Book Image

Mastering Ansible

Book Image

Mastering Ansible

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering Ansible
Nov, 2015 | 236 pages
No titles found
Table of Contents (16 chapters)
Mastering Ansible
Mastering Ansible
Credits
Credits
About the Author
About the Author
Acknowledgment
Acknowledgment
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
System Architecture and Design of Ansible
System Architecture and Design of Ansible
Ansible version and configuration
Inventory parsing and data sources
Playbook parsing
Module transport and execution
Variable types and location
Variable precedence
Summary
2
Protecting Your Secrets with Ansible
Protecting Your Secrets with Ansible
Encrypting data at rest
Protecting secrets while operating
Summary
3
Unlocking the Power of Jinja2 Templates
Unlocking the Power of Jinja2 Templates
Control structures
Data manipulation
Comparing values
Summary
4
Controlling Task Conditions
Controlling Task Conditions
Defining a failure
Defining a change
Summary
5
Composing Reusable Ansible Content with Roles
Composing Reusable Ansible Content with Roles
Task, handler, variable, and playbook include concepts
Roles
Summary
6
Minimizing Downtime with Rolling Deployments
Minimizing Downtime with Rolling Deployments
In-place upgrades
Expanding and contracting
Failing fast
Minimizing disruptions
Summary
7
Troubleshooting Ansible
Troubleshooting Ansible
Playbook logging and verbosity
Variable introspection
Debugging code execution
Summary
8
Extending Ansible
Extending Ansible
Developing modules
Developing plugins
Developing dynamic inventory plugins
Summary
Index
Index

Encrypting data at rest

As a configuration management system or an orchestration engine, Ansible has great power. In order to wield that power, it is necessary to entrust secret data to Ansible. An automated system that prompts the operator for passwords all the time is not very efficient. To maximize the power of Ansible, secret data has to be written to a file that Ansible can read and utilize the data from within.

This creates a risk though! Your secrets are sitting there on your filesystem in plain text. This is a physical and digital risk. Physically, the computer could be taken from you and pawed through for secret data. Digitally, any malicious software that can break the boundaries set upon it could read any data your user account has access to. If you utilize a source control system, the infrastructure that houses the repository is just as much at risk.

Thankfully, Ansible provides a facility to protect your data at rest. That facility is Vault, which allows for encrypting text files...

Previous Section
End of Section 2
Next Section