Rework portfolio around Linux operations, Zabbix monitoring, migration validation, and ELK/Grafana log observability. Add AAP-style LVM resize workflow, Zabbix server/proxy/agent automation assets, Linux/AIX monitoring templates, and updated validation CI.
This commit is contained in:
Mateusz Suski
@@ -0,0 +1,43 @@
|
||||
# Vault Configuration Guide
|
||||
|
||||
## Overview
|
||||
|
||||
The current portfolio demo does not require Ansible Vault for `make test` or `make demo`. Secrets are intentionally kept out of the main validation path so reviewers can run the project offline.
|
||||
|
||||
Use Vault only when extending the simulator to manage real hosts or credentials.
|
||||
|
||||
## Recommended Pattern
|
||||
|
||||
1. Start from the example file:
|
||||
|
||||
```bash
|
||||
cp group_vars/vault.example.yml group_vars/vault.yml
|
||||
```
|
||||
|
||||
2. Replace placeholder values locally.
|
||||
|
||||
3. Encrypt the file before using it with real systems:
|
||||
|
||||
```bash
|
||||
ansible-vault encrypt group_vars/vault.yml
|
||||
```
|
||||
|
||||
4. Do not commit real secret values. Keep `group_vars/vault.example.yml` as the committed reference.
|
||||
|
||||
## Running With Vault
|
||||
|
||||
```bash
|
||||
ansible-playbook -i inventory/hosts.ini playbooks/provision.yml --ask-vault-pass
|
||||
```
|
||||
|
||||
or:
|
||||
|
||||
```bash
|
||||
ansible-playbook -i inventory/hosts.ini playbooks/provision.yml --vault-password-file ~/.vault_pass.txt
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
||||
- The delivered playbooks do not import a vault file by default.
|
||||
- Add `vars_files` only in an environment-specific branch or private overlay.
|
||||
- Prefer a secret manager or automation controller for production use.
|
||||
Reference in New Issue
Block a user