source: main/waeup-ansible/host_vars/README.txt @ 16593

Last change on this file since 16593 was 14773, checked in by uli, 7 years ago

Tell about ansible-vault in README.

Just encrypted all sensitive ansible files on my
laptop and could ping all hosts nevertheless.

Tell, how I did it.

File size: 954 bytes
RevLine 
[14752]1host_vars
2
3This directory serves for per-host configuration values, especially passwords.
4
5To set host-specific vars create  a file with the same name as the host is
6called in the ``hosts`` file and in this file write the options as you would
7normally in the ``hosts`` file. For instance::
8
9    # file "h1.example.org"
[14773]10    ---
[14752]11    ansible_sudo_pass: my-secret-sudo-password
12    ansible_user: foo
13
14You can (and should) encrypt these files with `ansible-vault`::
15
16    $ ansible-vault create h1.example.org
17    <edit-file, add content as above>
18
[14773]19or, if the file exists already, yet unencrypted::
20
21    $ ansible-vault encrypt h1.example.com
22
23and later, when running ansible you can add ``--ask-vault-pass`` option to decrypt
[14752]24the config files. In that case make sure to use the same password for all vault
[14773]25files (or encrypt all files at once with the same password).
[14752]26
27This very file serves as a placeholder in case this whole repo is going to
28`git` somewhen.
Note: See TracBrowser for help on using the repository browser.