Ansible galaxy and Ansible vault

Question 1

Encrypt/decrypt existing file with ansible-vault

Answer 1

ansible-vault encrypt myfile

ansible-vault decrypt myfile

Question 2

Create encrypted playbook

1. Prompt for password and opens vi for editing playbook
2. Use the existing password from other file and open vi for editing playbook

Answer 2

1. ansible-vault create myplaybook.yml

2. ansible-vault create –vault-password-file=psfile myplaybook.yml

Question 3

View encrypted file

Edit encrypted file

Answer 3

ansible-vault view myplaybook.yml

ansible-vault edit myplaybook.yml

Question 4

Change password for encrypted file

Answer 4

ansible-vault rekey myfile

You should provide od password for myfile first to set a new password

Question 5

Run a playbook that accesses vault encrypted file

Answer 5

ansible-vault –vault-id @prompt

Question 6

Access pasword file while running playbook

Answer 6

ansible-vault –vault-password-file=psfile

Question 7

Create playbook create-user.yml to create user

Module user should use username and password for new user set in encrypted file secret

Answer 7

1. vim create-user.yml
   - name: create user
   hosts: localhost
   become: yes
   vars_files:
   
   • secret
     tasks:
   • name: creating user
     user:
     name: “{{ username }}”
     password: “{{ psw }}”
2. ansible-vault create secret
   (enter password for secret file)
   usename: lisa
   psw: password
3. ansible-playbook –ask-vault-pass create-user.yml
   when running playbook enter password for secret file
   or even better:
   ansible-playbook -i inventory create_user.yml –vault-id @prompt

Question 8

Create playbook create-user.yml to create user

Use password stored in secret non-encrypted plain file while running playbook

Answer 8

1. echo password>secret
2. vim create-user.yml
   - name: create user
   hosts: localhost
   become: yes
   var_files:
   
   • secret
     tasks:
   • name: creating user
     user:
     name: “{{ username }}”
     password: “{{ psw }}”
3. ansible-playbook –vault-password-file=secret create-user.yml

Question 9

1. Create password file pswd. (Keep this with permissions=600)
2. Create file secure_file to be encrypted with phrase content of which is kept in pswd file
3. Create playbook test.yml, so that content of secure_file will be added to new_file. Be sure that when running playbook with -v flag content of secure_file is not output to the screen

Answer 9

1. vim pswd
123
\:wq
2. vim secure_file
message: "Hello world"
\:wq
ansible-vault encrypt --vault-id content@prompt secure_file
ansible-vault edit --vault-id prod@pswd secure_file
3. vim test.yml
- hosts: localhost
  vars_files: secure_file
  tasks:
     - name: adding content to new_file
       shell: "echo {{message}} >new_file"
       no_log: true
\:wq
ansible-playbook test.yml --vault-id prod@pswd

Question 10

Encrypt string and paste this value as var value in playbook

Answer 10

• hosts: labservers
  become: yes
  vars:
  - http_port: 8080
  - http_dir: /var/webcontent
  tasks:
  …
  1. ansible-vault encrypt_string –ask-vault-pass ‘8080’ –name ‘http_port’
  2. set pass
  3. paste ouput for encrypted value into playbook as a value for http_port variable instead of 8080

Question 11

Default locations of Ansible Roles

Answer 11

./roles in current project dir
~/.ansible/roles
/etc/ansible/roles

Question 12

Install several roles from ansible galaxy

Answer 12

1. create requirements.yml file in ~/.ansible/roles
2. • src: file:///my/path/tar.gz
   • src: geerlingguy.nginx
     version: 2.3
     name: nginx
   • src: geerlinguy.docker
3. Install roles
   ansible-galaxy install -r ~/.ansible/roles/requirements.yml

Question 13

Creating custome roles

Answer 13

ansible-galaxy init role_name

Keep in mind location of role_name dir