Exercise 05: Ansible Vault and encrypted secrets¶
Roles with encrypted variables, variable scoping¶
1) Create a role named LocalUsers
with with defaults/main.yaml
and tasks/main.yaml
.
2) In the defaults/main.yaml
, create a dictionary variable called users
with usernames and password properties. Use Ansible Vault to encrypt the password.
hint:
ansible-vault encrypt_string [my-text-string] --ask-vault-pass
hint 2: link
3) Use win_user
and create some users and give them remote desktop permissions (use the usernames and passwords from the previous bullet) to create these.
hint: groups: Remote Desktop Users
, link
hint2: Avoid leaking passwords in clear text with no_log: true
4) Log on to the server with one of the new users.
5) Override the users
variable in group_vars/windows.yaml
with new usernames and passwords.