Separate vault passwords from the playbooks, fix ansibleupdate cronjob
Again
This commit is contained in:
parent
b54f52b47b
commit
4b4e0c81cb
@ -6,4 +6,3 @@ ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no
|
|||||||
host_key_checking = false
|
host_key_checking = false
|
||||||
deprecation_warnings = false
|
deprecation_warnings = false
|
||||||
ask_become_pass = true
|
ask_become_pass = true
|
||||||
ask_vault_pass = true
|
|
||||||
|
10
ec2-deploy.sh
Executable file
10
ec2-deploy.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# deploy.sh
|
||||||
|
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
||||||
|
#
|
||||||
|
# Distributed under terms of the MIT license.
|
||||||
|
#
|
||||||
|
|
||||||
|
ansible-playbook ec2.yml --ask-vault-pass
|
||||||
|
|
10
localhost-deploy.sh
Executable file
10
localhost-deploy.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# deploy.sh
|
||||||
|
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
||||||
|
#
|
||||||
|
# Distributed under terms of the MIT license.
|
||||||
|
#
|
||||||
|
|
||||||
|
ansible-playbook localhost.yml --ask-vault-pass
|
||||||
|
|
0
localhost.yml
Executable file → Normal file
0
localhost.yml
Executable file → Normal file
6
roles/ansiblehost/files/ansiblevaultpass
Normal file
6
roles/ansiblehost/files/ansiblevaultpass
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31383561303637303735386663306631333063623336643030643634333262336664363461613239
|
||||||
|
6230623439393465656161663432393732633662383833640a373433343236353835363130653937
|
||||||
|
31346233663237383666306536633962613534623735366531666561656335393964316230633161
|
||||||
|
3930636537313364380a376432363431346636363565383734613638316161643036623636656532
|
||||||
|
66333038393738663464343534633766643734393165626538633962376161376262
|
@ -39,6 +39,11 @@
|
|||||||
src: ansiblekey
|
src: ansiblekey
|
||||||
dest: ~/.ssh/ansible
|
dest: ~/.ssh/ansible
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
- name: Copy Ansible password file
|
||||||
|
copy:
|
||||||
|
src: ansiblevaultpass
|
||||||
|
dest: /root/ansiblevaultpass
|
||||||
|
mode: "0600"
|
||||||
- name: Create system copy of Ansible repo
|
- name: Create system copy of Ansible repo
|
||||||
git:
|
git:
|
||||||
force: true
|
force: true
|
||||||
@ -49,5 +54,5 @@
|
|||||||
minute: "0"
|
minute: "0"
|
||||||
hour: "*/12"
|
hour: "*/12"
|
||||||
name: ansible-pull
|
name: ansible-pull
|
||||||
job: "cd /opt/ansible-repo && /usr/local/bin/ansible-playbook ec2.yml > /var/log/ansible-pull.log 2>&1"
|
job: "cd /opt/ansible-repo && /usr/local/bin/ansible-playbook ec2.yml --vault-password-file /root/ansiblevaultpass > /var/log/ansible-pull.log 2>&1"
|
||||||
become: true
|
become: true
|
||||||
|
Loading…
Reference in New Issue
Block a user