Please provide the procedure on how to add ssh-agent and ssh keys to the client with reference to Ansible control machine. My research on this task is not productive. - Thanks, Lorenzo
On Tuesday, August 8, 2017 at 7:44:13 AM UTC-10, Adrian Likins wrote: > > I tried to use the vault by creating a .vault_pass file with its content >> ansible_ssh_pass=value of root password, and then ran ansible-playbook >> CreateTestfile.yml --vault-password-file /root/.vault_pass, but I got this >> following error message: >> Attempted to read "/etc/ansible/hosts" as ini file: >> /etc/ansible/hosts:16: Expected key=value host variable assignment, got: >> ansible_ssh_pass >> > > To clarify some terms: > > 'vault password': A password used by vault to encrypt/decrypt content. > 'passwords stored in vault': A password for something like a user auth or > ssh private keys, that is stored in a vault (encrypted with ansible-vault > and a vault password) > > --vault-password-file is for reading a 'vault password' from a file. ie, a > password used by vault > for decrypting/encrypting. > > ansible_ssh_pass would need to be populated from a variable in a vault > encrypted vars file (or inventory file) for that example. > > > But that is the wrong approach. > > The right approach is: > > > > *Use ssh keys and ssh-agent instead of trying to store the password in > ansible. * > A working key based ssh and ssh-agent setup is a prerequisite for > practical ansible use. > > > > On Wed, Aug 2, 2017 at 4:50 PM, Lorenzo Farinas <farinas...@gmail.com > <javascript:>> wrote: > >> Daniel, >> >> This is the configuration I have for this server that belongs to the >> apacheservers group that worked, with the root password explicitly entered >> in the ansible_ssh_pass parameter. >> [apacheservers] >> TestRHEL73tr1 ansible_host=XX.X.XX.XXX ansible_port=22 >> ansible_user=root ansible_ssh_pass= >> >> I tried to use the vault by creating a .vault_pass file with its content >> ansible_ssh_pass=value of root password, and then ran ansible-playbook >> CreateTestfile.yml --vault-password-file /root/.vault_pass, but I got this >> following error message: >> Attempted to read "/etc/ansible/hosts" as ini file: >> /etc/ansible/hosts:16: Expected key=value host variable assignment, got: >> ansible_ssh_pass >> >> Please help on how to properly use the vault concept in securing ansible >> playbook run. >> >> Thanks, >> Lorenzo >> >> On Saturday, July 29, 2017 at 7:44:54 AM UTC-10, Daniel JD wrote: >> >>> Also check out Ansible- Vault for more security. >>> >>> http://docs.ansible.com/ansible/latest/playbooks_vault.html >>> >>> >>> >>> Am Samstag, 29. Juli 2017 00:58:45 UTC+2 schrieb Lorenzo Farinas: >>>> >>>> I successfully created and tested some Ansible playbooks, that's when >>>> ansible_ssh_pass parameter value is the actual password of the >>>> ansible_user >>>> for the involved server specified in a group in the /etc/ansible/hosts >>>> file. >>>> But when the ansible_ssh_pass parameter was replaced with its salt >>>> encrypt value for security reasons, the playbook run would fail with the >>>> server Unreachable. Please advise. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible-proje...@googlegroups.com <javascript:>. >> To post to this group, send email to ansible...@googlegroups.com >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/dced7a6e-9ef1-45dc-b56b-7cb010539770%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/dced7a6e-9ef1-45dc-b56b-7cb010539770%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/59b211b8-5dee-4410-a93f-c06dc64cd54c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
