mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Correct formatting --arguments (#31808)
* Correct formatting * Use RST :option: * ansible-pull --vault-password-file * Streamlined the language a bit in the intro. * Exclamation point removal!
This commit is contained in:
parent
9d6fd4ebcc
commit
1d86205933
3 changed files with 9 additions and 9 deletions
|
@ -52,8 +52,8 @@ The primary advantage of using ``include*`` statements is looping. When a loop i
|
||||||
|
|
||||||
Using ``include*`` does have some limitations when compared to ``import*`` statements:
|
Using ``include*`` does have some limitations when compared to ``import*`` statements:
|
||||||
|
|
||||||
* Tags which only exist inside a dynamic include will not show up in --list-tags output.
|
* Tags which only exist inside a dynamic include will not show up in ``--list-tags`` output.
|
||||||
* Tasks which only exist inside a dynamic include will not show up in --list-tasks output.
|
* Tasks which only exist inside a dynamic include will not show up in ``--list-tasks`` output.
|
||||||
* You cannot use ``notify`` to trigger a handler name which comes from inside a dynamic include (see note below).
|
* You cannot use ``notify`` to trigger a handler name which comes from inside a dynamic include (see note below).
|
||||||
* You cannot use ``--start-at-task`` to begin execution at a task inside a dynamic include.
|
* You cannot use ``--start-at-task`` to begin execution at a task inside a dynamic include.
|
||||||
|
|
||||||
|
|
|
@ -3,9 +3,9 @@ Using Vault in playbooks
|
||||||
|
|
||||||
.. contents:: Topics
|
.. contents:: Topics
|
||||||
|
|
||||||
New in Ansible 1.5, "Vault" is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles. These vault files can then be distributed or placed in source control.
|
Added in Ansible 1.5, "Vault" is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles. These vault files can then be distributed or placed in source control.
|
||||||
|
|
||||||
To enable this feature, a command line tool, `ansible-vault` is used to edit files, and a command line flag `--ask-vault-pass` or `--vault-password-file` is used. Alternately, you may specify the location of a password file or command Ansible to always prompt for the password in your ansible.cfg file. These options require no command line flag usage.
|
To enable this feature, a command line tool, :ref:`ansible-vault` is used to edit files, and a command line flag :option:`--ask-vault-pass <ansible-vault --ask-vault-pass>` or :option:`--vault-password-file <ansible-vault --vault-password-file>` is used. You can also modify your ``ansible.cfg`` file to specify the location of a password file or configure Ansible to always prompt for the password. These options require no command line flag usage.
|
||||||
|
|
||||||
For best practices advice, refer to :ref:`best_practices_for_variables_and_vaults`.
|
For best practices advice, refer to :ref:`best_practices_for_variables_and_vaults`.
|
||||||
|
|
||||||
|
@ -35,7 +35,7 @@ If you are using a script instead of a flat file, ensure that it is marked as ex
|
||||||
|
|
||||||
This is something you may wish to do if using Ansible from a continuous integration system like Jenkins.
|
This is something you may wish to do if using Ansible from a continuous integration system like Jenkins.
|
||||||
|
|
||||||
(The `--vault-password-file` option can also be used with the :ref:`ansible-pull` command if you wish, though this would require distributing the keys to your nodes, so understand the implications -- vault is more intended for push mode).
|
The :option:`--vault-password-file <ansible-pull --vault-password-file>` option can also be used with the :ref:`ansible-pull` command if you wish, though this would require distributing the keys to your nodes, so understand the implications -- vault is more intended for push mode.
|
||||||
|
|
||||||
|
|
||||||
.. _single_encrypted_variable:
|
.. _single_encrypted_variable:
|
||||||
|
@ -66,6 +66,6 @@ Using encrypt_string
|
||||||
````````````````````
|
````````````````````
|
||||||
|
|
||||||
This command will output a string in the above format ready to be included in a YAML file.
|
This command will output a string in the above format ready to be included in a YAML file.
|
||||||
The string to encrypt can be provided via stdin, command line args, or via an interactive prompt.
|
The string to encrypt can be provided via stdin, command line arguments, or via an interactive prompt.
|
||||||
|
|
||||||
See :ref:`encrypt_string_for_use_in_yaml`.
|
See :ref:`encrypt_string_for_use_in_yaml`.
|
||||||
|
|
|
@ -14,12 +14,12 @@ For best practices advice, refer to :ref:`best_practices_for_variables_and_vault
|
||||||
What Can Be Encrypted With Vault
|
What Can Be Encrypted With Vault
|
||||||
````````````````````````````````
|
````````````````````````````````
|
||||||
|
|
||||||
The vault feature can encrypt any structured data file used by Ansible. This can include "group_vars/" or "host_vars/" inventory variables, variables loaded by "include_vars" or "vars_files", or variable files passed on the ansible-playbook command line with "-e @file.yml" or "-e @file.json". Role variables and defaults are also included!
|
The vault feature can encrypt any structured data file used by Ansible. This can include "group_vars/" or "host_vars/" inventory variables, variables loaded by "include_vars" or "vars_files", or variable files passed on the ansible-playbook command line with ``-e @file.yml`` or ``-e @file.json``. Role variables and defaults are also included.
|
||||||
|
|
||||||
Ansible tasks, handlers, and so on are also data so these can be encrypted with vault as well. To hide the names of variables that you're using, you can encrypt the task files in their entirety. However, that might be a little too much and could annoy your coworkers :)
|
Ansible tasks, handlers, and so on are also data so these can be encrypted with vault as well. To hide the names of variables that you're using, you can encrypt the task files in their entirety.
|
||||||
|
|
||||||
The vault feature can also encrypt arbitrary files, even binary files. If a vault-encrypted file is
|
The vault feature can also encrypt arbitrary files, even binary files. If a vault-encrypted file is
|
||||||
given as the 'src' argument to the :ref:`copy <copy>`, :ref:`template <template>`,
|
given as the ``src`` argument to the :ref:`copy <copy>`, :ref:`template <template>`,
|
||||||
:ref:`unarchive <unarchive>`, :ref:`script <script>` or :ref:`assemble <assemble>` modules, the file will be placed at the destination on the target host decrypted (assuming a valid vault password is supplied when running the play).
|
:ref:`unarchive <unarchive>`, :ref:`script <script>` or :ref:`assemble <assemble>` modules, the file will be placed at the destination on the target host decrypted (assuming a valid vault password is supplied when running the play).
|
||||||
|
|
||||||
As of version 2.3, Ansible also supports encrypting single values inside a YAML file, using the `!vault` tag to let YAML and Ansible know it uses special processing. This feature is covered in more details below.
|
As of version 2.3, Ansible also supports encrypting single values inside a YAML file, using the `!vault` tag to let YAML and Ansible know it uses special processing. This feature is covered in more details below.
|
||||||
|
|
Loading…
Reference in a new issue