From 8a8958b46cafbfefaeac3d7aa816f37e0b4a679c Mon Sep 17 00:00:00 2001 From: nazunalika Date: Mon, 4 Jan 2021 13:19:24 -0700 Subject: [PATCH 1/3] ignoring vaults --- ansible/.gitignore | 4 ++++ ansible/playbooks/vars/vaults/README.md | 1 + 2 files changed, 5 insertions(+) create mode 100644 ansible/playbooks/vars/vaults/README.md diff --git a/ansible/.gitignore b/ansible/.gitignore index 7694a07..d5fa76b 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -9,3 +9,7 @@ roles/public/* #keep fodler holding ansible collections empty collections/* !README.md + +# Ignore all vaults +vars/vaults/* +!vars/vaults/README.md diff --git a/ansible/playbooks/vars/vaults/README.md b/ansible/playbooks/vars/vaults/README.md new file mode 100644 index 0000000..29ea259 --- /dev/null +++ b/ansible/playbooks/vars/vaults/README.md @@ -0,0 +1 @@ +All vaulted files go here. They are not available in this repo. From abbfcad9099c7e1d2913265e65ff4e7cfa5a65dc Mon Sep 17 00:00:00 2001 From: nazunalika Date: Mon, 4 Jan 2021 13:20:32 -0700 Subject: [PATCH 2/3] removing vaults --- ansible/playbooks/vars/vaults/encpass.yml | 27 ------------------- .../vars/vaults/rabbitmq_production.yml | 4 --- .../vars/vaults/rabbitmq_staging.yml | 4 --- 3 files changed, 35 deletions(-) delete mode 100644 ansible/playbooks/vars/vaults/encpass.yml delete mode 100644 ansible/playbooks/vars/vaults/rabbitmq_production.yml delete mode 100644 ansible/playbooks/vars/vaults/rabbitmq_staging.yml diff --git a/ansible/playbooks/vars/vaults/encpass.yml b/ansible/playbooks/vars/vaults/encpass.yml deleted file mode 100644 index be2f325..0000000 --- a/ansible/playbooks/vars/vaults/encpass.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# You must set this up using ansible-vault. Note that each var of a particular -# group (eg ipa) should have its own vault password separate from the rest. The -# passwords here should not be unlockable by one single password. It may be -# beneficial instead to split out the various passwords into separate vars -# files. -ipaadmin_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -ipadm_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -ipa_binder_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -ipsilon_db_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -koji_db_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -pubsub_federation_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -gitlab_db_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED diff --git a/ansible/playbooks/vars/vaults/rabbitmq_production.yml b/ansible/playbooks/vars/vaults/rabbitmq_production.yml deleted file mode 100644 index f59fec4..0000000 --- a/ansible/playbooks/vars/vaults/rabbitmq_production.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# This will need to be vaulted -rabbitmq_admin_password: ThisIsNotThePassword! -rabbitmq_cookie: "X4MYneML6Ppp+ajPuG/qdD64ZjdVT1OJF8XUG/o+" diff --git a/ansible/playbooks/vars/vaults/rabbitmq_staging.yml b/ansible/playbooks/vars/vaults/rabbitmq_staging.yml deleted file mode 100644 index f59fec4..0000000 --- a/ansible/playbooks/vars/vaults/rabbitmq_staging.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# This will need to be vaulted -rabbitmq_admin_password: ThisIsNotThePassword! -rabbitmq_cookie: "X4MYneML6Ppp+ajPuG/qdD64ZjdVT1OJF8XUG/o+" From 91caf03464ccfc30cd77038cc3cfe77779ed1f66 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Mon, 4 Jan 2021 13:25:16 -0700 Subject: [PATCH 3/3] fix gitignore for vaults --- ansible/.gitignore | 4 ++-- ansible/playbooks/vars/vaults/README.md | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ansible/.gitignore b/ansible/.gitignore index d5fa76b..4938ffd 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -11,5 +11,5 @@ collections/* !README.md # Ignore all vaults -vars/vaults/* -!vars/vaults/README.md +playbooks/vars/vaults/* +!playbooks/vars/vaults/README.md diff --git a/ansible/playbooks/vars/vaults/README.md b/ansible/playbooks/vars/vaults/README.md index 29ea259..6716581 100644 --- a/ansible/playbooks/vars/vaults/README.md +++ b/ansible/playbooks/vars/vaults/README.md @@ -1 +1,9 @@ All vaulted files go here. They are not available in this repo. + +The default vault files currently expected: + +``` +encpass.yml +rabbitmq_production.yml +rabbitmq_staging.yml +```