Good morning! To get the blood moving today we are going to improve an already existing playbook! This is what the playbook is SUPPOSED to do:
- Access the host
farnsworthusing SSH with password authentication - Create directories for a list of popular cartoon characters
STEP ONE. Reset your inventory and planetexpress hosts with our bash reset command.
student@bchd:~$ bash ~/px/scripts/full-setup.sh
STEP TWO. Remove the SSH password from farnsworth's inventory. Run the following command.
student@bchd:~/mycode$ wget -O ~/mycode/inv/dev/hosts https://raw.githubusercontent.com/csfeeser/ansible_essentials/main/data/hosts
STEP THREE. Confirm that farnsworth is no longer accessible with the following command.
student@bchd:~$ ansible farnsworth -m ping
farnsworth | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.10.2.6' (RSA) to the list of known hosts.\r\nfarnsworth@10.10.2.6: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
STEP FOUR. Paste the following playbook into vim.
---
- name: Create directories for popular cartoon characters on farnsworth
hosts: farnsworth
gather_facts: no
vars:
ansible_ssh_pass: alta3
cartoon_characters:
- MickeyMouse
- BugsBunny
- HomerSimpson
- SpongeBobSquarePants
- ScoobyDoo
tasks:
- name: Create directories for each cartoon character
file:
path: "{{ cartoon_characters.0 }}"
state: directory
- name: Create directories for each cartoon character
file:
path: "{{ cartoon_characters.1 }}"
state: directory
- name: Create directories for each cartoon character
file:
path: "{{ cartoon_characters.2 }}"
state: directory
- name: Create directories for each cartoon character
file:
path: "{{ cartoon_characters.3 }}"
state: directory
- name: Create directories for each cartoon character
file:
path: "{{ cartoon_characters.4 }}"
state: directory- Use
Lab 39. 💻 Complete Ansible Vaultto help you with this one. - Instead of having the variable
ansible_ssh_passdefining the passwordalta3as plain text in the playbook, encrypt it with Ansible Vault!The variable must be
ansible_ssh_pass, no variations. - Where you put the encrypted password is up to you! (
vars,vars_files)
- Reduce this playbook from five tasks to one by using a loop!
Click here for the solution!
NOTE: the following is just one way to secure the ansible_ssh_pass using Ansible Vault. You may have done it differently and that's ok!
-
Encrypt the SSH Password:
ansible-vault encrypt_string 'alta3' --name 'ansible_ssh_pass' --vault-id warmup@prompt > ~/mycode/vault.yml
- Choose whatever password you like to encrypt it.
- You can confirm it's done with
batcat ~/mycode/vault.yml. This will output something like:
ansible_ssh_pass: !vault | $ANSIBLE_VAULT;1.1;AES256 31346339326565636365623838623266336662663631393736396561633834333234323039303833 3864623231623433313334396633383133353533356237340a343837623537643532343331386465 62356430353834316339626666373234363835373264353963393735313462356366336238353934 3236663038643731640a313862623165396432353635663362313332336634373163383031366432 3061
-
Update the Playbook to Use the Encrypted Password:
--- - name: Create directories for popular cartoon characters on farnsworth hosts: farnsworth gather_facts: no vars: cartoon_characters: - MickeyMouse - BugsBunny - HomerSimpson - SpongeBobSquarePants - ScoobyDoo vars_files: # NEW - vault.yml # NEW tasks: - name: Create directories for each cartoon character file: path: "{{ item }}" # NEW state: directory loop: "{{ cartoon_characters }}" # NEW # delete the rest!