Ansible galaxy and Ansible vault Flashcards

1
Q

Encrypt/decrypt existing file with ansible-vault

A

ansible-vault encrypt myfile

ansible-vault decrypt myfile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Create encrypted playbook

  1. Prompt for password and opens vi for editing playbook
  2. Use the existing password from other file and open vi for editing playbook
A
  1. ansible-vault create myplaybook.yml

2. ansible-vault create –vault-password-file=psfile myplaybook.yml

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

View encrypted file

Edit encrypted file

A

ansible-vault view myplaybook.yml

ansible-vault edit myplaybook.yml

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Change password for encrypted file

A

ansible-vault rekey myfile

You should provide od password for myfile first to set a new password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Run a playbook that accesses vault encrypted file

A

ansible-vault –vault-id @prompt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access pasword file while running playbook

A

ansible-vault –vault-password-file=psfile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Create playbook create-user.yml to create user

Module user should use username and password for new user set in encrypted file secret

A
  1. vim create-user.yml
    - name: create user
    hosts: localhost
    become: yes
    vars_files:
    • secret
      tasks:
    • name: creating user
      user:
      name: “{{ username }}”
      password: “{{ psw }}”
  2. ansible-vault create secret
    (enter password for secret file)
    usename: lisa
    psw: password
  3. ansible-playbook –ask-vault-pass create-user.yml
    when running playbook enter password for secret file
    or even better:
    ansible-playbook -i inventory create_user.yml –vault-id @prompt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Create playbook create-user.yml to create user

Use password stored in secret non-encrypted plain file while running playbook

A
  1. echo password>secret
  2. vim create-user.yml
    - name: create user
    hosts: localhost
    become: yes
    var_files:
    • secret
      tasks:
    • name: creating user
      user:
      name: “{{ username }}”
      password: “{{ psw }}”
  3. ansible-playbook –vault-password-file=secret create-user.yml
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Create password file pswd. (Keep this with permissions=600)
  2. Create file secure_file to be encrypted with phrase content of which is kept in pswd file
  3. Create playbook test.yml, so that content of secure_file will be added to new_file. Be sure that when running playbook with -v flag content of secure_file is not output to the screen
A
1. vim pswd
123
\:wq
2. vim secure_file
message: "Hello world"
\:wq
ansible-vault encrypt --vault-id content@prompt secure_file
ansible-vault edit --vault-id prod@pswd secure_file
3. vim test.yml
- hosts: localhost
  vars_files: secure_file
  tasks:
     - name: adding content to new_file
       shell: "echo {{message}} >new_file"
       no_log: true
\:wq
ansible-playbook test.yml --vault-id prod@pswd
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Encrypt string and paste this value as var value in playbook

A
  • hosts: labservers
    become: yes
    vars:
    - http_port: 8080
    - http_dir: /var/webcontent
    tasks:

    1. ansible-vault encrypt_string –ask-vault-pass ‘8080’ –name ‘http_port’
    2. set pass
    3. paste ouput for encrypted value into playbook as a value for http_port variable instead of 8080
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Default locations of Ansible Roles

A

./roles in current project dir
~/.ansible/roles
/etc/ansible/roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Install several roles from ansible galaxy

A
  1. create requirements.yml file in ~/.ansible/roles
    • src: file:///my/path/tar.gz
    • src: geerlingguy.nginx
      version: 2.3
      name: nginx
    • src: geerlinguy.docker
  2. Install roles
    ansible-galaxy install -r ~/.ansible/roles/requirements.yml
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Creating custome roles

A

ansible-galaxy init role_name

Keep in mind location of role_name dir

How well did you know this?
1
Not at all
2
3
4
5
Perfectly