Information is power, and keeping power in the proper hands is important for every system administrator. One method of doing it is by encrypting files that have sensitive information, like passwords, in them. This is especially important when doing something like using `git` to keep playbooks managed. This lab will help practice doing this and working with Ansible.
Successfully complete this lab by achieving the following learning objectives:
- Write the Playbook to be Encrypted
Note: Please wait an extra minute after the lab starts to make sure all the resources for the lab are ready.
dba-pass.yml, should look similar to this once we’re done editing it:
--- - name: Deploy DBA password file hosts: dbservers become: yes tasks: - name: Create and pgapass file lineinfile: line: 'LinuxAcad' create: yes owner: dba group: dba mode: 0600 path: /home/dba/.pgpass
- Encrypt the Playbook
To encrypt the playbook, we’l run this:
ansible-vault encrypt dba-pass.yml
Give a password, then confirm that password, and do not forget that password.
Now if we try to read that file (cat
dba-pass.yml) we’ll get a bunch of useless numbers across the screen.
- Run the Encrypted Playbook
To run this encrypted playbook, we’ll use this command:
ansible-playbook --ask-vault-pass dba-pass.yml
Once we supply the vault password, Ansible will run the playbook just like it would any other.