AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : import_vm_vdi_qcow2 note_ipfs supervision_-_sonde_nagios_-_memoire_linux generer_un_mot_de_passe
tech:bonnes_pratiques_ansible_-_temp

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
tech:bonnes_pratiques_ansible_-_temp [2025/11/25 12:47] – modification externe 127.0.0.1tech:bonnes_pratiques_ansible_-_temp [2025/12/02 11:47] (Version actuelle) Jean-Baptiste
Ligne 4: Ligne 4:
 # Bonnes pratiques Ansible - temp # Bonnes pratiques Ansible - temp
  
 +Follow Consistent Naming: Use descriptive names for playbooks to indicate their purpose, e.g., deploy_app.yml
  
 ## Run_once (Pièges) ## Run_once (Pièges)
Ligne 226: Ligne 226:
  
  
 +
 +## Keep vaulted variables safely visible
 +
 +You should encrypt sensitive or secret variables with Ansible Vault. However, encrypting the variable names as well as the variable values makes it hard to find the source of the values. To circumvent this, you can encrypt the variables individually using ansible-vault encrypt_string, or add the following layer of indirection to keep the names of your variables accessible (by grep, for example) without exposing any secrets:
 +
 +1. Create a group_vars/ subdirectory named after the group.
 +2. Inside this subdirectory, create two files named vars and vault.
 +3. In the vars file, define all of the variables needed, including any sensitive ones.
 +4. Copy all of the sensitive variables over to the vault file and prefix these variables with vault_.
 +5. Adjust the variables in the vars file to point to the matching vault_ variables using jinja2 syntax: db_password: "{{ vault_db_password }}".
 +6. Encrypt the vault file to protect its contents.
 +7. Use the variable name from the vars file in your playbooks.
 +
 +When running a playbook, Ansible finds the variables in the unencrypted file, which pulls the sensitive variable values from the encrypted file. There is no limit to the number of variable and vault files or their names.
 +
 +Note that using this strategy in your inventory still requires all vault passwords to be available (for example for ansible-playbook or AWX/Ansible Tower) when run with that inventory.
 +
 +
 +
 +## Update in batches
 +
 +Use the serial keyword to control how many machines you update at once in the batch.
 +
 +Voir :
 +https://docs.ansible.com/projects/ansible/latest/playbook_guide/playbooks_delegation.html#playbooks-delegation
  
  
  
tech/bonnes_pratiques_ansible_-_temp.1764071260.txt.gz · Dernière modification : de 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki