Differences

This shows you the differences between two versions of the page.

--- сервис_ansible [2026/01/14 15:38]
val [Ansible и Hashicorp Vault]
+++ сервис_ansible [2026/02/08 09:43] (current)
val [Роль OpenVPN сервера]
@@ Line 666: / Line 666: @@
   copy:
     src: server.key
+    #content: "{{ lookup('community.sops.sops', 'server.key') }}"
     dest: /etc/ssl/private/server.key
     mode: '0600'
@@ Line 699: / Line 700: @@
   vars:
     X: "{{ ansible_eth1.ipv4.address.split('.')[2] }}"
+    #ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
     ansible_ssh_user: vagrant
     ansible_ssh_pass: strongpassword
@@ Line 795: / Line 797: @@
 </code><code>
 ...
-    vault_url: http://127.0.0.1:8200
+    vault_url: http://server.corp13.un:8200
     vault_token: hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU
-    vault_secret: ansible/projects/openvpn1
+    vault_secret: kv/ansible/openvpn1
     openvpn1_arr: "{{ lookup('community.hashi_vault.hashi_vault', 'secret={{ vault_secret }} token={{ vault_token }} url={{ vault_url }} validate_certs=False') }}"
     ansible_ssh_user: "{{ openvpn1_arr.username }}"
@@ Line 804: / Line 806: @@
 </code><code>
 ~/openvpn1# ansible-playbook openvpn1.yaml -i inventory3.yaml -e "variable_host=test_nodes"
+</code>
+==== Ansible и SOPS ====
+  * [[https://galaxy.ansible.com/ui/repo/published/community/sops/|galaxy.ansible community.sops]]
+  * [[Mozilla Sops]]
+<code>
+# ansible-galaxy collection list | grep sops
+community.sops                1.6.2
+~/openvpn1# sops encrypt openvpn1/files/server.key -i
+~/openvpn1# cat openvpn1/tasks/main.yml
+...
+- name: Copy file server.key
+  copy:
+    #src: server.key
+    content: "{{ lookup('community.sops.sops', 'server.key') }}"
+...
+~/openvpn1# sops exec-file --no-fifo inventory.yaml 'ansible-playbook openvpn1.yaml -i {}'
 </code>
 ==== Фрагмент роли с условиями и отладкой ====

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools