I have a group of CentOS 7 servers that I want to run a playbook against to set up audit and rsyslog. The systems are currently set up for root ssh with password. One of the later tasks will be to turn off root ssh access, but for now, just need to figure out how to use a vault password file for connection. I created a vault-pw-file with:
echo'vautl-passw'> vault-pw-file
I then created an encrypted copy of the root password with:
ansible-vault encrypt_string--vault-id my_user@~/vault-pw-file'root-password'--name'bb_root'>vault_passwd
I have in my ~/ansible.cfg:
[defaults] inventory =$HOME/hosts vault_password_file=$HOME/vault_passwd
I’m not quite following the documentation about how to actually use the vault password file. If I run:
ansible all -m debug --vault-id my_user@~/vault-pw-file
It gives me a success and “hello world” for each host. If I run:
ansible all -m ping --vault-id my_user@~/vault-pw-file
it says failed to connect to host via ssh.
Sorry, I’m just not following the vault documentation.