debops.secret role enables you to have a separate directory on the Ansible
Controller (different than the playbook directory and inventory directory)
which can be used as a handy "workspace" for other roles.
Some usage examples of this role in DebOps include:
-
password lookups, either from current role, or using known location of passwords from other roles, usually dependencies (for example
debops.mariadbrole can manage an user account in the database with random password and other role can lookup that password to include in a generated configuration file); -
secure file storage, for example for application keys generated on remote hosts (
debops.boxbackuprole retrieves client keys for backup purposes), for that reason secret directory should be protected by an external means, for example encrypted filesystem (currently there is no encryption provided by default); -
secure workspace (
debops.boxbackuprole, again, uses the secret directory to create and manage Root CA for backup servers – client and server certificates are automatically downloaded to Ansible Controller, signed and uploaded to destination hosts); -
simple centralized backup (specific roles like
debops.sshd,debops.pkianddebops.monkeyspherehave separate task lists that are invoked by custom playbooks to allow backup and restoration of ssh host keys and SSL certificates. Generated .tar.gz files are kept on Ansible Controller in secret directory).
This role requires at least Ansible v2.0.0. To install it, run:
ansible-galaxy install debops.secretMore information about debops.secret can be found in the
official debops.secret documentation.
You may need to include missing roles from the DebOps common playbook into your playbook.
Try DebOps now for a complete solution to run your Debian-based infrastructure.
License: GPLv3
This role is part of DebOps. README generated by ansigenome.