When creating a project, we start defining the infrastructure layout via two files:
We're going to describe the following setup:
inventory
fileroot:root
In [ ]:
cd /notebooks/exercise-01/
In [ ]:
# At first create a proper ssh key for the project
! rm id_ansible.pub id_ansible -rf
In [ ]:
! test -f id_ansible || ssh-keygen -q -t ecdsa -f id_ansible -N ''
In [ ]:
# Now a `secret` password ;) We'll reference this in ansible.cfg
!echo secret > .pin
In [ ]:
# then prepare a deployment descriptor referencing the .pin file
!cat ansible.cfg
In [ ]:
# And in the end, the inventory.
!cat inventory
Everything set up now.
Ping all hosts now, eventually adjusting ip ranges in then inventory.
In [ ]:
# Let's get an error: root_password is UNDEFINED.
!ansible -m ping all
In [ ]:
# A vault is just a yaml file containing a dictionary of secrets.
# We can put here as many information as we want, but for now
# just put the `root_password`.
!echo "root_password: root" > vault.yml
In [ ]:
# We need to encrypt it.
!ansible-vault encrypt vault.yml
In [ ]:
# And show the anatomy of the vault.
!cat vault.yml
In [ ]:
# Can we decrypt it?
!ansible-vault view vault.yml
In [ ]:
!ansible -m ping all -e@vault.yml
In [ ]:
# Write answers here
In [ ]:
!cat copy-key.yml
In [ ]:
!cat id_ansible.pub
In [ ]:
!ansible-playbook copy-key.yml
Comment out the ansible_password field in inventory
here
In [ ]:
# Running in debug mode we can see all ssh arguments injected via anisble. Discuss the DEBUG output
!sed -i 's/ansible_password/#ansible_password/' inventory
!ansible -vvv -m ping all
In [ ]:
# Use this cell for the exercise