Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:
Building clouds

Mark Brookfield virtualhobbit

:octocat:
Building clouds
View GitHub Profile
View createRole.hcl
vault write auth/approle/role/sa_ansible \
token_num_uses=0 \
token_ttl=0m \
secret_id_num_uses=0 \
token_no_default_policy=false \
token_policies="acl_sa_ansible"
View acl_sa_ansible.hcl
path "credentials/computers/production/*" {
capabilities = [ "read" ]
}
View gatherFacts.yml
---
- hosts: Windows
gather_facts: true
tasks:
- name: "What's my name again?"
debug:
msg: '{{ ansible_user }}'
become: yes
View variables.yaml
---
ansible_shell_type: powershell
ansible_become: yes
ansible_become_method: runas
ansible_become_user: Administrator
ansible_become_password: "{{ lookup('hashi_vault', 'secret=creds/production/{{ inventory_hostname }}:Password')}}"
View Configure-AnsibleUser.ps1
# Variables
$length = 10 ## characters
$nonAlphaChars = 5
Add-Type -AssemblyName 'System.Web'
# Create the user
$user = "sa_ansible"
$pass = ([System.Web.Security.Membership]::GeneratePassword($length, $nonAlphaChars))
$secureString = ConvertTo-SecureString $pass -AsPlainText -Force
New-LocalUser -Name $user -Password $secureString
View Install-Ssh.ps1
# Install OenSSH
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# Set service to automatic and start
Set-Service sshd -StartupType Automatic
Start-Service sshd
# Configure PowerShell as the default shell
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
View yumUpdates.yml
---
- hosts: Linux
gather_facts: true
tasks:
- name: Upgrade all yum packages
yum:
name: "*"
state: latest
become: yes
View lookup.yml
---
ansible_become_password: "{{ lookup('hashi_vault', 'secret=credentials/computers/production/{{ inventory_hostname }}:Password')}}"
ansible_become_method: su
View injectorConfiguration.yml
env:
VAULT_ADDR: '{{ vault_server }}'
VAULT_AUTH_METHOD: approle
VAULT_ROLE_ID: '{{ vault_role_id }}'
VAULT_SECRET_ID: '{{ vault_secret_id }}'
View inputConfiguration.yml
fields:
- id: vault_server
type: string
label: URL for Vault Server
- id: vault_role_id
type: string
label: Vault AppRole ID
- id: vault_secret_id
type: string
label: Vault Secret ID