AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : import_vm_vdi_qcow2 note_ipfs generer_un_mot_de_passe supervision_-_sonde_nagios_-_memoire_linux chiffrer_un_fichier_avec_age_ou_rage draft-monter-un-serveur-sftp-ssh note_iso_cd_dvd_iso9660 systemd_service_script_en_boucle_infinie_respawn
tech:bonnes_pratiques_ansible_-_temp

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Prochaine révision		Révision précédente
tech:bonnes_pratiques_ansible_-_temp [2025/11/25 11:07] – créée Jean-Baptistetech:bonnes_pratiques_ansible_-_temp [2025/12/02 11:47] (Version actuelle) Jean-Baptiste
Ligne 4: Ligne 4:
 # Bonnes pratiques Ansible - temp # Bonnes pratiques Ansible - temp
  
 +Follow Consistent Naming: Use descriptive names for playbooks to indicate their purpose, e.g., deploy_app.yml
  
 ## Run_once (Pièges) ## Run_once (Pièges)
Ligne 221: Ligne 221:
  
  
 +## Fichiers
  
 +* Devraient être dans <role_name>/files/ (ou dans files/ si appelé directement depuis un playbook ?)
  
 +
 +
 +## Keep vaulted variables safely visible
 +
 +You should encrypt sensitive or secret variables with Ansible Vault. However, encrypting the variable names as well as the variable values makes it hard to find the source of the values. To circumvent this, you can encrypt the variables individually using ansible-vault encrypt_string, or add the following layer of indirection to keep the names of your variables accessible (by grep, for example) without exposing any secrets:
 +
 +1. Create a group_vars/ subdirectory named after the group.
 +2. Inside this subdirectory, create two files named vars and vault.
 +3. In the vars file, define all of the variables needed, including any sensitive ones.
 +4. Copy all of the sensitive variables over to the vault file and prefix these variables with vault_.
 +5. Adjust the variables in the vars file to point to the matching vault_ variables using jinja2 syntax: db_password: "{{ vault_db_password }}".
 +6. Encrypt the vault file to protect its contents.
 +7. Use the variable name from the vars file in your playbooks.
 +
 +When running a playbook, Ansible finds the variables in the unencrypted file, which pulls the sensitive variable values from the encrypted file. There is no limit to the number of variable and vault files or their names.
 +
 +Note that using this strategy in your inventory still requires all vault passwords to be available (for example for ansible-playbook or AWX/Ansible Tower) when run with that inventory.
 +
 +
 +
 +## Update in batches
 +
 +Use the serial keyword to control how many machines you update at once in the batch.
 +
 +Voir :
 +https://docs.ansible.com/projects/ansible/latest/playbook_guide/playbooks_delegation.html#playbooks-delegation
  
  
  
tech/bonnes_pratiques_ansible_-_temp.1764065228.txt.gz · Dernière modification : de Jean-Baptiste
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki