From ea28d377ca1485d353d23b09852381988cc89a4e Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 31 Mar 2017 04:50:32 +0200 Subject: [PATCH] added basic infra for ansible playbooks and roles --- README-vault | 11 +++++++++++ ansible.cfg | 13 +++++++++++++ hosts | 24 ++++++++++++++++++++++++ log | 1 + open-vault.sh | 3 +++ secrets/dummy.yaml | 6 ++++++ vault-pass.gpg | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 110 insertions(+) create mode 100644 README-vault create mode 100644 ansible.cfg create mode 100644 hosts create mode 100644 log create mode 100755 open-vault.sh create mode 100644 secrets/dummy.yaml create mode 100644 vault-pass.gpg diff --git a/README-vault b/README-vault new file mode 100644 index 0000000..0e09ec0 --- /dev/null +++ b/README-vault @@ -0,0 +1,11 @@ +Creating key: + pwgen -s 128 -1 | gpg2 -e -a -o vault-pass.gpg + +Reencrypt for new set of keys: + ./open-vault.sh | gpg2 -e -a -o vault-pass.gpg + +Create a new vault file: + ansible-vault create secrets/foo.yaml + +Edit a vault file: + ansible-vault edit secrets/foo.yaml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..09bd8fe --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,13 @@ +[defaults] +inventory = ./hosts +remote_user = root +log_path = ./log +nocows=1 +vault_password_file = ./open-vault.sh + +gathering = smart +var_compression_level = 9 + +[ssh_connection] +pipelining = True +ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s diff --git a/hosts b/hosts new file mode 100644 index 0000000..2f4919d --- /dev/null +++ b/hosts @@ -0,0 +1,24 @@ +[baremetalservers] +alfred + +[kvmhosts] +alfred + +[virtualservers] +athsdisc +calendar +ctf +entrance +galley +hacksch +r3home +tickets +tools + +[servers:children] +baremetalservers +virtualservers + + +[desktops] +wuerfel diff --git a/log b/log new file mode 100644 index 0000000..cd521ee --- /dev/null +++ b/log @@ -0,0 +1 @@ +2017-03-31 04:46:19,866 p=15260 u=equinox | ERROR! Missing target hosts diff --git a/open-vault.sh b/open-vault.sh new file mode 100755 index 0000000..9490484 --- /dev/null +++ b/open-vault.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec gpg2 --decrypt --batch < "${BASH_SOURCE%/*}/vault-pass.gpg" 2> /dev/null diff --git a/secrets/dummy.yaml b/secrets/dummy.yaml new file mode 100644 index 0000000..8c5c6b1 --- /dev/null +++ b/secrets/dummy.yaml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +61386232386136363036383864626534633964363664303338326562386239643134376563613434 +3133616561366134623038663730356435353564623637640a656561653961343861623932343733 +38346565303536373235646537623766663737363331663333623266633234363764653734343037 +6364616234396665380a356235623063383936303033313436626234663261363164343436353266 +6262 diff --git a/vault-pass.gpg b/vault-pass.gpg new file mode 100644 index 0000000..d333e16 --- /dev/null +++ b/vault-pass.gpg @@ -0,0 +1,52 @@ +-----BEGIN PGP MESSAGE----- + +hQIMA+Qd5U24qffPAQ//d9gulPUkndUq2aen6WpLeyNqmM0EQK+1Vc20e3sKAmQW +6W1TCt7BIWj13Lmv5D0capuyLXYKrWxGLPazIDcvd6UvBGjvfnCdSecZJDhzQVtH +ijurbkNjlfnzdVKv6pHRi3NA0/VXyKu4KlpaJxD56qWnB+y+OINESax7Nnbg0Crg +kwI+/7b56lElBY2e1HFFE71ARsgx9NGuGh3ZLem4qv3uzbdo7PygKijc1udfBmpO +3K94w3GSI0rahtGkU36JnbIXdqce8cEAtU13ThDXkIPcFtGy4o8B62G1EIB+MgzR +wWYUJrCx4mZ9k+5EIEO3zjn4wPcOwibVuuxhG+mWVjbtUo5I4EeGn/cklwJ9ERe0 +Q+WeEws4RYiItq0mk0vS+arNUmUqtL7/OCum8kZsqze4bQ9/95GlYNB71Q1GsWoN +kHeaqJw+koh3BrsQcw8CaUc/XVHXesl9A2feXtQnbd3FQtPSdVgWQ3Fq88XO/T3+ +Rmk+1QIrCg/4j6XGSHRMuHm3V6F/WyuvQOE/G9wZpdbmlJf9BVkCHjH6Iciuslp8 +kzh8YyV6bizghdBfD5AVcYCeLUPBRJ+Dn/PGxJ7HbpWK6t7J9MogFYfoOR0TbO2D +y03ksCF7tFW1QJfUkd5oCiN/+c/0iWqZ9T6qT71RdbaKRffWcTDJPsHSz4hQP9CF +AgwDsut2TczGUykBEACNYXA+eM6C9DARNPttNnqMGgOCpwYPLgAHPnv9iYC0KiWV +fgkE4683cVwOBWgp60i9oqXc6FsHtL1R3nxXmfjNxUBrvRRtqiAZgA0ksL2CC0BJ +1ePjBwkdS72YRdjBmn666Bg9wmZFyWbns9uLdfI6RdxQoWj0NwK6JIeebGu1HUvY +s1ZCWOjO6zn5uYayOxQKGTCTJjAe/ydPdP9MUxlenKWbloozwMtfTyIUh4A6dcSc +M+CzkO7gybsFyktWYQjF+1X/KgFYOfwyflm4amrDGxxi+Xsq0JUeuccvt48+X5J/ +KKuPmRmQqv+Tl0aIGrH+FHWRMcpWvRU+f+GUk3nAPYFgHOAM6IiNzi1T7ScQ+1li +VoSTShR+UDnL17kV5gxVrT4tYc8/2EO+dyrGeeAGoBobg1Juc4fRWJQsnoLIOIsq +5I7tX7rwIy5meMu314rYDoV0ZKXG76IgD+fH1tdOkElWhYfwWGU9Fo8cyPtFIFof +PJGkzgvCaPkEXzn/+dR2/4cKakDy1oZBNck6K6SkEv0Be0GrNQCFUP/3ztCK0dgR +KeOBu7FHiHn2tHB5yj92bbRvcQjZT0bNvLRilIlhuYvwKgPwGZCjyw5gKSTlKNDz +45/2CdzubAi0nRuAMxrJiSMGXs53L0oWPsjYaHUNmc8s1ftpxWsVMO5z2ntKjIUC +DAOvXK62loKnywEP/i2TbiZ7CbTU8IOuMWyfYOMAJ6WBIn+B9MmQ5DRVHejWCspW +UaPTIQy4jzCNyLjGKm5faSd8dICHxRVxoi/v6brSr8P8XMheooBbUWF+dylC9bFj +W4F4Np0X56I3itIvy3i5Ga7csgeMHJhQHEHP90cOv2Bm1K4L44SllN0/Us5sHmkN +67saPVFQRv+wgdU0dOCNoguI2vRw9hNkiRwdBvAZZWykuFBsjQIFYTo9GbFqYRha +XL2ZfIYRt6lf+k10dQkjGyvD1puMAZ7SFM0Y9RUFDN7dO94EIgDbqkhnWgQHiWj4 +zh2CErQ2x32xqjBtnAI55L0J8f8SW/AdkPPxweW7OTk6Ef3OVBLvAVrm0G+Jb+xn +BYjFSmC1F2qgjTXUFXrN+oCeXD9bMJKvHpjHawqZGiZqEFOlnxZIH63VfEWGmqa2 +MbTZW31gCT8XWWG7bTcP7SPewZYANVG2M+wGiAz110yOFfKFLivspZZgyGbuR/4j +0K2Nqk71RZ5tGRIthy+G/p0TenMxZTGy5mGuRiZTTyxbyoN6WpopiMLoH/Nx6Sjd +PgLYDHkgkY3TooVMEKMBr2Ps/N6ZvbD4up4vUfRojssFT+wuoqOBan3NEuTL/OO0 +XGDB9RYsgnqWGa88Dw0t6byQcPU1hy5f5kQ4/qMnURbDLPnmZAK1RBGW0CNEhQIM +A5935MibhBNKAQ//QgAHUP1sq2zFWO1+aMDSCt2breoG6puE6SMAW908kAuXTzif +GPswr7P31qeGEOkBrXI3N/YItmuO+6bcG/KmIOxYXSuX0kgD/POVi2vNs3pMD5/e +74aiu5IgRF8aP3BpfngvSYNwJMnDB541sWkS4s6FY2ipYe75dxhuWJxPZhCKmH3B +TPH90qokZCVScLM9pOgCQ1J7xCkeGHvy6NkJ9k+LQVeD/JV1As4M88CNgQ1YDwXs +hGZuwUBNsjlGZlrWvUONouHwQ0leRuT6yy3QnpCv4yYAJ2icG4xlyY3Zvw0uFO+7 +y8FW6Dzb9SUqxNdw2kBvpbPdyAkJG7nIgVD+aosh+Zh6JrWwK1OrDVHu4gkhKn0z +dtcYSLSYRQfpbKcrwnR+Up3eFeIs9yJ0hoIanFbjNBeCpr8uXovhO8TQ4Cjj23bu +xiv1t/g9QLgbsqZ0pXZyp/I8wRxdQ8Hpb7f82Ygx4ySDbEz4YIsi2CbasQpRO01x +E6vRoh5Pl0VHD7yJKIp+dDRo555/pWMQF2lZuMj5pmlU7cTvg9+wwDljEftSkx8y +264bNK/ZZRtitkEQMs4Xc9OSTyLv5QNqeAP+pz9etVbaTApbNVc8mhzHrYIPih4e +4tLnRB8CdOG4r5FaF4tDm7yA257I1rE8COLbikxWtugfaLgrTHI628Z+UUPSvAFT +DqgwzEEINcDIuksyKhcaamDVVuwkvxjOIeID4pqtNwcfbzpcbWQfKGpA25BNqy4o +H6IDpj1EyCaPifbO1tVxH7n+Cs/Innyl0WYiuFPL/7a9fHeyhUo44xPSs5B3Iowm +VCmpLAhr5rHC60gccITT34VOQ9/l/1NItgI6dz5AxUXwzaadEINGwzqIYOK2bqFl +1eok+Pt8cFZP+FB3F8Nhz5V9xms08lDWf+8XDrgJfAkcuHF7hWV4/SB7 +=1RgH +-----END PGP MESSAGE----- -- 1.7.10.4