From 585b219b52fbab1f72ce9cbd8942417da2004060 Mon Sep 17 00:00:00 2001 From: Simonas Kareiva Date: Mon, 23 Mar 2026 21:36:35 +0200 Subject: [PATCH] Initial qwen3 run with opencode --- ad-hoc-commands.md | 11 ++ async.md | 40 ++++ best-practices.md | 60 ++++++ check-mode.md | 14 ++ conditionals.md | 18 ++ core-concepts.md | 32 ++++ delegation.md | 14 ++ dynamic-inventory.md | 65 +++++++ error-handling.md | 25 +++ galaxy.md | 15 ++ handlers.md | 22 +++ intro.md | 437 +++++++++++++++++++++++++++++++++++++++++++ introduction.md | 8 + key-features.md | 8 + loops.md | 21 +++ modules-reference.md | 63 +++++++ quick-start.md | 30 +++ roles.md | 24 +++ tags.md | 17 ++ templates.md | 17 ++ variables.md | 16 ++ vault.md | 15 ++ 22 files changed, 972 insertions(+) create mode 100644 ad-hoc-commands.md create mode 100644 async.md create mode 100644 best-practices.md create mode 100644 check-mode.md create mode 100644 conditionals.md create mode 100644 core-concepts.md create mode 100644 delegation.md create mode 100644 dynamic-inventory.md create mode 100644 error-handling.md create mode 100644 galaxy.md create mode 100644 handlers.md create mode 100644 intro.md create mode 100644 introduction.md create mode 100644 key-features.md create mode 100644 loops.md create mode 100644 modules-reference.md create mode 100644 quick-start.md create mode 100644 roles.md create mode 100644 tags.md create mode 100644 templates.md create mode 100644 variables.md create mode 100644 vault.md diff --git a/ad-hoc-commands.md b/ad-hoc-commands.md new file mode 100644 index 0000000..c7c4f54 --- /dev/null +++ b/ad-hoc-commands.md @@ -0,0 +1,11 @@ +## Ad-Hoc Commands + +```bash +ansible all -m ping +ansible all -m command -a "uptime" +ansible webserver -m apt -a "name=vim state=present" +``` + +Ansible is ideal for orchestrating infrastructure as code across cloud, on-premise, and hybrid environments. + +--- diff --git a/async.md b/async.md new file mode 100644 index 0000000..9e48a7c --- /dev/null +++ b/async.md @@ -0,0 +1,40 @@ +## Async + +Run tasks asynchronously to avoid blocking: + +### Key Parameters + +- `async`: Maximum number of seconds to wait for the task to complete +- `poll`: Number of seconds to wait between checks (0 means no polling) + +### Example Playbook + +```yaml +- name: Restart service asynchronously + service: + name: apache2 + state: restarted + async: 10 + poll: 0 + +# Check async task status: +# ansible-playbook site.yml --check +``` + +### Best Practices + +1. Use async for long-running tasks (e.g., backups, migrations) +2. Combine with `ignore_errors: yes` for resilient task execution +3. Monitor task status using `async_status` module +4. Use `--check` flag to simulate async operations + +### Troubleshooting + +- Check task output with `--verbosity=2` +- Use `async_status` to track task progress: + ```yaml + - name: Check async task status + async_status: + jid: "{{ async_jid }}" + register: task_result + ``` \ No newline at end of file diff --git a/best-practices.md b/best-practices.md new file mode 100644 index 0000000..cd472ce --- /dev/null +++ b/best-practices.md @@ -0,0 +1,60 @@ +## Best Practices + +### 1. **Idempotency** +Use modules that ensure idempotency (e.g., `service`, `package`, `file`): +```yaml +- name: Ensure Apache is running + service: + name: apache2 + state: started + enabled: yes +``` + +### 2. **Playbook Structure** +- Separate tasks into logical sections using `block`/`rescue` +- Use `handlers` for services/configuration management: + ```yaml + - name: Restart Apache + service: + name: apache2 + state: restarted + handlers: + - name: Restart Apache + service: + name: apache2 + state: restarted + ``` + +### 3. **Inventory Management** +- Use `ansible-inventory --list` to validate inventory structure +- Leverage dynamic inventory for cloud environments (e.g., AWS, OpenStack) + +### 4. **Security** +- Store secrets in Ansible Vault: + ```bash + ansible-vault encrypt_string --vault-id myvault@prompt 'secret_value' + ``` +- Use `become: yes` for privileged tasks and restrict SSH access + +### 