made vault file visible

This commit is contained in:
dcore94 2021-02-16 18:50:05 +01:00
parent dafb96637f
commit b2b321a7de
2 changed files with 17 additions and 14 deletions

29
run.sh
View File

@ -61,23 +61,24 @@ if [ ! -z "$ANSIBLE_HOSTS" ] ; then
fi fi
#echo "Find vault encrypted files if any" #echo "Find vault encrypted files if any"
if [ -d ./group_vars ] ; then #if [ -d ./group_vars ] ; then
VAULT_GROUP_FILES=$( find ./group_vars -name \*vault\* ) # VAULT_GROUP_FILES=$( find ./group_vars -name \*vault\* )
fi #fi
if [ -d ./host_vars ] ; then #if [ -d ./host_vars ] ; then
VAULT_HOST_FILES=$( find ./host_vars -name \*vault\* ) # VAULT_HOST_FILES=$( find ./host_vars -name \*vault\* )
fi #fi
if [ -n "$VAULT_GROUP_FILES" ] || [ -n "$VAULT_HOST_FILES" ] ; then #if [ -n "$VAULT_GROUP_FILES" ] || [ -n "$VAULT_HOST_FILES" ] ; then
# Vault requires a password. # Vault requires a password.
# To encrypt a password for a user: python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('<password>')" # To encrypt a password for a user: python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('<password>')"
if [ -f ~/.conductor_ansible_vault_pass.txt ] ; then # if [ -f ~/.conductor_ansible_vault_pass.txt ] ; then
PLAY_OPTS="$PLAY_OPTS --vault-password-file=~/.conductor_ansible_vault_pass.txt" # PLAY_OPTS="$PLAY_OPTS --vault-password-file=~/.conductor_ansible_vault_pass.txt"
else # else
echo "There are password protected encrypted files, we will ask for password before proceeding" # echo "There are password protected encrypted files, we will ask for password before proceeding"
PLAY_OPTS="$PLAY_OPTS --ask-vault-pass" # PLAY_OPTS="$PLAY_OPTS --ask-vault-pass"
fi # fi
fi #fi
PLAY_OPTS="$PLAY_OPTS --ask-vault-pass"
# Main # Main
ansible-playbook $PLAY_OPTS $MAIN $@ ansible-playbook $PLAY_OPTS $MAIN $@

View File

@ -1,5 +1,7 @@
--- ---
- hosts: prod_infra - hosts: prod_infra
vars_files:
- roles/external-postgres/defaults/vault_main.yaml
vars: vars:
cluster_check: true cluster_check: true
conductor_workers_server: http://conductor-server:8080/api conductor_workers_server: http://conductor-server:8080/api