summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--ansible.html.markdown63
1 files changed, 57 insertions, 6 deletions
diff --git a/ansible.html.markdown b/ansible.html.markdown
index 25a38283..cadf6301 100644
--- a/ansible.html.markdown
+++ b/ansible.html.markdown
@@ -1,4 +1,8 @@
-o--
+# JM inventory dynamic aws ec2
+# vault
+# roles
+
+---
category: tool
tool: ansible
contributors:
@@ -218,7 +222,7 @@ You should also know, that a nice way to pool some data is a **lookup**
You can use them in CLI too
```yaml
-ansible -m shell -a 'echo {{ my_variable }}` -e '{{ lookup('pipe'; 'date' }}"
+ansible -m shell -a 'echo {{ my_variable }}` -e '{{ lookup('pipe'; 'date' }}" localhost
```
@@ -235,16 +239,63 @@ Some static content
this line item is {{ item }}
{% endfor %}
```
+Jinja may have some limitations, but it is a powerfull tool that you might like.
-### ansible-vault
-
-### inventory
+#### Jinja2 CLI
+You can use the jinja in the CLI too
+```bash
+ansible -m shell -a 'echo {{ my_variable }}` -e 'my_variable=something, playbook_parameter=twentytwo" localhost
+```
-### dynamic inventory
### Jinja2 and templates
jinja filters
+
+#### ansible-vault
+To maintain **ifrastructure as a code** you need to store secrets.
+ Ansible provides a way to encrypt the poufne files so you can store it in the repository, yet the files are decrypted in-fly during ansible execution.
+
+The best way to use the **ansible-vault** is to store the secret in some secure location, and configure ansible to use during runtime.
+
+```bash
+$ echo some_very_very_long_secret > ~/.ssh/secure_located_file
+
+$ vi ansible.cfg
+ ansible_vault_password_file = ~/.ssh/secure_located_file
+
+#or to use env
+export ANSIBLE_VAULT_PASSWORD_FILE=~/.ssh/secure_located_file
+
+$ ansible-playbook playbooks/vault_example.yml
+
+ # decrypt the file
+$ ansible-vault encrypt path/somefile
+
+ # view the file
+$ ansible-vault view path/somefile
+
+ # check the file content:
+$ cat path/somefile
+
+ # decrypt the file
+$ ansible-vault decrypt path/somefile
+```
+
+#### dynamic inventory
+You might like to know, that you can build your inventory dynamically.
+
+(For Ansible) inventory is just a JSON with proper structure - if you can deliver that to ansible - anything is possible.
+
+You do not need to invent the wheel - there are plenty ready to use inventory script for most popular Cloud provicers and a lot of in-house popular usecaseses.
+
+```bash
+$ etc/inv/ec2.py --refresh
+
+$ ansible -m ping all -i etc/inv/ec2.py
+```
+
+
### ansible profiling - callback
### facts-cache and ansible-cmdb