filmov
tv
Working with Confidential Data in Ansible
Показать описание
Introduction
This video goes over how you can use the ansible-vault command to encrypt sensitive files within a vault file and also how to work with those vault files in an Ansible playbook. The exercise assumes basic proficiency with several common ansible modules and general ansible playbook use.
Solution
Log in to the Ansible Control Node via SSH:
Switch to the ansible account (same password as the control node):
su ansible
Encrypt /home/ansible/secret
Encrypt the file:
ansible-vault encrypt /home/ansible/secret
Give it an easy-to-remember new password, since we'll need it again later.
Create a Vault Password File
Configure a vault password file named /home/ansible/vault to be used to run the Ansible playbook (replacing YOUR VAULT PASSWORD with the one you just created):
echo 'YOUR VAULT PASSWORD' **/home/ansible/vault
** Single arrow pointing towards home
Run the Playbook
Verify the Secure Page Deployed Correctly
In the terminal, enter:
When prompted for the password, enter james.
---
- hosts: webservers
become: yes
vars_files:
- /home/ansible/secret
tasks:
- name: install apache
yum: name=httpd state=latest
- name: configure httpd as necessary
template:
- name: create secure directory
file: state=directory path=/var/www/html/secure mode=0755
- name: deploy htaccess file
template:
src: /home/ansible/assets/htaccess.j2
dest: /var/www/html/secure/.htaccess
- name: make sure passlib is installed for htpasswd module
yum: name=python-passlib state=latest
- name: create users for basic auth
htpasswd:
path: /var/www/html/secure/.passwdfile
name: "{{ secure_user }}"
password: "{{ secure_password }}"
crypt_scheme: md5_crypt
- name: start and enable apache
service: name=httpd state=started enabled=yes
- name: install secure files
copy:
This video goes over how you can use the ansible-vault command to encrypt sensitive files within a vault file and also how to work with those vault files in an Ansible playbook. The exercise assumes basic proficiency with several common ansible modules and general ansible playbook use.
Solution
Log in to the Ansible Control Node via SSH:
Switch to the ansible account (same password as the control node):
su ansible
Encrypt /home/ansible/secret
Encrypt the file:
ansible-vault encrypt /home/ansible/secret
Give it an easy-to-remember new password, since we'll need it again later.
Create a Vault Password File
Configure a vault password file named /home/ansible/vault to be used to run the Ansible playbook (replacing YOUR VAULT PASSWORD with the one you just created):
echo 'YOUR VAULT PASSWORD' **/home/ansible/vault
** Single arrow pointing towards home
Run the Playbook
Verify the Secure Page Deployed Correctly
In the terminal, enter:
When prompted for the password, enter james.
---
- hosts: webservers
become: yes
vars_files:
- /home/ansible/secret
tasks:
- name: install apache
yum: name=httpd state=latest
- name: configure httpd as necessary
template:
- name: create secure directory
file: state=directory path=/var/www/html/secure mode=0755
- name: deploy htaccess file
template:
src: /home/ansible/assets/htaccess.j2
dest: /var/www/html/secure/.htaccess
- name: make sure passlib is installed for htpasswd module
yum: name=python-passlib state=latest
- name: create users for basic auth
htpasswd:
path: /var/www/html/secure/.passwdfile
name: "{{ secure_user }}"
password: "{{ secure_password }}"
crypt_scheme: md5_crypt
- name: start and enable apache
service: name=httpd state=started enabled=yes
- name: install secure files
copy:
0:01:51
0:04:00
0:06:47
0:04:51
0:08:10
0:10:37
0:33:28
0:03:05
0:05:17
0:40:01
0:04:18
0:01:27
0:01:08
0:04:44
0:08:46
0:08:52
0:48:46
0:08:22
0:16:08
0:00:58
0:19:17
0:01:25
0:00:47
0:00:14