Last change
on this file since 14790 was
14773,
checked in by uli, 7 years ago
|
Tell about ansible-vault in README.
Just encrypted all sensitive ansible files on my
laptop and could ping all hosts nevertheless.
Tell, how I did it.
|
File size:
954 bytes
|
Line | |
---|
1 | host_vars |
---|
2 | |
---|
3 | This directory serves for per-host configuration values, especially passwords. |
---|
4 | |
---|
5 | To set host-specific vars create a file with the same name as the host is |
---|
6 | called in the ``hosts`` file and in this file write the options as you would |
---|
7 | normally in the ``hosts`` file. For instance:: |
---|
8 | |
---|
9 | # file "h1.example.org" |
---|
10 | --- |
---|
11 | ansible_sudo_pass: my-secret-sudo-password |
---|
12 | ansible_user: foo |
---|
13 | |
---|
14 | You can (and should) encrypt these files with `ansible-vault`:: |
---|
15 | |
---|
16 | $ ansible-vault create h1.example.org |
---|
17 | <edit-file, add content as above> |
---|
18 | |
---|
19 | or, if the file exists already, yet unencrypted:: |
---|
20 | |
---|
21 | $ ansible-vault encrypt h1.example.com |
---|
22 | |
---|
23 | and later, when running ansible you can add ``--ask-vault-pass`` option to decrypt |
---|
24 | the config files. In that case make sure to use the same password for all vault |
---|
25 | files (or encrypt all files at once with the same password). |
---|
26 | |
---|
27 | This very file serves as a placeholder in case this whole repo is going to |
---|
28 | `git` somewhen. |
---|
Note: See
TracBrowser for help on using the repository browser.