|
Last change
on this file since 17497 was
14773,
checked in by uli, 7 years ago
|
|
Tell about ansible-vault in README.
Just encrypted all sensitive ansible files on my
laptop and could ping all hosts nevertheless.
Tell, how I did it.
|
|
File size:
954 bytes
|
| Line | |
|---|
| 1 | host_vars |
|---|
| 2 | |
|---|
| 3 | This directory serves for per-host configuration values, especially passwords. |
|---|
| 4 | |
|---|
| 5 | To set host-specific vars create a file with the same name as the host is |
|---|
| 6 | called in the ``hosts`` file and in this file write the options as you would |
|---|
| 7 | normally in the ``hosts`` file. For instance:: |
|---|
| 8 | |
|---|
| 9 | # file "h1.example.org" |
|---|
| 10 | --- |
|---|
| 11 | ansible_sudo_pass: my-secret-sudo-password |
|---|
| 12 | ansible_user: foo |
|---|
| 13 | |
|---|
| 14 | You can (and should) encrypt these files with `ansible-vault`:: |
|---|
| 15 | |
|---|
| 16 | $ ansible-vault create h1.example.org |
|---|
| 17 | <edit-file, add content as above> |
|---|
| 18 | |
|---|
| 19 | or, if the file exists already, yet unencrypted:: |
|---|
| 20 | |
|---|
| 21 | $ ansible-vault encrypt h1.example.com |
|---|
| 22 | |
|---|
| 23 | and later, when running ansible you can add ``--ask-vault-pass`` option to decrypt |
|---|
| 24 | the config files. In that case make sure to use the same password for all vault |
|---|
| 25 | files (or encrypt all files at once with the same password). |
|---|
| 26 | |
|---|
| 27 | This very file serves as a placeholder in case this whole repo is going to |
|---|
| 28 | `git` somewhen. |
|---|
Note: See
TracBrowser for help on using the repository browser.
