User Tools
сервис_ansible
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_ansible [2026/02/08 09:43] val [Роль OpenVPN сервера] |
сервис_ansible [2026/03/02 13:18] (current) val [Ansible и Hashicorp Vault] |
||
|---|---|---|---|
| Line 754: | Line 754: | ||
| ~/openvpn1# ansible-vault view openvpn1/files/server.key | ~/openvpn1# ansible-vault view openvpn1/files/server.key | ||
| - | ~/openvpn1# ansible-vault encrypt_string strongpassword | + | ~/openvpn1# ###ansible-vault decrypt openvpn1/files/server.key |
| + | |||
| + | |||
| + | ~/openvpn1# less inventory.yaml | ||
| + | |||
| + | ~/openvpn1# ansible-vault encrypt_string strongpassword #или 123 | ||
| </code><code> | </code><code> | ||
| New vault password (default): 12345678 | New vault password (default): 12345678 | ||
| Line 797: | Line 802: | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | vault_url: http://server.corp13.un:8200 | + | vault_url: http://server.corpX.un:8200 |
| vault_token: hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU | vault_token: hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU | ||
| - | vault_secret: kv/ansible/openvpn1 | + | vault_secret: secret/data/ansible/openvpn1 |
| - | openvpn1_arr: "{{ lookup('community.hashi_vault.hashi_vault', 'secret={{ vault_secret }} token={{ vault_token }} url={{ vault_url }} validate_certs=False') }}" | + | #openvpn1_arr: "{{ lookup('community.hashi_vault.hashi_vault', 'secret={{ vault_secret }} token={{ vault_token }} url={{ vault_url }} validate_certs=False') }}" |
| + | openvpn1_arr: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=' ~ vault_secret ~ ' token=' ~ vault_token ~ ' url=' ~ vault_url ~ ' validate_certs=False') }}" | ||
| ansible_ssh_user: "{{ openvpn1_arr.username }}" | ansible_ssh_user: "{{ openvpn1_arr.username }}" | ||
| ansible_ssh_pass: "{{ openvpn1_arr.password }}" | ansible_ssh_pass: "{{ openvpn1_arr.password }}" | ||
| + | #ansible_sudo_pass: "{{ openvpn1_arr.password }}" | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| Line 817: | Line 824: | ||
| # ansible-galaxy collection list | grep sops | # ansible-galaxy collection list | grep sops | ||
| community.sops 1.6.2 | community.sops 1.6.2 | ||
| - | |||
| - | ~/openvpn1# sops encrypt openvpn1/files/server.key -i | ||
| ~/openvpn1# cat openvpn1/tasks/main.yml | ~/openvpn1# cat openvpn1/tasks/main.yml | ||
| Line 828: | Line 833: | ||
| ... | ... | ||
| - | ~/openvpn1# sops exec-file --no-fifo inventory.yaml 'ansible-playbook openvpn1.yaml -i {}' | + | ~/openvpn1# sops exec-file --no-fifo inventory.yaml 'ansible-playbook openvpn1.yaml -i {} -e "variable_host=test_nodes"' |
| </code> | </code> | ||
| ==== Фрагмент роли с условиями и отладкой ==== | ==== Фрагмент роли с условиями и отладкой ==== | ||
сервис_ansible.1770532990.txt.gz · Last modified: 2026/02/08 09:43 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
