tom/sib_25_vaults
1
0
Fork 0
Code Pull Requests Releases Activity

solution

Browse Source
This commit is contained in:
Thomas Constans
2021-03-17 23:09:08 +01:00
parent 1d7cd70124
commit 1a57617bc2
4 changed files with 11 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Readme.md
View File

@@ -1,20 +0,0 @@
## Vault
*Tâche*: Sécuriser des données sensibles
*Condition*: quand on a des données / variables / mot de passe sensibles
*Norme*: en utilisant les vaults
## Pratique:
Le mot de passe protégeant l'accès au répertoire /Private est en clair dans le playbook.
Utiliser un vault pour que ce ne soit plus le cas.
## Performance
Le mot de passe n'est plus en clair dans le playbook
Proposition de solution: voir branche "solution"

5
ansible_apache_formation/tasks/apache.yml
View File

@@ -4,6 +4,9 @@
name: "{{ apache_package_name }}" name: "{{ apache_package_name }}"
state: present state: present
- name: include data in vault
include_vars: vault.yml
- name: configuration - name: configuration
notify: reload httpd notify: reload httpd
template: template:
@@ -46,7 +49,7 @@
htpasswd: htpasswd:
path: "/etc/httpd/passwd" path: "/etc/httpd/passwd"
name: tom name: tom
password: "123Soleil" password: "{{ apache_password }}""
mode: 0640 mode: 0640
owner: root owner: root
group: "apache" group: "apache"

1
ansible_apache_formation/vars/index.html Normal file
View File

@@ -0,0 +1 @@
<h1>hello World</h1>

6
ansible_apache_formation/vars/vault.yml Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
62356466386137373564343137303663633638313765383439366535306131646163333364626562
3266356338306134396364326235343236383938336632360a306231373763346632303335653030
32616265653139383338333635386461303563623661386437326339323033623162333766626130
3936366666313163350a616263646135346632336639313564643662316265333737613736666162
30636134653763353333666633316432303236343366616466333937663662623766