When you try and do ansible-pull with vault there are two ways to get it to work
- You have to put
ANSIBLE_ASK_VAULT_PASS=Truein front of the ansible-pull - Add this to a ansible.cfg file:
[defaults]
ask_vault_pass = TrueThis is the command I currently use
ANSIBLE_ASK_VAULT_PASS=True ansible-pull -U https://github.com/thegreatestgiant/ansible.git
And when I want to use a specific playbook
ANSIBLE_ASK_VAULT_PASS=True ansible-pull -U https://github.com/thegreatestgiant/ansible.git home.yml
Try doing one of these two. For some OS's one works and the other doesn't.
sudo apt install -y pipx git
pipx install ansible-coresudo apt install -y python3-pip git
pip install ansible-coreAn alternative is putting the IP address of your server in the inventory and letting the GitHub Action take care of everything
- group_vars/all.yml
- roles/ansible_user/templates/vault.j2
- roles/ssh/templates/*
- roles/kavita/templates/rclone.j2
- roles/services/templates/rclone.j2
name: ***
user:
name: "{{ name }}"
password: "***"
home: "/home/{{ name }}"This is your vault password
This is everything you would want to put in your .ssh directory
This is the contents of my rclone.conf file which you can generate by installing rclone sudo -v ; curl https://rclone.org/install.sh | sudo bash and running rclone config
- finnish up ssh
- Do sean_user
- Link ssh to sean_user
- Add all services to services (Go and NPM I think)
- Look at the startup script for another role maybe
- Tie it all together in local.yml
- Add a github action automation
The reason I set it up is because I like to spin up a bunch of temporary linode instances. The way I use it is I put the ip address into the inventory and then it runs, and I then have to remove that ip address because it locks to my automation which runs on root.