View createRole.hcl
vault write auth/approle/role/sa_ansible \ | |
token_num_uses=0 \ | |
token_ttl=0m \ | |
secret_id_num_uses=0 \ | |
token_no_default_policy=false \ | |
token_policies="acl_sa_ansible" |
View acl_sa_ansible.hcl
path "credentials/computers/production/*" { | |
capabilities = [ "read" ] | |
} |
View gatherFacts.yml
--- | |
- hosts: Windows | |
gather_facts: true | |
tasks: | |
- name: "What's my name again?" | |
debug: | |
msg: '{{ ansible_user }}' | |
become: yes |
View variables.yaml
--- | |
ansible_shell_type: powershell | |
ansible_become: yes | |
ansible_become_method: runas | |
ansible_become_user: Administrator | |
ansible_become_password: "{{ lookup('hashi_vault', 'secret=creds/production/{{ inventory_hostname }}:Password')}}" |
View Configure-AnsibleUser.ps1
# Variables | |
$length = 10 ## characters | |
$nonAlphaChars = 5 | |
Add-Type -AssemblyName 'System.Web' | |
# Create the user | |
$user = "sa_ansible" | |
$pass = ([System.Web.Security.Membership]::GeneratePassword($length, $nonAlphaChars)) | |
$secureString = ConvertTo-SecureString $pass -AsPlainText -Force | |
New-LocalUser -Name $user -Password $secureString |
View Install-Ssh.ps1
# Install OenSSH | |
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
# Set service to automatic and start | |
Set-Service sshd -StartupType Automatic | |
Start-Service sshd | |
# Configure PowerShell as the default shell | |
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force |
View yumUpdates.yml
--- | |
- hosts: Linux | |
gather_facts: true | |
tasks: | |
- name: Upgrade all yum packages | |
yum: | |
name: "*" | |
state: latest | |
become: yes |
View lookup.yml
--- | |
ansible_become_password: "{{ lookup('hashi_vault', 'secret=credentials/computers/production/{{ inventory_hostname }}:Password')}}" | |
ansible_become_method: su |
View injectorConfiguration.yml
env: | |
VAULT_ADDR: '{{ vault_server }}' | |
VAULT_AUTH_METHOD: approle | |
VAULT_ROLE_ID: '{{ vault_role_id }}' | |
VAULT_SECRET_ID: '{{ vault_secret_id }}' |
View inputConfiguration.yml
fields: | |
- id: vault_server | |
type: string | |
label: URL for Vault Server | |
- id: vault_role_id | |
type: string | |
label: Vault AppRole ID | |
- id: vault_secret_id | |
type: string | |
label: Vault Secret ID |
NewerOlder