 5 | To set host-specific vars create a file with the same name as the host is |
---|
| 6 | called in the ``hosts`` file and in this file write the options as you would |
---|
| 7 | normally in the ``hosts`` file. For instance:: |
---|
| 8 | |
---|
| 9 | # file "h1.example.org" |
---|
[14773] | 10 | --- |
---|
[14752] | 11 | ansible_sudo_pass: my-secret-sudo-password |
---|
| 12 | ansible_user: foo |
---|
| 13 | |
---|
| 14 | You can (and should) encrypt these files with `ansible-vault`:: |
---|
| 15 | |
---|
| 16 | $ ansible-vault create h1.example.org |
---|
| 17 | <edit-file, add content as above> |
---|
| 18 | |
---|
[14773] | 19 | or, if the file exists already, yet unencrypted:: |
---|
| 20 | |
---|
| 21 | $ ansible-vault encrypt h1.example.com |
---|
| 22 | |
---|
| 23 | and later, when running ansible you can add ``--ask-vault-pass`` option to decrypt |
---|
[14752] | 24 | the config files. In that case make sure to use the same password for all vault |
---|
[14773] | 25 | files (or encrypt all files at once with the same password). |
---|
[14752] | 26 | |
---|
| 27 | This very file serves as a placeholder in case this whole repo is going to |
---|
| 28 | `git` somewhen. |
---|
Note: See
TracBrowser for help on using the repository browser.