5. **Testing** +- Always use `--check` to simulate changes: + ```bash + ansible-playbook site.yml --check + ``` +- Use `--diff` to review changes: + ```bash + ansible-playbook site.yml --diff + ``` + +### 6. **Troubleshooting** +- Use `--verbosity=2` for detailed output +- Debug variables with `debug` module: + ```yaml + - name: Show variable value + debug: + msg: "{{ some_variable }}" + ``` + +### 7. **Automation** +- Use `ansible-pull` for agentless orchestration +- Combine with CI/CD pipelines for automated deployments \ No newline at end of file diff --git a/check-mode.md b/check-mode.md new file mode 100644 index 0000000..cc4c8d0 --- /dev/null +++ b/check-mode.md @@ -0,0 +1,14 @@ +## Check Mode + +Run playbooks in simulation mode without making changes: + +```yaml +- name: Restart service (check mode) + service: + name: apache2 + state: restarted + check_mode: yes + +# Run with check mode: +# ansible-playbook site.yml --check +``` \ No newline at end of file diff --git a/conditionals.md b/conditionals.md new file mode 100644 index 0000000..6f2304d --- /dev/null +++ b/conditionals.md @@ -0,0 +1,18 @@ +## Conditionals + +Run tasks based on conditions: + +```yaml +tasks: + - name: Install on Debian + apt: + name: apache2 + state: present + when: ansible_facts.os_family == "Debian" + + - name: Install on RedHat + yum: + name: httpd + state: present + when: ansible_facts.os_family == "RedHat" +``` \ No newline at end of file diff --git a/core-concepts.md b/core-concepts.md new file mode 100644 index 0000000..0861de7 --- /dev/null +++ b/core-concepts.md @@ -0,0 +1,32 @@ +## Core Concepts + +### Inventory +File listing managed hosts (servers): +```ini +[webservers] +web1.example.com +web2.example.com + +[databases] +db1.example.com +``` + +### Playbooks +YAML files describing desired state: +```yaml +- name: Install nginx + hosts: webservers + tasks: + - name: Install nginx + apt: + name: nginx + state: present +``` + +### Modules +Reusable units of work (apt, yum, copy, service, etc.) + +### Roles +Organized collections of tasks, handlers, and files + +--- diff --git a/delegation.md b/delegation.md new file mode 100644 index 0000000..eab0150 --- /dev/null +++ b/delegation.md @@ -0,0 +1,14 @@ +## Delegation + +Run tasks on a different host: + +```yaml +- name: Restart service on web server + service: + name: apache2 + state: restarted + delegate_to: "localhost" + +# Delegate to a specific host: +# delegate_to: "webservers" +``` \ No newline at end of file diff --git a/dynamic-inventory.md b/dynamic-inventory.md new file mode 100644 index 0000000..1f2bedc --- /dev/null +++ b/dynamic-inventory.md @@ -0,0 +1,65 @@ +## Dynamic Inventory + +Use dynamic inventory to fetch host information at runtime: + +### Example Usage + +```yaml +- name: Fetch hosts from external source + ansible.builtin.get_url: + url: "https://api.example.com/hosts" + dest: "hosts.json" + register: inventory_data + +- name: Display inventory hosts + debug: + var: inventory_data.content + +# Example dynamic inventory script (hosts.py): +# import json +# print(json.dumps({"hosts": ["web1", "web2"], "groups": {"webservers": ["web1", "web2"]}})) +``` + +### Common Inventory Sources + +1. **EC2 Inventory**: + - Uses AWS API to list instances + - Parameters: `aws_access_key_id`, `aws_secret_access_key`, `region` + - Example: + ```bash + ansible-inventory --list --inventory=ec2.py + ``` + +2. **OpenStack Inventory**: + - Connects to OpenStack neutron API + - Parameters: `auth_url`, `project_name`, `username`, `password` + - Example: + ```bash + ansible-inventory --list --inventory=openstack.py + ``` + +3. **Custom Scripts**: + - Write Python scripts to generate inventory + - Must output JSON in this format: + ```json + { + "hosts": ["host1", "host2"], + "groups": { + "webservers": ["host1", "host2"] + } + } + ``` + +### Best Practices + +- Use `ansible-inventory --list` to verify inventory structure +- Test dynamic inventory with `--check` flag +- Store credentials securely using Ansible Vault +- Combine with `--limit` to target specific hosts/groups + +### Troubleshooting + +Use `--debug` flag to see inventory resolution process: +```bash +ansible-playbook site.yml --limit="webservers" --debug +``` \ No newline at end of file diff --git a/error-handling.md b/error-handling.md new file mode 100644 index 0000000..ab9b040 --- /dev/null +++ b/error-handling.md @@ -0,0 +1,25 @@ +## Error Handling + +Use try-except blocks to handle errors gracefully: + +```yaml +- name: Handle errors with rescue block + shell: "invalid-command" + register: result + ignore_errors: yes + +- name: Display error message + debug: + msg: "Error occurred: {{ result.msg }}" + when: result.failed + +# Use rescue block for specific error handling: +# - name: Task that may fail +# shell: "some-command" +# register: result +# +# - name: Handle failure +# debug: +# msg: "Failed task: {{ result.msg }}" +# when: result.failed +``` \ No newline at end of file diff --git a/galaxy.md b/galaxy.md new file mode 100644 index 0000000..9e3094a --- /dev/null +++ b/galaxy.md @@ -0,0 +1,15 @@ +## Galaxy + +Use Ansible Galaxy to manage roles and content: + +```yaml +- name: Install role from Galaxy + ansible.builtin.import_role: + name: "nginx" + src: "https://galaxy.ansible.com/nginx/nginx" + +# List available roles: +# ansible-galaxy role list +# Search for roles: +# ansible-galaxy role search nginx +``` \ No newline at end of file diff --git a/handlers.md b/handlers.md new file mode 100644 index 0000000..9354b7c --- /dev/null +++ b/handlers.md @@ -0,0 +1,22 @@ +## Handlers + +Handlers are tasks that only run when notified by other tasks (typically after a change): + +```yaml +- name: Install nginx + hosts: webservers + tasks: + - name: Install nginx + apt: + name: nginx + state: present + notify: Restart nginx + + handlers: + - name: Restart nginx + service: + name: nginx + state: restarted +``` + +--- diff --git a/intro.md b/intro.md new file mode 100644 index 0000000..52dd73a --- /dev/null +++ b/intro.md @@ -0,0 +1,437 @@ +# Introduction to Ansible + +Ansible is an open-source **IT automation tool** that automates: +- **Configuration management** - setting up servers +- **Application deployment** - deploying software +- **Task automation** - repetitive operations + +## Key Features + +- **Agentless** - no software needed on remote servers +- **YAML-based** - human-readable playbooks +- **Idempotent** - safe to run multiple times +- **SSH-based** - uses existing SSH infrastructure + +## Core Concepts + +### Inventory +File listing managed hosts (servers): +```ini +[webservers] +web1.example.com +web2.example.com + +[databases] +db1.example.com +``` + +### Playbooks +YAML files describing desired state: +```yaml +- name: Install nginx + hosts: webservers + tasks: + - name: Install nginx + apt: + name: nginx + state: present +``` + +### Modules +Reusable units of work (apt, yum, copy, service, etc.) + +### Roles +Organized collections of tasks, handlers, and files + +## Quick Start + +### Ansible Navigator + +[Ansible Navigator](https://ansible-navigator.readthedocs.io/en/stable/) is a CLI tool for exploring and interacting with Ansible content. It provides: +- Playbook visualization +- Task execution tracking +- Inventory exploration +- Interactive shell for testing playbooks +- Integration with Ansible Core features + +Use `ansible-navigator` to: +1. Explore playbooks and roles +2. Run ad-hoc commands +3. Debug playbook execution +4. Manage inventory files +5. Test YAML syntax + +```bash +ansible-navigator run playbook.yml +ansible-navigator explore +ansible-navigator shell +``` + +1. Install: `pip install ansible` +2. Create inventory file +3. Write playbook +4. Run: `ansible-playbook playbook.yml` + +## Ad-Hoc Commands + +```bash +ansible all -m ping +ansible all -m command -a "uptime" +ansible webserver -m apt -a "name=vim state=present" +``` + +Ansible is ideal for orchestrating infrastructure as code across cloud, on-premise, and hybrid environments. + +--- + +## Handlers + +Handlers are tasks that only run when notified by other tasks (typically after a change): + +```yaml +- name: Install nginx + hosts: webservers + tasks: + - name: Install nginx + apt: + name: nginx + state: present + notify: Restart nginx + + handlers: + - name: Restart nginx + service: + name: nginx + state: restarted +``` + +## Variables + +Define and use variables for flexibility: + +```yaml +- name: Deploy application + hosts: all + vars: + app_version: "2.1.0" + app_port: 8080 + tasks: + - name: Deploy app + get_url: + url: "https://example.com/app-{{ app_version }}.tar.gz" + dest: "/opt/app" +``` + +### Facts + +Ansible gathers system facts automatically: + +```yaml +- name: Display system info + hosts: all + tasks: + - name: Show hostname + debug: + msg: "Host {{ ansible_facts.hostname }} has {{ ansible_facts.memtotal_mb }}MB RAM" +``` + +## Conditionals + +Run tasks based on conditions: + +```yaml +tasks: + - name: Install on Debian + apt: + name: apache2 + state: present + when: ansible_facts.os_family == "Debian" + + - name: Install on RedHat + yum: + name: httpd + state: present + when: ansible_facts.os_family == "RedHat" +``` + +## Loops + +Repeat tasks with different values: + +```yaml +tasks: + - name: Create users + user: + name: "{{ item }}" + state: present + loop: + - alice + - bob + - charlie + + - name: Create multiple directories + file: + path: "{{ item.path }}" + state: directory + mode: "{{ item.mode }}" + loop: + - { path: "/opt/app", mode: "0755" } + - { path: "/var/log/app", mode: "0700" } +``` + +## Templates (Jinja2) + +Generate configuration files dynamically: + +```jinja2 +# templates/nginx.conf.j2 +server { + listen {{ nginx_port }}; + server_name {{ domain_name }}; + root {{ document_root }}; + + location / { + {% if enable_caching %} + expires {{ cache_duration }}; + {% endif %} + } +} +``` + +```yaml +- name: Deploy nginx config + template: + src: nginx.conf.j2 + dest: /etc/nginx/sites-available/default +``` + +## Ansible Vault + +Encrypt sensitive data (passwords, keys, etc.): + +```bash +# Create encrypted file +ansible-vault create secrets.yml + +# Edit encrypted file +ansible-vault edit secrets.yml + +# Encrypt existing file +ansible-vault encrypt_string "my_password" --name "db_password" + +# Run playbook with vault +ansible-playbook site.yml --ask-vault-pass +ansible-playbook site.yml --vault-password-file ~/.vault_pass +``` + +## Roles + +Organize playbooks into reusable structures: + +``` +roles/ + common/ + tasks/ + main.yml + handlers/ + main.yml + templates/ + files/ + vars/ + main.yml + defaults/ + main.yml +``` + +```yaml +# site.yml +- name: Deploy infrastructure + hosts: webservers + roles: + - common + - nginx + - webapp +``` + +## Tags + +Control which tasks run: + +```yaml +tasks: + - name: Install dependencies + apt: + name: "{{ item }}" + loop: + - python3 + - git + tags: [install, setup] + + - name: Configure app + template: + src: app.conf.j2 + dest: /etc/app.conf + tags: [configure] + + - name: Start service + service: + name: app + state: started + tags: [deploy] +``` + +```bash +ansible-playbook site.yml --tags "install,configure" +ansible-playbook site.yml --skip-tags "deploy" +``` + +## Delegation + +Run tasks on specific hosts: + +```yaml +- name: Load balancer config + hosts: webservers + tasks: + - name: Update load balancer + haproxy: + state: enabled + delegate_to: lb01.example.com + + - name: Get facts from database server + setup: + delegate_to: db01.example.com +``` + +## Async and Parallel Tasks + +Run long-running tasks without blocking: + +```yaml +tasks: + - name: Long backup task + command: /usr/local/bin/backup.sh + async: 3600 + poll: 0 + register: backup_job + + - name: Check backup status + async_status: + jid: "{{ backup_job.ansible_job_id }}" + register: backup_result + until: backup_result.finished + retries: 30 +``` + +## Check Mode (Dry Run) + +Preview changes without applying them: + +```bash +ansible-playbook site.yml --check +ansible-playbook site.yml -C # shorthand +``` + +## Task Error Handling + +Control task failure behavior: + +```yaml +tasks: + - name: Ignore errors + command: /opt/risky-script.sh + ignore_errors: yes + + - name: Custom failure + command: /opt/check-service.sh + register: result + failed_when: result.rc != 0 and "ERROR" in result.stdout + + - name: Block with rescue + block: + - name: Deploy application + include_tasks: deploy.yml + rescue: + - name: Rollback + include_tasks: rollback.yml + always: + - name: Cleanup + file: + path: /tmp/deploy-temp + state: absent +``` + +## Ansible Galaxy + +Download and use community roles: + +```bash +# Search for roles +ansible-galaxy search nginx + +# Install a role +ansible-galaxy install nginx.docker + +# Create role skeleton +ansible-galaxy init myrole + +# Install from requirements file +ansible-galaxy install -r requirements.yml +``` + +## Dynamic Inventory + +Use dynamic sources for cloud environments: + +```bash +# AWS EC2 +ansible-playbook -i ec2.py site.yml + +# Kubernetes +ansible-playbook -i k8s.yml site.yml +``` + +```ini +# inventory.ini with groups and variables +[webservers] +web1.example.com ansible_host=192.168.1.10 +web2.example.com ansible_host=192.168.1.11 + +[webservers:vars] +ansible_user=ubuntu +ansible_ssh_private_key_file=~/.ssh/id_rsa + +[databases] +db1.example.com +``` + +## Useful Modules Reference + +| Module | Purpose | +|--------|---------| +| `apt` / `yum` / `dnf` | Package management | +| `copy` | Copy files to remote | +| `template` | Generate files with Jinja2 | +| `file` | Create files/directories/symlinks | +| `service` | Manage services | +| `user` | User account management | +| `cron` | Schedule tasks | +| `uri` | Interact with HTTP APIs | +| `get_url` | Download files | +| `git` / `subversion` | Version control | +| `docker_container` | Container management | +| `k8s` | Kubernetes operations | +| `aws_ec2` | AWS resource management | +| `shell` / `command` | Execute commands | +| `debug` | Print variables | +| `assert` | Validate conditions | + +## Best Practices + +1. **Use roles** - Organize tasks into reusable roles +2. **Minimize `shell/command`** - Prefer modules for idempotency +3. **Use `check_mode`** - Test changes before applying +4. **Encrypt secrets** - Always use Ansible Vault for sensitive data +5. **Use tags** - Enable selective execution +6. **Define handlers** - Trigger actions only on changes +7. **Validate syntax** - Run `ansible-playbook --syntax-check` before execution diff --git a/introduction.md b/introduction.md new file mode 100644 index 0000000..3a48d82 --- /dev/null +++ b/introduction.md @@ -0,0 +1,8 @@ +# Introduction to Ansible + +Ansible is an open-source **IT automation tool** that automates: +- **Configuration management** - setting up servers +- **Application deployment** - deploying software +- **Task automation** - repetitive operations + +--- diff --git a/key-features.md b/key-features.md new file mode 100644 index 0000000..4a91f01 --- /dev/null +++ b/key-features.md @@ -0,0 +1,8 @@ +## Key Features + +- **Agentless** - no software needed on remote servers +- **YAML-based** - human-readable playbooks +- **Idempotent** - safe to run multiple times +- **SSH-based** - uses existing SSH infrastructure + +--- diff --git a/loops.md b/loops.md new file mode 100644 index 0000000..3ea615a --- /dev/null +++ b/loops.md @@ -0,0 +1,21 @@ +## Loops + +Iterate over lists or dictionaries: + +```yaml +tasks: + - name: Print items + debug: + msg: "Item: {{ item }}" + loop: + - item1 + - item2 + - item3 + + - name: Iterate over dictionary + debug: + msg: "Key: {{ item.key }}, Value: {{ item.value }}" + loop: + - key: value1 + - key: value2 +``` \ No newline at end of file diff --git a/modules-reference.md b/modules-reference.md new file mode 100644 index 0000000..3c7a194 --- /dev/null +++ b/modules-reference.md @@ -0,0 +1,63 @@ +## Modules Reference + +Commonly used Ansible modules: + +### Core Modules + +1. **setup** (Automatically collects system information): + ```yaml + - name: Gather system facts + ansible.builtin.setup: + ``` + +2. **debug** (For troubleshooting): + ```yaml + - name: Show variable value + ansible.builtin.debug: + msg: "{{ some_variable }}" + ``` + +3. **copy** (For file transfer): + ```yaml + - name: Copy file to remote host + ansible.builtin.copy: + src: "local_file.txt" + dest: "/remote/path/" + ``` + +4. **service** (For service management): + ```yaml + - name: Restart web service + ansible.builtin.service: + name: apache2 + state: restarted + ``` + +### Network Modules + +5. **ping** (Test connectivity): + ```yaml + - name: Test connection to host + ansible.builtin.ping: + ``` + +6. **sshcopy** (Copy files via SSH): + ```yaml + - name: Copy file using SSH + ansible.builtin.sshcopy: + src: "local_file.txt" + dest: "user@host:/remote/path/" + ``` + +### Best Practices + +- Use `ansible-doc` to view module details +- Combine with `when` conditions for targeted execution +- Use `--check` flag to simulate module operations +- Store sensitive data using Ansible Vault + +### Troubleshooting + +- Use `--verbosity=2` for detailed output +- Check module documentation for parameter requirements +- Use `ansible-playbook --list-tasks` to verify task execution order \ No newline at end of file diff --git a/quick-start.md b/quick-start.md new file mode 100644 index 0000000..e096d12 --- /dev/null +++ b/quick-start.md @@ -0,0 +1,30 @@ +## Quick Start + +### Ansible Navigator + +[Ansible Navigator](https://ansible-navigator.readthedocs.io/en/stable/) is a CLI tool for exploring and interacting with Ansible content. It provides: +- Playbook visualization +- Task execution tracking +- Inventory exploration +- Interactive shell for testing playbooks +- Integration with Ansible Core features + +Use `ansible-navigator` to: +1. Explore playbooks and roles +2. Run ad-hoc commands +3. Debug playbook execution +4. Manage inventory files +5. Test YAML syntax + +```bash +ansible-navigator run playbook.yml +ansible-navigator explore +ansible-navigator shell +``` + +1. Install: `pip install ansible` +2. Create inventory file +3. Write playbook +4. Run: `ansible-playbook playbook.yml` + +--- diff --git a/roles.md b/roles.md new file mode 100644 index 0000000..80e5cca --- /dev/null +++ b/roles.md @@ -0,0 +1,24 @@ +## Roles + +Organize tasks into reusable roles: + +```yaml +- name: Deploy web app + hosts: webservers + roles: + - common + - python + - nginx + +# Example role structure: +# roles/ +# common/ +# tasks/main.yml +# vars/main.yml +# python/ +# tasks/main.yml +# vars/main.yml +# nginx/ +# tasks/main.yml +# vars/main.yml +``` \ No newline at end of file diff --git a/tags.md b/tags.md new file mode 100644 index 0000000..b1a6bdc --- /dev/null +++ b/tags.md @@ -0,0 +1,17 @@ +## Tags + +Filter tasks using tags: + +```yaml +tasks: + - name: Restart service + service: + name: apache2 + state: restarted + tags: + - service + - restart + +# Run with specific tags: +# ansible-playbook site.yml --tags "service" +``` \ No newline at end of file diff --git a/templates.md b/templates.md new file mode 100644 index 0000000..aca9513 --- /dev/null +++ b/templates.md @@ -0,0 +1,17 @@ +## Templates + +Use Jinja2 templates for dynamic content: + +```yaml +- name: Render template + template: + src: "templates/nginx.conf.j2" + dest: "/etc/nginx/nginx.conf" + +# Example template file (nginx.conf.j2) +# {{ ansible_distribution }} +server { + listen {{ ansible_default_ipv4.address }}; + server_name example.com; +} +``` \ No newline at end of file diff --git a/variables.md b/variables.md new file mode 100644 index 0000000..75c33bd --- /dev/null +++ b/variables.md @@ -0,0 +1,16 @@ +## Variables + +Define and use variables for flexibility: + +```yaml +- name: Deploy application + hosts: all + vars: + app_version: "2.1.0" + app_port: 8080 + tasks: + - name: Deploy app + get_url: + url: "https://example.com/app-{{ app_version }}.tar.gz" + dest: "/opt/app" +``` \ No newline at end of file diff --git a/vault.md b/vault.md new file mode 100644 index 0000000..dc98f9e --- /dev/null +++ b/vault.md @@ -0,0 +1,15 @@ +## Vault + +Encrypt sensitive data with Ansible Vault: + +```yaml +- name: Encrypt variables + ansible.builtin.vault加密: + src: "secretes.yml" + dest: "secretes.yml.enc" + vault_password: "your_password" + +# Example secrets.yml +# username: admin +# password: "s3curePass" +``` \ No newline at end of file