OK, mamy super tajny plik z hasłami, który trzeba zaszyfrować:
$ cat test.yml
foo: bar
Generujemy hasło (w dobrym tonie może być dodać plik z hasłem do .gitignore) i szyfrujemy:
$ pwgen 20 1 > vault.passwd
#!/usr/bin/env python | |
# | |
# (c) Krzysztof Magosa | |
# License: MIT | |
# Use at your own risk. | |
# | |
# https://gist.github.com/krzysztof-magosa/d9d96c8864a20dc3b47fd1eee1cfcc4f | |
# |
- name: Elasticsearch with custom configuration | |
hosts: localhost | |
roles: | |
#expand to all available parameters | |
- role: elasticsearch | |
es_instance_name: "node1" | |
es_data_dirs: "/opt/elasticsearch/data" | |
es_log_dir: "/opt/elasticsearch/logs" | |
es_work_dir: "/opt/elasticsearch/temp" | |
es_config: |
ruby_versions: | |
- 1.9.3-p551 | |
- 2.0.0-p647 | |
- 2.1.7 | |
- 2.2.3 | |
ruby_gems: | |
- bundler | |
- rake | |
- rubocop |
- name: Install ruby gems | |
gem: name="{{ item[0] }}" executable=~/.rbenv/shims/gem user_install=no | |
notify: rehash rbenv | |
environment: | |
RBENV_VERSION: "{{ item[1] }}" | |
tags: | |
- ruby | |
with_nested: | |
- ruby_gems | |
- ruby_versions |