diff options
| author | Aaron LI <aly@aaronly.me> | 2018-03-14 12:04:11 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-14 12:05:38 +0800 |
| commit | 54f42f5948fa7837b5444109e65948b24e9aa81a (patch) | |
| tree | cb5dfe86be828cf233d93d7b4c96f1125fadc3c9 | |
| parent | f2124add28b5437945fed2700b810d5df2d90666 (diff) | |
| download | ansible-dfly-vps-54f42f5948fa7837b5444109e65948b24e9aa81a.tar.bz2 | |
vars: use ansible vault
Credit: https://docs.ansible.com/ansible/latest/playbooks_best_practices.html#best-practices-for-variables-and-vaults
| -rw-r--r-- | ansible.cfg | 5 | ||||
| -rw-r--r-- | group_vars/all | 5 | ||||
| -rw-r--r-- | group_vars/all/vars.yml | 10 | ||||
| -rw-r--r-- | group_vars/all/vault.yml | 8 | ||||
| -rw-r--r-- | host_vars/vultr | 2 |
5 files changed, 24 insertions, 6 deletions
diff --git a/ansible.cfg b/ansible.cfg index 38640db..1c0e15d 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -14,6 +14,11 @@ timeout = 30 # uncomment this to disable SSH key host checking #host_key_checking = False +# If set, configures the path to the Vault password file as an alternative +# to specifying --vault-password-file on the command line. +# e.g., dd if=/dev/random count=1 bs=32 | openssl base64 +vault_password_file = ./private/vault_pass + # don't like cows? that's unfortunate. # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 #nocows = 1 diff --git a/group_vars/all b/group_vars/all deleted file mode 100644 index 1fdd04a..0000000 --- a/group_vars/all +++ /dev/null @@ -1,5 +0,0 @@ ---- -deploy_user: ansible -ansible_ssh_private_key_file: private/ssh/ansible.key - -# vim: set ft=yaml sw=2: # diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml new file mode 100644 index 0000000..c8834f2 --- /dev/null +++ b/group_vars/all/vars.yml @@ -0,0 +1,10 @@ +--- +# NOTE: +# Ansible Best Practices - Variables and Vaults +# https://docs.ansible.com/ansible/latest/playbooks_best_practices.html#best-practices-for-variables-and-vaults + + +deploy_user: ansible +ansible_ssh_private_key_file: ./private/ssh/ansible.key + +# vim: set ft=yaml sw=2: # diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml new file mode 100644 index 0000000..47aceae --- /dev/null +++ b/group_vars/all/vault.yml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +36633265653732353166323733663635323362663563656236303463313731336436633363386631 +3031383935653637646134303162333431303266646433370a303133376536393261616239396464 +61306630333230303335383437643737633739306366653464623835646436616330396265316364 +6637663238323666320a383566646464633961323363616132326266343162646364623839616164 +33343763613535336464373361633862613032663738373534656162306232666161663666643832 +63396262336566303332643832373339353334656461373536383630393437313737343466393037 +373635323561386564336534623134663832 diff --git a/host_vars/vultr b/host_vars/vultr index 914a4d5..d123d1e 100644 --- a/host_vars/vultr +++ b/host_vars/vultr @@ -115,7 +115,7 @@ mail: shadowsocks: port: 8989 - password: "???" + password: "{{ vault_shadowsocks_password }}" method: "chacha20-ietf-poly1305" vpn: |