diff --git a/README.md b/README.md index c7ee7f8..2dd67c7 100644 --- a/README.md +++ b/README.md @@ -133,14 +133,26 @@ Clone this ```bash cd devops/ansible/ mkdir -p env/stage + +# Copy and edit the inventory file for your network. cp env/example/inventory.yml env/stage/inventory.yml vim env/stage/inventory.yml + +# Copy and edit the secrets for your network +cp env/example/vault.yml env/stage/vault.yml +vim env/stage/vault.yml + +# Create a vault password to encrypt your secrets with +perl -e'print join("", map { ('A'..'Z','a'..'z',0..9)[int rand 62] } ( 0 .. 128 )), "\n"' > .vault_password + +# Encrypt your secrets with the vault password +ansible-vault encrypt --vault-password-file .vault_password env/stage/vault.yml ``` -I named the configuration file `env/stage/inventory.yml`, since this will be a staging environment. I placed this in its own directory because some environment specific files will be stored in the inventory directory, and keeping seperate directories will prevent file clobbering. One should pay special attention to go through this example config file and update it with details of their network. Once this is complete, the installation should be smooth sailing with ansible. I use the following command to get everything installed. +I named the configuration file `env/stage/inventory.yml`, since this will be a staging environment. I placed this in its own directory because some environment specific files will be stored in the inventory directory, and keeping seperate directories will prevent file clobbering. One should pay special attention to go through this example config file and update it with details of their network. I updated the vault file with new passwords and then encrypted it. Once this is complete, the installation should be smooth sailing with ansible. I use the following command to get everything installed. ```bash -ansible-playbook -i env/stage/inventory.yml site.yml +ansible-playbook -i env/stage/inventory.yml --vault-password-file .vault_password -e @env/stage/vault.yml site.yml ``` This command took about two and a half hours to complete, it should largely setup the whole platform across all of the machines.