快速開始 - jenhaoyang/backend_blog GitHub Wiki

  1. 安裝:
  1. 官方建議使用pip install --user ansible

  2. 設定ssh登入 ssh-copy-id

3.設定host檔
https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html#action-create-a-basic-inventory

4.1使用ssh-agent fordwarding 管理密碼 A -> B -> gitlab 的ssh都有使用passphrase 開啟ssh-agent

eval $(ssh-agent)

使用ssh-agent add加入指定的pub key

ssh-add <ssh pub key file>

4.2.使用ansible-vault 加密ssh 密碼
Protecting sensitive variables with ansible-vault
https://docs.ansible.com/ansible/latest/network/getting_started/first_inventory.html#protecting-sensitive-variables-with-ansible-vault

ansible-vault encrypt_string --vault-id id_for_this_string@prompt 'some_secret_string' --name 'ansible_password'
把產生出來的密文直接貼到host裡面

apt-get install sshpass

ansible all -m ping --vault-id id_for_this_string@prompt

參考:
https://www.middlewareinventory.com/blog/ansible-git-example/
https://blog.gtwang.org/linux/using-ssh-agent-forwarding-to-avoid-being-asked-passphrase/
https://www.jeffgeerling.com/blog/2018/cloning-private-github-repositories-ansible-on-remote-server-through-ssh