Lab 2 - Securing and Passing Credentials¶

Task 1 - Create Vault for Credentials¶

1. Create a vault creds.yaml.

   • Type ansible-vault create creds.yaml

     Use create to create the initial files that will be vault encrypted. Vault will prompt you for a password. For the purposes of this lab enter password . It will then open up a text editor (vi) for you to write data to it. Data of any form can be written, but text is usually the format that is used.

   • Type i then enter the following in the editor.

       bigip_user: "admin"
       bigip_pass: "admin"
     
     Type ``esc key`` then ``:wq`` to save and quit the editor, the file will
     automatically be encrypted for you.
     

   • Type cat creds.yaml to ensure file is encrypted.

     If successful, you should see similar results

     

2. Copy playbooks/cmd.yaml to playbooks/cmd1.yaml and modify.

   • Type cp playbooks/cmd.yaml playbooks/cmd1.yaml

   • Type nano playbooks/cmd1.yaml

     ---
     
     - name: "Run a tmsh command"
       hosts: bigips
       gather_facts: False
       connection: local
     
       vars:
         validate_certs: no
         server: 10.1.1.245
         username: "{{ bigip_user }}"
         password: "{{ bigip_pass }}"
     
       tasks:
         - name: View system version and LTM configuration
           bigip_command:
             commands:
               - list /ltm virtual all
               - list /ltm pool all
               - list /ltm node all
             server: "{{ server }}"
             password: "{{ password }}"
             user: "{{ username }}"
             validate_certs: "{{ validate_certs }}"
           register: result
     
         - debug: msg="{{ result.stdout_lines }}"
     

3. Run this playbook.

   • Type ansible-playbook playbooks/cmd1.yml -e @creds.yaml --ask-vault-pass

     You will be prompted for vault password before executing the playbook. If successful, you should see config for virtual servers, pools and nodes.